FinCommon.java - changes done to make sql queries parameterized

git-svn-id: http://15.206.35.175/svn/proteus/business-java/trunk@198729 ce508802-f39f-4f6c-b175-0d175dae99d5

FinCommon.java - changes done to make sql queries parameterized
git-svn-id: http://15.206.35.175/svn/proteus/business-java/trunk@198729 ce508802-f39f-4f6c-b175-0d175dae99d5
4b15d72e · vvengurlekar · 9f228f12 · 4b15d72e
Commit 4b15d72e authored Mar 25, 2019 by vvengurlekar
Hide whitespace changes
Inline Side-by-side

Showing with 283 additions and 141 deletions

webitm-fin/ibase/webitm/ejb/fin/FinCommon.java webitm-fin/ibase/webitm/ejb/fin/FinCommon.java +283 -141

No files found.
--- a/webitm-fin/ibase/webitm/ejb/fin/FinCommon.java
+++ b/webitm-fin/ibase/webitm/ejb/fin/FinCommon.java
@@ -13825,7 +13825,8 @@ public class FinCommon
 		String sql = null;
 		PreparedStatement pstmt = null;
 		ResultSet rs = null;
-		
+		//Changed by Varsha V on 22-03-19 to make query parameterised--[START]
+		String emptyVal = " ";
 		System.out.println("In getAcctDetrTtype --> purpose :: " + purpose + " itemCode :: " + itemCode);
 		System.out.println(" itemSer :: " + itemSer + " tranType :: " + tranType);
 		try
@@ -13833,12 +13834,17 @@ public class FinCommon
 			if (purpose.equalsIgnoreCase("D-ISS"))
 			{
 				sql = "select acct_code__iss,cctr_code__iss  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = '" + itemCode + "' "
-					  +" and item_ser = '" + itemSer + "' "
-					  +" and tran_type = '" + tranType + "' ";
+				      +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 				pstmt = conn.prepareStatement(sql);
+				pstmt.setString(1, siteCodeFrom);
+				pstmt.setString(2, siteCodeTo);
+				pstmt.setString(3, itemCode);
+				pstmt.setString(4, itemSer);
+				pstmt.setString(5, tranType);
 				rs = pstmt.executeQuery();
 				if (rs.next())
 				{
@@ -13852,12 +13858,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__iss,cctr_code__iss  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	 "
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = '" + itemCode + "' "
-					  +" and item_ser = ' ' "
-					  +" and tran_type = '" + tranType + "' ";
+				      +" WHERE site_code__from = ?  "
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, itemCode);
+					pstmt.setString(4, emptyVal);
+					pstmt.setString(5, tranType);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -13872,12 +13883,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__iss,cctr_code__iss  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	 "
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = '" + itemCode + "' "
-					  +" and item_ser = ' ' "
-					  +" and tran_type = ' ' ";
+				      +" WHERE site_code__from = ?	 "
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, itemCode);
+					pstmt.setString(4, emptyVal);
+					pstmt.setString(5, emptyVal);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -13892,12 +13908,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__iss,cctr_code__iss  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "' "
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = ' ' "
-					  +" and item_ser = '"+itemSer+"'  "
-					  +" and tran_type = '"+tranType+"' ";
+				      +" WHERE site_code__from = ? "
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ?  "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, emptyVal);
+					pstmt.setString(4, itemSer);
+					pstmt.setString(5, tranType);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -13912,12 +13933,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__iss,cctr_code__iss  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = ' ' "
-					  +" and item_ser = '"+itemSer+"'  "
-					  +" and tran_type = ' ' ";
+				      +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ?  "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, emptyVal);
+					pstmt.setString(4, itemSer);
+					pstmt.setString(5, emptyVal);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -13932,10 +13958,13 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__iss,cctr_code__iss  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	 "
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_ser = '"+itemSer+"'  "  ;
+				      +" WHERE site_code__from = ?	 "
+					  +" and site_code__to = ? "
+					  +" and item_ser = ?  "  ;
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, itemSer);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -13951,12 +13980,17 @@ public class FinCommon
 			if (purpose.equalsIgnoreCase("D-RCP"))
 			{
 				sql = "select acct_code__rcp,cctr_code__rcp  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	 "
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = '" + itemCode + "' "
-					  +" and item_ser = '" + itemSer + "' "
-					  +" and tran_type = '" + tranType + "' ";
+				      +" WHERE site_code__from = ?	 "
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 				pstmt = conn.prepareStatement(sql);
+				pstmt.setString(1, siteCodeFrom);
+				pstmt.setString(2, siteCodeTo);
+				pstmt.setString(3, itemCode);
+				pstmt.setString(4, itemSer);
+				pstmt.setString(5, tranType);
 				rs = pstmt.executeQuery();
 				if (rs.next())
 				{
@@ -13970,12 +14004,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__rcp,cctr_code__rcp  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = '" + itemCode + "' "
-					  +" and item_ser = ' ' "
-					  +" and tran_type = '" + tranType + "' ";
+				      +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, itemCode);
+					pstmt.setString(4, emptyVal);
+					pstmt.setString(5, tranType);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -13990,12 +14029,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__rcp,cctr_code__rcp  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = '" + itemCode + "' "
-					  +" and item_ser = ' ' "
