mirror of
https://github.com/ElvishArtisan/rivendell.git
synced 2025-10-17 16:11:12 +02:00
2021-04-17 Fred Gleason <fredg@paravelsystems.com>
* Escaped all SQL identifiers in 'lib/'. * Replaced " with ' delimiters in all SQL literal strings in 'lib/'. Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
@@ -55,17 +55,17 @@ bool RDReport::ExportMusicClassical(const QString &filename,
|
||||
cart_fmt="%6u";
|
||||
}
|
||||
sql=QString("select ")+
|
||||
"ELR_LINES.LENGTH,"+ // 00
|
||||
"ELR_LINES.CART_NUMBER,"+ // 01
|
||||
"ELR_LINES.EVENT_DATETIME,"+ // 02
|
||||
"ELR_LINES.TITLE,"+ // 03
|
||||
"ELR_LINES.ALBUM,"+ // 04
|
||||
"ELR_LINES.COMPOSER,"+ // 05
|
||||
"ELR_LINES.USER_DEFINED "+ // 06
|
||||
"from ELR_LINES left join CART "+
|
||||
"on ELR_LINES.CART_NUMBER=CART.NUMBER where "+
|
||||
"SERVICE_NAME=\""+RDEscapeString(mixtable)+"\" "+
|
||||
"order by EVENT_DATETIME";
|
||||
"`ELR_LINES`.`LENGTH`,"+ // 00
|
||||
"`ELR_LINES`.`CART_NUMBER`,"+ // 01
|
||||
"`ELR_LINES`.`EVENT_DATETIME`,"+ // 02
|
||||
"`ELR_LINES`.`TITLE`,"+ // 03
|
||||
"`ELR_LINES`.`ALBUM`,"+ // 04
|
||||
"`ELR_LINES`.`COMPOSER`,"+ // 05
|
||||
"`ELR_LINES`.`USER_DEFINED` "+ // 06
|
||||
"from `ELR_LINES` left join `CART` "+
|
||||
"on `ELR_LINES`.`CART_NUMBER`=`CART`.`NUMBER` where "+
|
||||
"`ELR_LINES`.`SERVICE_NAME`='"+RDEscapeString(mixtable)+"' "+
|
||||
"order by `EVENT_DATETIME`";
|
||||
q=new RDSqlQuery(sql);
|
||||
|
||||
//
|
||||
|
Reference in New Issue
Block a user