2021-04-17 Fred Gleason <fredg@paravelsystems.com>

* Escaped all SQL identifiers in 'lib/'.
	* Replaced " with ' delimiters in all SQL literal strings in 'lib/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason
2021-04-17 19:47:05 -04:00
parent 1b7dd5cd7d
commit 0fd02861f9
104 changed files with 4807 additions and 5120 deletions

View File

@@ -2,7 +2,7 @@
//
// Abstract a Rivendell Switcher Matrix
//
// (C) Copyright 2002-2019 Fred Gleason <fredg@paravelsystems.com>
// (C) Copyright 2002-2021 Fred Gleason <fredg@paravelsystems.com>
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License version 2 as
@@ -18,9 +18,9 @@
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
//
#include <rddb.h>
#include <rdmatrix.h>
#include <rdescape_string.h>
#include "rddb.h"
#include "rdescape_string.h"
#include "rdmatrix.h"
//
// Control Grids
@@ -183,10 +183,10 @@ RDMatrix::RDMatrix(const QString &station,int matrix)
RDSqlQuery *q=NULL;
sql=QString("select ")+
"ID "+ // 00
"from MATRICES where "+
"STATION_NAME=\""+RDEscapeString(station)+"\" && "+
QString().sprintf("MATRIX=%d",matrix);
"`ID` "+ // 00
"from `MATRICES` where "+
"`STATION_NAME`='"+RDEscapeString(station)+"' && "+
QString().sprintf("`MATRIX`=%d",matrix);
q=new RDSqlQuery(sql);
if(q->first()) {
mx_id=q->value(0).toInt();
@@ -208,10 +208,10 @@ RDMatrix::RDMatrix(int matrix_id)
RDSqlQuery *q=NULL;
sql=QString("select ")+
"STATION_NAME," // 00
"MATRIX "+ /// 01
"from MATRICES where "+
QString().sprintf("ID=%d",matrix_id);
"`STATION_NAME`," // 00
"`MATRIX` "+ /// 01
"from `MATRICES` where "+
QString().sprintf("`ID`=%d",matrix_id);
q=new RDSqlQuery(sql);
if(q->first()) {
mx_station=q->value(0).toString();
@@ -531,10 +531,10 @@ QString RDMatrix::inputName(int input) const
RDMatrix::Mode RDMatrix::inputMode(int input) const
{
QString sql=QString("select CHANNEL_MODE from INPUTS where ")+
"STATION_NAME=\""+RDEscapeString(mx_station)+"\" && "+
QString().sprintf("MATRIX=%d && ",mx_number)+
QString().sprintf("NUMBER=%d",input);
QString sql=QString("select `CHANNEL_MODE` from `INPUTS` where ")+
"`STATION_NAME`='"+RDEscapeString(mx_station)+"' && "+
QString().sprintf("`MATRIX`=%d && ",mx_number)+
QString().sprintf("`NUMBER`=%d",input);
RDSqlQuery *q=new RDSqlQuery(sql);
if(!q->first()) {
delete q;
@@ -888,10 +888,10 @@ int RDMatrix::defaultControlValue(RDMatrix::Type type,
QString RDMatrix::GetEndpointName(int pointnum,const QString &table) const
{
QString sql=QString("select NAME from ")+table+" where "+
"STATION_NAME=\""+RDEscapeString(mx_station)+"\" && "+
QString().sprintf("MATRIX=%d && ",mx_number)+
QString().sprintf("NUMBER=%d",pointnum);
QString sql=QString("select `NAME` from ")+table+" where "+
"`STATION_NAME`='"+RDEscapeString(mx_station)+"' && "+
QString().sprintf("`MATRIX`=%d && ",mx_number)+
QString().sprintf("`NUMBER`=%d",pointnum);
RDSqlQuery *q=new RDSqlQuery(sql);
if(!q->first()) {
delete q;
@@ -906,9 +906,9 @@ QString RDMatrix::GetEndpointName(int pointnum,const QString &table) const
QVariant RDMatrix::GetRow(const QString &param) const
{
QVariant var;
QString sql=QString("select ")+param+" from MATRICES where "+
"STATION_NAME=\""+RDEscapeString(mx_station)+"\" && "+
QString().sprintf("MATRIX=%d",mx_number);
QString sql=QString("select `")+param+"` from `MATRICES` where "+
"`STATION_NAME`='"+RDEscapeString(mx_station)+"' && "+
QString().sprintf("`MATRIX`=%d",mx_number);
RDSqlQuery *q=new RDSqlQuery(sql);
if(q->first()) {
var=q->value(0);
@@ -920,41 +920,35 @@ QVariant RDMatrix::GetRow(const QString &param) const
void RDMatrix::SetRow(const QString &param,const QString &value) const
{
RDSqlQuery *q;
QString sql;
sql=QString("update MATRICES set ")+
param+"=\""+RDEscapeString(value)+"\" where "+
"STATION_NAME=\""+RDEscapeString(mx_station)+"\" && "+
QString().sprintf("MATRIX=%d",mx_number);
q=new RDSqlQuery(sql);
delete q;
sql=QString("update `MATRICES` set `")+
param+"`='"+RDEscapeString(value)+"' where "+
"`STATION_NAME`='"+RDEscapeString(mx_station)+"' && "+
QString().sprintf("`MATRIX`=%d",mx_number);
RDSqlQuery::apply(sql);
}
void RDMatrix::SetRow(const QString &param,int value) const
{
RDSqlQuery *q;
QString sql;
sql=QString("update MATRICES set ")+
param+QString().sprintf("=%d where ",value)+
"STATION_NAME=\""+RDEscapeString(mx_station)+"\" && "+
QString().sprintf("MATRIX=%d",mx_number);
q=new RDSqlQuery(sql);
delete q;
sql=QString("update `MATRICES` set `")+
param+QString().sprintf("`=%d where ",value)+
"`STATION_NAME`='"+RDEscapeString(mx_station)+"' && "+
QString().sprintf("`MATRIX`=%d",mx_number);
RDSqlQuery::apply(sql);
}
void RDMatrix::SetRow(const QString &param,unsigned value) const
{
RDSqlQuery *q;
QString sql;
sql=QString("update MATRICES set ")+
param+QString().sprintf("=%u where ",value)+
"STATION_NAME=\""+RDEscapeString(mx_station)+"\" && "+
QString().sprintf("MATRIX=%d",mx_number);
q=new RDSqlQuery(sql);
delete q;
sql=QString("update `MATRICES` set `")+
param+QString().sprintf("`=%u where ",value)+
"`STATION_NAME`='"+RDEscapeString(mx_station)+"' && "+
QString().sprintf("`MATRIX`=%d",mx_number);
RDSqlQuery::apply(sql);
}