2021-04-17 Fred Gleason <fredg@paravelsystems.com>

* Escaped all SQL identifiers in 'lib/'.
	* Replaced " with ' delimiters in all SQL literal strings in 'lib/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason
2021-04-17 19:47:05 -04:00
parent 1b7dd5cd7d
commit 0fd02861f9
104 changed files with 4807 additions and 5120 deletions

View File

@@ -55,17 +55,17 @@ bool RDReport::ExportMusicClassical(const QString &filename,
cart_fmt="%6u";
}
sql=QString("select ")+
"ELR_LINES.LENGTH,"+ // 00
"ELR_LINES.CART_NUMBER,"+ // 01
"ELR_LINES.EVENT_DATETIME,"+ // 02
"ELR_LINES.TITLE,"+ // 03
"ELR_LINES.ALBUM,"+ // 04
"ELR_LINES.COMPOSER,"+ // 05
"ELR_LINES.USER_DEFINED "+ // 06
"from ELR_LINES left join CART "+
"on ELR_LINES.CART_NUMBER=CART.NUMBER where "+
"SERVICE_NAME=\""+RDEscapeString(mixtable)+"\" "+
"order by EVENT_DATETIME";
"`ELR_LINES`.`LENGTH`,"+ // 00
"`ELR_LINES`.`CART_NUMBER`,"+ // 01
"`ELR_LINES`.`EVENT_DATETIME`,"+ // 02
"`ELR_LINES`.`TITLE`,"+ // 03
"`ELR_LINES`.`ALBUM`,"+ // 04
"`ELR_LINES`.`COMPOSER`,"+ // 05
"`ELR_LINES`.`USER_DEFINED` "+ // 06
"from `ELR_LINES` left join `CART` "+
"on `ELR_LINES`.`CART_NUMBER`=`CART`.`NUMBER` where "+
"`ELR_LINES`.`SERVICE_NAME`='"+RDEscapeString(mixtable)+"' "+
"order by `EVENT_DATETIME`";
q=new RDSqlQuery(sql);
//