2021-04-17 Fred Gleason <fredg@paravelsystems.com>

* Escaped all SQL identifiers in 'lib/'. * Replaced " with ' delimiters in all SQL literal strings in 'lib/'. Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
2025-10-11 17:13:47 +02:00 · 2021-04-17 19:47:05 -04:00
parent 1b7dd5cd7d
commit 0fd02861f9
104 changed files with 4807 additions and 5120 deletions
--- a/lib/rddiscmodel.cpp
+++ b/lib/rddiscmodel.cpp
@@ -182,11 +182,11 @@ void RDDiscModel::setCutName(const QModelIndex &row,const QString &cutname)
  }
  else {
    QString sql=QString("select ")+
-      "CART.TITLE,"+        // 00
-      "CUTS.DESCRIPTION "+  // 01
-      "from CART left join CUTS "+
-      "on CART.NUMBER=CUTS.CART_NUMBER "+
-      "where CUTS.CUT_NAME=\""+RDEscapeString(cutname)+"\"";
+      "`CART`.`TITLE`,"+        // 00
+      "`CUTS`.`DESCRIPTION` "+  // 01
+      "from `CART` left join `CUTS` "+
+      "on `CART`.`NUMBER`=`CUTS`.`CART_NUMBER` "+
+      "where `CUTS`.`CUT_NAME`='"+RDEscapeString(cutname)+"'";
    RDSqlQuery *q=new RDSqlQuery(sql);
    if(q->first()) {
      d_texts[row.row()][5]=q->value(0).toString()+"->"+q->value(1).toString();