openerp-dev team mailing list archive
-
openerp-dev team
-
Mailing list archive
-
Message #00009
Re: Search Method and SQL Injections
> We can rewrite the query with the search method and with this way, avoid the sql query and the code is readable.
> Example:
>
> journal_obj = self.pool.get('account.journal')
> journal_ids = journal_obj.search(cr, uid,
> [('auto_cash', '=', True),
> ('type', '=', 'cash'),
> ('id', 'in', j_ids)])
>
> for journal in journal_obj(cr, uid, journal_ids):
> # do something
Forgot the 'browse' method.
Stéphane
--
Stephane Wirtel - "As OpenERP is OpenSource, please feel free to contribute."
Quality/Release Manager
Technical Project Manager
OpenERP S.A.
Chaussee de Namur, 40
B-1367 Grand-Rosière
Tel: +32.81.81.37.00
Web: http://www.openerp.com
Planet: http://www.openerp.com/planet/
Blog: http://stephane-wirtel-at-tiny.blogspot.com
begin:vcard
fn;quoted-printable:St=C3=A9phane Wirtel
n;quoted-printable:Wirtel;St=C3=A9phane
org:OpenERP S.A.
adr;quoted-printable;quoted-printable:;;Chauss=C3=A9e de Namur, 40;Grand-Rosi=C3=A8re;;1367;Belgium
email;internet:stw@xxxxxxxxxxx
title:Developer
tel;work:+32.81.81.37.00
note;quoted-printable:OpenERP is an Open Source enterprise management software=0D=0A=
=0D=0A=
http://www.openerp.com
url:http://www.openerp.com
version:2.1
end:vcard
References