2021-12-03 Fred Gleason <fredg@paravelsystems.com>

* Fixed a SQL escaping bug in 'lib/export_resultsrecon.cpp'.
	* Fixed a SQL escaping bug in 'lib/rdlibrarymodel.cpp'.
	* Fixed a SQL escaping bug in 'rdlibrary/rdlibrary.cpp'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>

ChangeLog

@@ -22593,3 +22593,7 @@
 2021-12-03 Fred Gleason <fredg@paravelsystems.com>
 	* Fixed a regression in 'RDCart::xml()' that caused a SQL error
 	to be generated.
+2021-12-03 Fred Gleason <fredg@paravelsystems.com>
+	* Fixed a SQL escaping bug in 'lib/export_resultsrecon.cpp'.
+	* Fixed a SQL escaping bug in 'lib/rdlibrarymodel.cpp'.
+	* Fixed a SQL escaping bug in 'rdlibrary/rdlibrary.cpp'.

lib/export_resultsrecon.cpp

@@ -54,7 +54,7 @@ bool RDReport::ExportResultsReport(const QString &filename,
     "`ELR_LINES`.`ARTIST`,"+          // 06
     "`ELR_LINES`.`EXT_START_TIME` "+  // 07
     "from `ELR_LINES` left join `CART` "+
-    "on `ELR_LINES`.`CART_NUMBER`=`CART.NUMBER` where "+
+    "on `ELR_LINES`.`CART_NUMBER`=`CART`.`NUMBER` where "+
     "`SERVICE_NAME`='"+RDEscapeString(mixtable)+"' "+
     "order by `EVENT_DATETIME`";
   q=new RDSqlQuery(sql);

lib/rdlibrarymodel.cpp

@@ -437,7 +437,7 @@ QModelIndex RDLibraryModel::addCart(unsigned cartnum)
 
   QString sql=sqlFields()+
     "where "+
-    QString::asprintf("CART.NUMBER=%u",cartnum);
+    QString::asprintf("`CART`.`NUMBER`=%u",cartnum);
   RDSqlQuery *q=new RDSqlQuery(sql);
   if(q->first()) {
     updateRow(offset,q);

rdlibrary/rdlibrary.cpp

@@ -691,7 +691,7 @@ void MainWidget::notificationReceivedData(RDNotification *notify)
     unsigned cartnum=notify->id().toUInt();
     switch(notify->action()) {
     case RDNotification::AddAction:
-      and_fields.push_back(QString::asprintf("CART.NUMBER=%u",cartnum));
+      and_fields.push_back(QString::asprintf("`CART`.`NUMBER`=%u",cartnum));
       sql=QString("select ")+
 	"`CART`.`NUMBER` "+  // 00
 	"from `CART` "+