2018-07-12 Fred Gleason <fredg@paravelsystems.com>

* Cleaned up SQL quieries in 'lib/' ensure UTF-8 compatibility.
2025-10-13 06:03:37 +02:00 · 2018-07-12 13:47:20 -04:00
parent bc2ada9b22
commit 363dbb7878
67 changed files with 1617 additions and 2040 deletions
--- a/lib/rduser.cpp
+++ b/lib/rduser.cpp
@@ -65,11 +65,12 @@ bool RDUser::authenticated(bool webuser) const
  QString sql;

  if(localAuthentication()) {
-    sql=QString().sprintf("select LOGIN_NAME,ENABLE_WEB from USERS \
-                         where LOGIN_NAME=\"%s\"		   \
-                         && PASSWORD=\"%s\"",
-			  (const char *)RDEscapeString(user_name),
-			  (const char *)RDEscapeString(user_password));
+    sql=QString("select ")+
+      "LOGIN_NAME,"+
+      "ENABLE_WEB "+
+      "from USERS where "+
+      "LOGIN_NAME=\""+RDEscapeString(user_name)+"\" && "+
+      "PASSWORD=\""+RDEscapeString(user_password)+"\"";
    q=new RDSqlQuery(sql);
    if(q->first()) {
      bool ret=RDBool(q->value(1).toString())||
@@ -500,12 +501,11 @@ bool RDUser::cartAuthorized(unsigned cartnum) const
  RDSqlQuery *q;
  bool ret=false;

-  sql=QString().
-      sprintf("select CART.NUMBER from CART \
-               left join USER_PERMS \
-               on CART.GROUP_NAME=USER_PERMS.GROUP_NAME \
-               where (USER_PERMS.USER_NAME=\"%s\")&&(CART.NUMBER=%u)",
-	      (const char *)RDEscapeString(user_name),cartnum);
+  sql=QString("select CART.NUMBER from CART ")+
+    "left join USER_PERMS "+
+    "on CART.GROUP_NAME=USER_PERMS.GROUP_NAME where "+
+    "(USER_PERMS.USER_NAME=\""+RDEscapeString(user_name)+"\")&&"+
+    QString().sprintf("(CART.NUMBER=%u)",cartnum);
  q=new RDSqlQuery(sql);
  ret=q->first();
  delete q;
@@ -543,11 +543,11 @@ QStringList RDUser::services() const
    sql=QString().sprintf("SELECT NAME FROM SERVICES" );
  } 
  else {
-    sql=QString().sprintf("select distinct AUDIO_PERMS.SERVICE_NAME \
-                           from USER_PERMS left join AUDIO_PERMS \
-                           on USER_PERMS.GROUP_NAME=AUDIO_PERMS.GROUP_NAME \
-                           where USER_PERMS.USER_NAME=\"%s\"",
-			  (const char *)RDEscapeString(user_name));
+    sql=QString("select distinct ")+
+      "AUDIO_PERMS.SERVICE_NAME "+
+      "from USER_PERMS left join AUDIO_PERMS "+
+      "on USER_PERMS.GROUP_NAME=AUDIO_PERMS.GROUP_NAME where "+
+      "USER_PERMS.USER_NAME=\""+RDEscapeString(user_name)+"\"";
  }
  
  q=new RDSqlQuery(sql);
@@ -565,10 +565,9 @@ void RDUser::SetRow(const QString &param,const QString &value) const
  RDSqlQuery *q;
  QString sql;

-  sql=QString().sprintf("UPDATE USERS SET %s=\"%s\" WHERE LOGIN_NAME=\"%s\"",
-			(const char *)param,
-			(const char *)RDEscapeString(value),
-			(const char *)user_name);
+  sql=QString("update USERS set ")+
+    param+"=\""+RDEscapeString(value)+"\" where "+
+    "LOGIN_NAME=\""+RDEscapeString(user_name)+"\"";
  q=new RDSqlQuery(sql);
  delete q;
 }
@@ -579,10 +578,9 @@ void RDUser::SetRow(const QString &param,int value) const
  RDSqlQuery *q;
  QString sql;

-  sql=QString().sprintf("UPDATE USERS SET %s=%d WHERE LOGIN_NAME=\"%s\"",
-			(const char *)param,
-			value,
-			(const char *)user_name);
+  sql=QString("update USERS set ")+
+    param+QString().sprintf("=%d where ",value)+
+    "LOGIN_NAME=\""+user_name+"\"";
  q=new RDSqlQuery(sql);
  delete q;
 }