Hi Dimuthu,
Attached is a sample plugin showing this.
I note you seem to be iterating the creditors and constructing a query to get the alternate account number - you don't need to use a SQL query to get the creditor AlternateAccountNo, as it is exposed in the object model now.
- Code: Select all
Public Sub SaveStart(sender As Object, e As System.EventArgs)
Dim chequepayment As JiwaCreditorChqPay.CreditorChequePayment = DirectCast(sender, JiwaCreditorChqPay.CreditorChequePayment)
For Each creditor As JiwaCreditorChqPay.Creditor In chequepayment.Creditors
' creditor.Creditor.CreditorID <-- this is the creditorID
' creditor.Creditor.AccountNo <-- We also have access to many other properties of the creditor, like AccountNo and AlternateAccountNo
Next
End Sub
I also note your construction of your SQL query is using string concatenation. The recommended method is to now use parameterised queries, so instead of:
- Code: Select all
SQL = "select AltAccountNo from CR_Main where CreditorID = '" & Trim(lCreditor.CreditorID) & "'"
We recommend:
- Code: Select all
Dim SQLReader As SqlDataReader = Nothing
Dim SQLParam As SqlParameter = Nothing
Dim SQL As String = "SELECT TOP 1 AltAccountNo FROM CR_Main WHERE CreditorID = @CreditorID"
With JiwaApplication.Manager.Instance.Database
Using SQLCmd As SqlCommand = New SqlCommand(Sql, .SQLConnection, .SQLTransaction)
SQLParam = New SqlParameter("@CreditorID", System.Data.SqlDbType.Char)
SQLParam.Value = creditor.Creditor.CreditorID
SQLCmd.Parameters.Add(SQLParam)
SQLReader = SQLCmd.ExecuteReader()
If SQLReader.Read = True Then
Dim AltAccountNo As String = .Sanitise(SQLReader, "AltAccountNo ")
Else
Throw New JiwaApplication.Exceptions.RecordNotFoundException("creditor record not found.")
End If
SQLReader.Close()
End Using
End With
The parameterised query will protect you from
SQL Injection.
Mike