2021-04-17 Fred Gleason <fredg@paravelsystems.com>

* Escaped all SQL identifiers in 'lib/'.
	* Replaced " with ' delimiters in all SQL literal strings in 'lib/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason
2021-04-17 19:47:05 -04:00
parent 1b7dd5cd7d
commit 0fd02861f9
104 changed files with 4807 additions and 5120 deletions

View File

@@ -55,23 +55,23 @@ bool RDReport::ExportTextLog(const QString &filename,const QDate &startdate,
cart_fmt="%6u";
}
sql=QString("select ")+
"ELR_LINES.LENGTH,"+ // 00
"ELR_LINES.CART_NUMBER,"+ // 01
"ELR_LINES.EVENT_DATETIME,"+ // 02
"ELR_LINES.EVENT_TYPE,"+ // 03
"ELR_LINES.EXT_START_TIME,"+ // 04
"ELR_LINES.EXT_LENGTH,"+ // 05
"ELR_LINES.EXT_DATA,"+ // 06
"ELR_LINES.EXT_EVENT_ID,"+ // 07
"ELR_LINES.TITLE,"+ // 08
"CART.FORCED_LENGTH,"+ // 09
"ELR_LINES.STATION_NAME,"+ // 10
"ELR_LINES.PLAY_SOURCE,"+ // 11
"ELR_LINES.CUT_NUMBER "+ // 12
"from ELR_LINES left join CART "+
"on ELR_LINES.CART_NUMBER=CART.NUMBER where "+
"SERVICE_NAME=\""+RDEscapeString(mixtable)+"\" "+
"order by EVENT_DATETIME";
"`ELR_LINES`.`LENGTH`,"+ // 00
"`ELR_LINES`.`CART_NUMBER`,"+ // 01
"`ELR_LINES`.`EVENT_DATETIME`,"+ // 02
"`ELR_LINES`.`EVENT_TYPE`,"+ // 03
"`ELR_LINES`.`EXT_START_TIME`,"+ // 04
"`ELR_LINES`.`EXT_LENGTH`,"+ // 05
"`ELR_LINES`.`EXT_DATA`,"+ // 06
"`ELR_LINES`.`EXT_EVENT_ID`,"+ // 07
"`ELR_LINES`.`TITLE`,"+ // 08
"`CART`.`FORCED_LENGTH`,"+ // 09
"`ELR_LINES`.`STATION_NAME`,"+ // 10
"`ELR_LINES`.`PLAY_SOURCE`,"+ // 11
"`ELR_LINES`.`CUT_NUMBER` "+ // 12
"from `ELR_LINES` left join CART "+
"on `ELR_LINES`.`CART_NUMBER`=`CART`.`NUMBER` where "+
"`SERVICE_NAME`='"+RDEscapeString(mixtable)+"' "+
"order by `EVENT_DATETIME`";
q=new RDSqlQuery(sql);
//