-					  +" and tran_type = ' ' ";
+				      +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, itemCode);
+					pstmt.setString(4, emptyVal);
+					pstmt.setString(5, emptyVal);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14010,12 +14054,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__rcp,cctr_code__rcp  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	 "
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = ' ' "
-					  +" and item_ser = '" + itemSer + "' "
-					  +" and tran_type = '" + tranType + "' ";
+				      +" WHERE site_code__from = ?	 "
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, emptyVal);
+					pstmt.setString(4, itemSer);
+					pstmt.setString(5, tranType);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14030,12 +14079,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__rcp,cctr_code__rcp  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	 "
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = ' ' "
-					  +" and item_ser = '" + itemSer + "' "
-					  +" and tran_type = ' ' ";
+				      +" WHERE site_code__from = ?	 "
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, emptyVal);
+					pstmt.setString(4, itemSer);
+					pstmt.setString(5, emptyVal);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14050,10 +14104,13 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__rcp,cctr_code__rcp  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	 "
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_ser = '" + itemSer + "' "  ;
+				      +" WHERE site_code__from = ?	 "
+					  +" and site_code__to = ? "
+					  +" and item_ser = ? "  ;
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, itemSer);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14069,12 +14126,17 @@ public class FinCommon
 			if (purpose.equalsIgnoreCase("D-INV"))
 			{
 				sql = "select acct_code__inv,cctr_code__inv  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = '" + itemCode + "' "
-					  +" and item_ser = '" + itemSer + "' "
-					  +" and tran_type = '" + tranType + "' ";
+				      +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 				pstmt = conn.prepareStatement(sql);
+				pstmt.setString(1, siteCodeFrom);
+				pstmt.setString(2, siteCodeTo);
+				pstmt.setString(3, itemCode);
+				pstmt.setString(4, itemSer);
+				pstmt.setString(5, tranType);
 				rs = pstmt.executeQuery();
 				if (rs.next())
 				{
@@ -14088,12 +14150,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__inv,cctr_code__inv  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = '" + itemCode + "' "
-					  +" and item_ser = ' ' "
-					  +" and tran_type = '" + tranType + "' ";
+				      +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, itemCode);
+					pstmt.setString(4, emptyVal);
+					pstmt.setString(5, tranType);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14108,12 +14175,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__inv,cctr_code__inv  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	  "
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = '" + itemCode + "' "
-					  +" and item_ser = ' ' "
-					  +" and tran_type = ' ' ";
+				      +" WHERE site_code__from = ?	  "
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, itemCode);
+					pstmt.setString(4, emptyVal);
+					pstmt.setString(5, emptyVal);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14128,12 +14200,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__inv,cctr_code__inv  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = ' ' "
-					  +" and item_ser = '" + itemSer + "' "
-					  +" and tran_type = '" + tranType + "' ";
+				      +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, emptyVal);
+					pstmt.setString(4, itemSer);
+					pstmt.setString(5, tranType);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14148,12 +14225,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__inv,cctr_code__inv  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "' "
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = ' ' "
-					  +" and item_ser = '" + itemSer + "' "
-					  +" and tran_type = ' ' ";
+				      +" WHERE site_code__from = ? "
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, emptyVal);
+					pstmt.setString(4, itemSer);
+					pstmt.setString(5, emptyVal);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14168,10 +14250,13 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__inv,cctr_code__inv  FROM item_acct_detr_dist "
-				      +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_ser = '" + itemSer + "' "  ;
+				      +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_ser = ? "  ;
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, itemSer);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14187,12 +14272,17 @@ public class FinCommon
 			if (purpose.equalsIgnoreCase("D-COGT"))
 			{
 				sql = "select acct_code__cogt,cctr_code__cogt   FROM item_acct_detr_dist "
-					  +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = '" + itemCode + "' "
-					  +" and item_ser = '" + itemSer + "' "
-					  +" and tran_type = '" + tranType + "' ";
+					  +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 				pstmt = conn.prepareStatement(sql);
+				pstmt.setString(1, siteCodeFrom);
+				pstmt.setString(2, siteCodeTo);
+				pstmt.setString(3, itemCode);
+				pstmt.setString(4, itemSer);
+				pstmt.setString(5, tranType);
 				rs = pstmt.executeQuery();
 				if (rs.next())
 				{
@@ -14206,12 +14296,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__cogt,cctr_code__cogt   FROM item_acct_detr_dist "
-					  +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = '" + itemCode + "' "
-					  +" and item_ser = ' ' "
-					  +" and tran_type = '" + tranType + "' ";
+					  +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, itemCode);
