From 19043fea3920c84503c29782ecc7cf9a68be2ed6 Mon Sep 17 00:00:00 2001
From: Fred Gleason <fredg@paravelsystems.com>
Date: Tue, 20 Apr 2021 11:23:39 -0400
Subject: [PATCH] 2021-04-20 Fred Gleason <fredg@paravelsystems.com> 	*
 Escaped all SQL identifiers in 'utils/rdcheckcuts/'. 	* Replaced " with '
 delimiters in all SQL literal strings in 	'utils/rdcheckcuts/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
---
 ChangeLog                         |  4 ++++
 utils/rdcheckcuts/rdcheckcuts.cpp | 13 ++++++++-----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index af402c76..26b8f08e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21547,3 +21547,7 @@
 	* Escaped all SQL identifiers in 'tests/'.
 	* Replaced " with ' delimiters in all SQL literal strings in
 	'tests/'.
+2021-04-20 Fred Gleason <fredg@paravelsystems.com>
+	* Escaped all SQL identifiers in 'utils/rdcheckcuts/'.
+	* Replaced " with ' delimiters in all SQL literal strings in
+	'utils/rdcheckcuts/'.
diff --git a/utils/rdcheckcuts/rdcheckcuts.cpp b/utils/rdcheckcuts/rdcheckcuts.cpp
index 2dbb5327..eedf6dff 100644
--- a/utils/rdcheckcuts/rdcheckcuts.cpp
+++ b/utils/rdcheckcuts/rdcheckcuts.cpp
@@ -2,7 +2,7 @@
 //
 // Check Rivendell Cuts for Valid Audio
 //
-//   (C) Copyright 2012-2018 Fred Gleason <fredg@paravelsystems.com>
+//   (C) Copyright 2012-2021 Fred Gleason <fredg@paravelsystems.com>
 //
 //   This program is free software; you can redistribute it and/or modify
 //   it under the terms of the GNU General Public License version 2 as
@@ -67,7 +67,7 @@ MainObject::MainObject(QObject *parent)
   // Build Group List
   //
   if(group_names.size()==0) {
-    sql="select NAME from GROUPS order by NAME";
+    sql="select `NAME` from `GROUPS` order by `NAME`";
     q=new RDSqlQuery(sql);
     while(q->next()) {
       group_names.push_back(q->value(0).toString());
@@ -117,9 +117,12 @@ bool MainObject::ValidateGroup(const QString &groupname,
   RDAudioInfo *info=new RDAudioInfo(this);
   RDAudioInfo::ErrorCode err_code;
   
-  sql=QString("select CUTS.CUT_NAME,CUTS.CART_NUMBER,CUTS.LENGTH ")+
-    "from CUTS left join CART on CUTS.CART_NUMBER=CART.NUMBER "+
-    "where CART.GROUP_NAME=\""+groupname+"\" order by CART_NUMBER";
+  sql=QString("select ")+
+    "`CUTS`.`CUT_NAME`,"+     // 00
+    "`CUTS`.`CART_NUMBER`,"+  // 01
+    "`CUTS`.`LENGTH` "+       // 02
+    "from `CUTS` left join `CART` on `CUTS`.`CART_NUMBER`=`CART`.`NUMBER` "+
+    "where `CART`.`GROUP_NAME`='"+groupname+"' order by `CUTS`.`CART_NUMBER`";
   q=new RDSqlQuery(sql);
   while(q->next()) {
     if(q->value(2).toInt()>0) {