[imp] report_account: use bound parameters instead of string formatting in report_rec...

author Xavier Morel <xmo@tinyerp.com>

Tue, 23 Feb 2010 14:18:17 +0000 (15:18 +0100)

committer Xavier Morel <xmo@tinyerp.com>

Tue, 23 Feb 2010 14:18:17 +0000 (15:18 +0100)
author Xavier Morel <xmo@tinyerp.com>
Tue, 23 Feb 2010 14:18:17 +0000 (15:18 +0100)
committer Xavier Morel <xmo@tinyerp.com>
Tue, 23 Feb 2010 14:18:17 +0000 (15:18 +0100)
diff --git a/addons/report_account/report_receivable.py b/addons/report_account/report_receivable.py

index e7da923..7bab6ea 100644 (file)
--- a/addons/report_account/report_receivable.py
+++ b/addons/report_account/report_receivable.py
@@ -105,9 +105,9 @@ class report_aged_receivable(osv.osv):
             date1,date2 = period['name'].split(' to ')
             query = "SELECT SUM(credit-debit) FROM account_move_line AS line, account_account as ac  \
                          WHERE (line.account_id=ac.id) AND ac.type='receivable' \
-                            AND (COALESCE(line.date,date) BETWEEN '%s' AND  '%s') \
-                            AND (reconcile_id IS NULL) AND ac.active"%(str(date2),str(date1))
-           cr.execute(query)
+                            AND (COALESCE(line.date,date) BETWEEN %s AND  %s) \
+                            AND (reconcile_id IS NULL) AND ac.active"
+           cr.execute(query, (date2, date1))
             amount = cr.fetchone()
             amount = amount[0] or 0.00
             res[period['id']] = amount
author	Xavier Morel <xmo@tinyerp.com>
	Tue, 23 Feb 2010 14:18:17 +0000 (15:18 +0100)
committer	Xavier Morel <xmo@tinyerp.com>
	Tue, 23 Feb 2010 14:18:17 +0000 (15:18 +0100)