2021-04-17 Fred Gleason <fredg@paravelsystems.com>

* Escaped all SQL identifiers in 'lib/'. * Replaced " with ' delimiters in all SQL literal strings in 'lib/'. Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
2025-10-17 16:11:12 +02:00 · 2021-04-17 19:47:05 -04:00
parent 1b7dd5cd7d
commit 0fd02861f9
104 changed files with 4807 additions and 5120 deletions
--- a/lib/rdmatrixlistmodel.cpp
+++ b/lib/rdmatrixlistmodel.cpp
@@ -218,7 +218,7 @@ void RDMatrixListModel::refresh(const QModelIndex &row)
  if(row.row()<d_texts.size()) {
    QString sql=sqlFields()+
      "where "+
-      QString().sprintf("MATRICES.ID=%d ",d_ids.at(row.row()));
+      QString().sprintf("`MATRICES`.`ID`=%d ",d_ids.at(row.row()));
    RDSqlQuery *q=new RDSqlQuery(sql);
    if(q->first()) {
      updateRow(row.row(),q);
@@ -248,8 +248,8 @@ void RDMatrixListModel::updateModel()
  RDSqlQuery *q=NULL;
  QString sql=sqlFields()+
    "where "+
-    "STATION_NAME=\""+RDEscapeString(d_station_name)+"\" "+
-    "order by MATRICES.NAME ";
+    "`STATION_NAME`='"+RDEscapeString(d_station_name)+"' "+
+    "order by `MATRICES`.`NAME` ";
  beginResetModel();
  d_ids.clear();
  d_texts.clear();
@@ -277,7 +277,7 @@ void RDMatrixListModel::updateRowLine(int line)
  if(line<d_texts.size()) {
    QString sql=sqlFields()+
      "where "+
-      QString().sprintf("MATRICES.ID=%d ",d_ids.at(line));
+      QString().sprintf("`MATRICES`.`ID`=%d ",d_ids.at(line));
    RDSqlQuery *q=new RDSqlQuery(sql);
    if(q->first()) {
      updateRow(line,q);
@@ -321,15 +321,15 @@ void RDMatrixListModel::updateRow(int row,RDSqlQuery *q)
 QString RDMatrixListModel::sqlFields() const
 {
  QString sql=QString("select ")+
-    "MATRICES.ID,"+       // 00
-    "MATRICES.NAME,"+     // 01
-    "MATRICES.MATRIX,"+   // 02
-    "MATRICES.TYPE,"+     // 03
-    "MATRICES.INPUTS,"+   // 04
-    "MATRICES.OUTPUTS,"+  // 05
-    "MATRICES.GPIS,"+     // 06
-    "MATRICES.GPOS "+     // 07
-    "from MATRICES ";
+    "`MATRICES`.`ID`,"+       // 00
+    "`MATRICES`.`NAME`,"+     // 01
+    "`MATRICES`.`MATRIX`,"+   // 02
+    "`MATRICES`.`TYPE`,"+     // 03
+    "`MATRICES`.`INPUTS`,"+   // 04
+    "`MATRICES`.`OUTPUTS`,"+  // 05
+    "`MATRICES`.`GPIS`,"+     // 06
+    "`MATRICES`.`GPOS` "+     // 07
+    "from `MATRICES` ";

    return sql;
 }