2021-04-23 Fred Gleason <fredg@paravelsystems.com>

* Escaped all SQL identifiers in 'utils/rdimport/'. * Replaced " with ' delimiters in all SQL literal strings in 'utils/rdimport/'. Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
2025-10-16 23:51:20 +02:00 · 2021-04-23 12:36:18 -04:00
parent aeb27fb011
commit 0783ab5344
2 changed files with 22 additions and 19 deletions
--- a/4
+++ b/4
@@ -21575,3 +21575,7 @@
 	* Escaped all SQL identifiers in 'utils/rdgpimon/'.
 	* Replaced " with ' delimiters in all SQL literal strings in
 	'utils/rdgpimon/'.
 2021-04-23 Fred Gleason <fredg@paravelsystems.com>
 	* Escaped all SQL identifiers in 'utils/rdimport/'.
 	* Replaced " with ' delimiters in all SQL literal strings in
 	'utils/rdimport/'.
--- a/utils/rdimport/rdimport.cpp
+++ b/utils/rdimport/rdimport.cpp
@@ -1155,9 +1155,9 @@ MainObject::Result MainObject::ImportFile(const QString &filename,
      }
      else {
 	sql=QString("select ")+
-	  "NUMBER "+  // 00
+	  "`NUMBER` "+  // 00
-	  "from CART where "+
+	  "from `CART` where "+
-	  "TITLE=\""+RDEscapeString(wavedata->title())+"\"";
+	  "`TITLE`='"+RDEscapeString(wavedata->title())+"'";
 	q=new RDSqlQuery(sql);
 	if(q->first()) {
 	  QString err_msg=QString().
@@ -2169,9 +2169,9 @@ QDateTime MainObject::GetCachedTimestamp(const QString &filename)
  if(import_persistent_dropbox_id<0) {
    return dt;
  }
-  sql=QString().sprintf("select FILE_DATETIME from DROPBOX_PATHS where ")+
+  sql=QString().sprintf("select `FILE_DATETIME` from `DROPBOX_PATHS` where ")+
-    QString().sprintf("(DROPBOX_ID=%d)&&",import_persistent_dropbox_id)+
+    QString().sprintf("(`DROPBOX_ID`=%d)&&",import_persistent_dropbox_id)+
-    "(FILE_PATH=\""+RDEscapeString(filename)+"\")";
+    "(`FILE_PATH`='"+RDEscapeString(filename)+"')";
  q=new RDSqlQuery(sql);
  if(q->first()) {
    dt=q->value(0).toDateTime();
@@ -2185,24 +2185,23 @@ void MainObject::WriteTimestampCache(const QString &filename,
 				     const QDateTime &dt)
 {
  QString sql;
-  RDSqlQuery *q;
+
  if(import_persistent_dropbox_id<0) {
    return;
  }
  if(GetCachedTimestamp(filename).isNull()) {
-    sql=QString("insert into DROPBOX_PATHS set ")+
+    sql=QString("insert into `DROPBOX_PATHS` set ")+
-      QString().sprintf("DROPBOX_ID=%d,",import_persistent_dropbox_id)+
+      QString().sprintf("`DROPBOX_ID`=%d,",import_persistent_dropbox_id)+
-      "FILE_PATH=\""+RDEscapeString(filename)+"\","+
+      "`FILE_PATH`='"+RDEscapeString(filename)+"',"+
-      "FILE_DATETIME="+RDCheckDateTime(dt,"yyyy-MM-dd hh:mm:ss");
+      "`FILE_DATETIME`="+RDCheckDateTime(dt,"yyyy-MM-dd hh:mm:ss");
  }
  else {
-    sql=QString("update DROPBOX_PATHS set ")+
+    sql=QString("update `DROPBOX_PATHS` set ")+
-      "FILE_DATETIME="+RDCheckDateTime(dt,"yyyy-MM-dd hh:mm:ss")+" where "+
+      "`FILE_DATETIME`="+RDCheckDateTime(dt,"yyyy-MM-dd hh:mm:ss")+" where "+
-      QString().sprintf("(DROPBOX_ID=%d)&&",import_persistent_dropbox_id)+
+      QString().sprintf("(`DROPBOX_ID`=%d)&&",import_persistent_dropbox_id)+
-      "(FILE_PATH=\""+RDEscapeString(filename)+"\")";
+      "(`FILE_PATH`='"+RDEscapeString(filename)+"')";
  }
-  q=new RDSqlQuery(sql);
+  RDSqlQuery::apply(sql);
  delete q;
 }
@@ -2212,8 +2211,8 @@ bool MainObject::SchedulerCodeExists(const QString &code) const
  RDSqlQuery *q;
  bool ret=false;
-  sql=QString("select CODE from SCHED_CODES where CODE=\"")+
+  sql=QString("select `CODE` from `SCHED_CODES` where `CODE`='")+
-    RDEscapeString(code)+"\"";
+    RDEscapeString(code)+"'";
  q=new RDSqlQuery(sql);
  ret=q->first();
  delete q;