2021-04-17 Fred Gleason <fredg@paravelsystems.com>

* Escaped all SQL identifiers in 'lib/'.
	* Replaced " with ' delimiters in all SQL literal strings in 'lib/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason
2021-04-17 19:47:05 -04:00
parent 1b7dd5cd7d
commit 0fd02861f9
104 changed files with 4807 additions and 5120 deletions

View File

@@ -2,7 +2,7 @@
//
// One-dimensional model for picking images
//
// (C) Copyright 2020 Fred Gleason <fredg@paravelsystems.com>
// (C) Copyright 2020-2021 Fred Gleason <fredg@paravelsystems.com>
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License version 2 as
@@ -25,13 +25,11 @@
RDImagePickerModel::RDImagePickerModel(const QString &tbl_name,
const QString &cat_id_col,
const QString &img_id_col,
QObject *parent)
: QAbstractListModel(parent)
{
c_table_name=tbl_name;
c_category_column=cat_id_col;
c_image_column=img_id_col;
c_table_name="`"+tbl_name+"`";
c_category_column="`"+cat_id_col+"`";
c_category_id=-1;;
c_image_size=QSize(100,100);
}
@@ -85,12 +83,12 @@ void RDImagePickerModel::update(int row)
RDSqlQuery *q=NULL;
sql=QString("select ")+
"DESCRIPTION,"+ // 00
"FILE_EXTENSION,"+ // 01
"WIDTH,"+ // 02
"HEIGHT "+ // 03
"from FEED_IMAGES where "+
QString().sprintf("ID=%d",c_image_ids.at(row));
"`DESCRIPTION`,"+ // 00
"`FILE_EXTENSION`,"+ // 01
"`WIDTH`,"+ // 02
"`HEIGHT` "+ // 03
"from `FEED_IMAGES` where "+
QString().sprintf("`ID`=%d",c_image_ids.at(row));
q=new RDSqlQuery(sql);
if(q->first()) {
c_descriptions[row]=q->value(0).toString()+"\n"+
@@ -180,15 +178,15 @@ void RDImagePickerModel::LoadRows(int cat_id,const QSize &img_size)
// Load new data
//
sql=QString("select ")+
"ID,"+ // 00
"DESCRIPTION,"+ // 01
"FILE_EXTENSION,"+ // 02
"WIDTH,"+ // 02
"HEIGHT,"+ // 03
"DATA "+ // 04
"`ID`,"+ // 00
"`DESCRIPTION`,"+ // 01
"`FILE_EXTENSION`,"+ // 02
"`WIDTH`,"+ // 02
"`HEIGHT`,"+ // 03
"`DATA` "+ // 04
"from "+c_table_name+" where "+
c_category_column+QString().sprintf("=%d ",cat_id)+
"order by DESCRIPTION";
"order by `DESCRIPTION`";
q=new RDSqlQuery(sql);
if(q->size()>0) {
beginInsertRows(QModelIndex(),0,q->size()-1);