+					pstmt.setString(4, emptyVal);
+					pstmt.setString(5, tranType);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14226,12 +14321,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__cogt,cctr_code__cogt   FROM item_acct_detr_dist "
-					  +" WHERE site_code__from = '" + siteCodeFrom + "'	 "
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = '" + itemCode + "' "
-					  +" and item_ser = ' ' "
-					  +" and tran_type = ' ' ";
+					  +" WHERE site_code__from = ?	 "
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, itemCode);
+					pstmt.setString(4, emptyVal);
+					pstmt.setString(5, emptyVal);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14246,12 +14346,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__cogt,cctr_code__cogt   FROM item_acct_detr_dist "
-					  +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = ' ' "
-					  +" and item_ser = '" + itemSer + "' "
-					  +" and tran_type = '" + tranType + "' ";
+					  +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, emptyVal);
+					pstmt.setString(4, itemSer);
+					pstmt.setString(5, tranType);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14266,12 +14371,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql ="select acct_code__cogt,cctr_code__cogt   FROM item_acct_detr_dist "
-					  +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = ' ' "
-					  +" and item_ser = '" + itemSer + "' "
-					  +" and tran_type = ' ' ";
+					  +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, emptyVal);
+					pstmt.setString(4, itemSer);
+					pstmt.setString(5, emptyVal);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14286,10 +14396,13 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__cogt,cctr_code__cogt   FROM item_acct_detr_dist "
-					  +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_ser = '" + itemSer + "' "  ;
+					  +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_ser = ? "  ;
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, itemSer);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14305,12 +14418,17 @@ public class FinCommon
 			if (purpose.equalsIgnoreCase("D-BRTR"))
 			{
 				sql = "select acct_code__brtr,cctr_code__brtr    FROM item_acct_detr_dist"
-					  +" WHERE site_code__from = '" + siteCodeFrom + "'	  "
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = '" + itemCode + "' "
-					  +" and item_ser = '" + itemSer + "' "
-					  +" and tran_type = '" + tranType + "' ";
+					  +" WHERE site_code__from = ?	  "
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 				pstmt = conn.prepareStatement(sql);
+				pstmt.setString(1, siteCodeFrom);
+				pstmt.setString(2, siteCodeTo);
+				pstmt.setString(3, itemCode);
+				pstmt.setString(4, itemSer);
+				pstmt.setString(5, tranType);
 				rs = pstmt.executeQuery();
 				if (rs.next())
 				{
@@ -14324,12 +14442,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__brtr,cctr_code__brtr    FROM item_acct_detr_dist"
-					  +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = '" + itemCode + "' "
-					  +" and item_ser = ' ' "
-					  +" and tran_type = '" + tranType + "' ";
+					  +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, itemCode);
+					pstmt.setString(4, emptyVal);
+					pstmt.setString(5, tranType);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14344,12 +14467,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__brtr,cctr_code__brtr    FROM item_acct_detr_dist"
-					  +" WHERE site_code__from = '" + siteCodeFrom + "'	 "
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = '" + itemCode + "' "
-					  +" and item_ser = ' ' "
-					  +" and tran_type = ' ' ";
+					  +" WHERE site_code__from = ?	 "
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, itemCode);
+					pstmt.setString(4, emptyVal);
+					pstmt.setString(5, emptyVal);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14364,12 +14492,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__brtr,cctr_code__brtr    FROM item_acct_detr_dist"
-					  +" WHERE site_code__from = '" + siteCodeFrom + "' "
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = ' ' "
-					  +" and item_ser = '" + itemSer + "' "
-					  +" and tran_type = '" + tranType + "' ";
+					  +" WHERE site_code__from = ? "
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, emptyVal);
+					pstmt.setString(4, itemSer);
+					pstmt.setString(5, tranType);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14384,12 +14517,17 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql ="select acct_code__brtr,cctr_code__brtr    FROM item_acct_detr_dist"
-					  +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_code = ' ' "
-					  +" and item_ser = '" + itemSer + "' "
-					  +" and tran_type = ' ' ";
+					  +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_code = ? "
+					  +" and item_ser = ? "
+					  +" and tran_type = ? ";
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, emptyVal);
+					pstmt.setString(4, itemSer);
+					pstmt.setString(5, emptyVal);
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{
@@ -14404,10 +14542,14 @@ public class FinCommon
 				if(acctCode == null || acctCode.trim().length() == 0)
 				{
 					sql = "select acct_code__brtr,cctr_code__brtr    FROM item_acct_detr_dist"
-					  +" WHERE site_code__from = '" + siteCodeFrom + "'	"
-					  +" and site_code__to = '" + siteCodeTo + "' "
-					  +" and item_ser = '" + itemSer + "' "  ;
+					  +" WHERE site_code__from = ?	"
+					  +" and site_code__to = ? "
+					  +" and item_ser = ? "  ;
 					pstmt = conn.prepareStatement(sql);
+					pstmt.setString(1, siteCodeFrom);
+					pstmt.setString(2, siteCodeTo);
+					pstmt.setString(3, itemSer);
+					//Changed by Varsha V on 22-03-19 to make query parameterised--[END]
 					rs = pstmt.executeQuery();
 					if (rs.next())
 					{