From 3548d6c60eae5dcc91d14a4ecfff5b406bc23648 Mon Sep 17 00:00:00 2001
From: Fred Gleason <fredg@paravelsystems.com>
Date: Mon, 19 Apr 2021 16:56:35 -0400
Subject: [PATCH] 2021-04-18 Fred Gleason <fredg@paravelsystems.com> 	*
 Escaped all SQL identifiers in 'cae/'. 	* Replaced " with ' delimiters
 in all SQL literal strings in 	'cae/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
---
 ChangeLog        | 4 ++++
 cae/cae.cpp      | 8 ++++----
 cae/cae_jack.cpp | 8 ++++----
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 111b3096..32fb3749 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21467,3 +21467,7 @@
 2021-04-19 Fred Gleason <fredg@paravelsystems.com>
 	* Updated 'CODINGSTYLE' to include requirements for escaping
 	identifiers and quoting string literals.
+2021-04-18 Fred Gleason <fredg@paravelsystems.com>
+	* Escaped all SQL identifiers in 'cae/'.
+	* Replaced " with ' delimiters in all SQL literal strings in
+	'cae/'.
diff --git a/cae/cae.cpp b/cae/cae.cpp
index fb83d68d..9a42be51 100644
--- a/cae/cae.cpp
+++ b/cae/cae.cpp
@@ -1615,8 +1615,8 @@ void MainObject::InitProvisioning() const
   //
   if(rd_config->provisioningCreateHost()) {
     if(!rd_config->provisioningHostTemplate().isEmpty()) {
-      sql=QString("select NAME from STATIONS where ")+
-	"NAME=\""+RDEscapeString(rd_config->stationName())+"\"";
+      sql=QString("select `NAME` from `STATIONS` where ")+
+	"`NAME`='"+RDEscapeString(rd_config->stationName())+"'";
       q=new RDSqlQuery(sql);
       if(!q->first()) {
 	if(RDStation::create(rd_config->stationName(),&err_msg,rd_config->provisioningHostTemplate(),rd_config->provisioningHostIpAddress())) {
@@ -1648,8 +1648,8 @@ void MainObject::InitProvisioning() const
     if(!rd_config->provisioningServiceTemplate().isEmpty()) {
       QString svcname=
 	rd_config->provisioningServiceName(rd_config->stationName());
-      sql=QString("select NAME from SERVICES where ")+
-	"NAME=\""+RDEscapeString(svcname)+"\"";
+      sql=QString("select `NAME` from `SERVICES` where ")+
+	"`NAME`='"+RDEscapeString(svcname)+"'";
       q=new RDSqlQuery(sql);
       if(!q->first()) {
 	if(RDSvc::create(svcname,&err_msg,
diff --git a/cae/cae_jack.cpp b/cae/cae_jack.cpp
index 2de9a05e..41b1c4fb 100644
--- a/cae/cae_jack.cpp
+++ b/cae/cae_jack.cpp
@@ -432,10 +432,10 @@ void MainObject::jackClientStartData()
 {
 #ifdef JACK
   QString sql=QString("select ")+
-    "DESCRIPTION,"+   // 00
-    "COMMAND_LINE "+  // 01
-    "from JACK_CLIENTS where "+
-    "STATION_NAME=\""+RDEscapeString(rd_config->stationName())+"\"";
+    "`DESCRIPTION`,"+   // 00
+    "`COMMAND_LINE` "+  // 01
+    "from `JACK_CLIENTS` where "+
+    "`STATION_NAME`='"+RDEscapeString(rd_config->stationName())+"'";
   RDSqlQuery *q=new RDSqlQuery(sql);
   while(q->next()) {
     QString cmd=RDDateDecode(q->value(1).toString(),QDate::currentDate(),