2021-04-17 Fred Gleason <fredg@paravelsystems.com>

* Escaped all SQL identifiers in 'lib/'. * Replaced " with ' delimiters in all SQL literal strings in 'lib/'. Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
2025-10-29 08:43:58 +01:00 · 2021-04-17 19:47:05 -04:00
parent 1b7dd5cd7d
commit 0fd02861f9
104 changed files with 4807 additions and 5120 deletions
--- a/lib/export_spincount.cpp
+++ b/lib/export_spincount.cpp
@@ -66,13 +66,14 @@ bool RDReport::ExportSpinCount(const QString &filename,const QDate &startdate,
  // Generate Spin Counts
  //
  sql=QString("select ")+
-    "CART_NUMBER,"+  // 00
-    "TITLE,"+        // 01
-    "ARTIST,"+       // 02
-    "ALBUM,LABEL "+  // 03
-    "from ELR_LINES where "+
-    "SERVICE_NAME=\""+RDEscapeString(mixtable)+"\" "+
-    "order by TITLE";
+    "`CART_NUMBER`,"+  // 00
+    "`TITLE`,"+        // 01
+    "`ARTIST`,"+       // 02
+    "`ALBUM`,"+       // 03
+    "`LABEL` "+       // 04
+    "from `ELR_LINES` where "+
+    "`SERVICE_NAME`='"+RDEscapeString(mixtable)+"' "+
+    "order by `TITLE`";
  q=new RDSqlQuery(sql);
  while(q->next()) {
    carts[q->value(0).toInt()]++;