diff --git a/ChangeLog b/ChangeLog index b7131842..10960ed2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21483,3 +21483,7 @@ * Escaped all SQL identifiers in 'importers/'. * Replaced " with ' delimiters in all SQL literal strings in 'importers/'. +2021-04-19 Fred Gleason + * Escaped all SQL identifiers in 'rdairplay/'. + * Replaced " with ' delimiters in all SQL literal strings in + 'rdairplay/'. diff --git a/rdairplay/list_logs.cpp b/rdairplay/list_logs.cpp index 690af0e6..51b4edfb 100644 --- a/rdairplay/list_logs.cpp +++ b/rdairplay/list_logs.cpp @@ -115,8 +115,8 @@ int ListLogs::exec(QString *logname,QString *svcname,RDLogLock **log_lock) list_log_lock=log_lock; list_saveas_button->setEnabled(rda->user()->createLog()); QStringList services_list; - QString sql=QString("select SERVICE_NAME from SERVICE_PERMS where ")+ - "STATION_NAME=\""+RDEscapeString(rda->station()->name())+"\""; + QString sql=QString("select `SERVICE_NAME` from `SERVICE_PERMS` where ")+ + "`STATION_NAME`='"+RDEscapeString(rda->station()->name())+"'"; RDSqlQuery *q=new RDSqlQuery(sql); services_list.push_back(tr("ALL")); while(q->next()) { diff --git a/rdairplay/rdairplay.cpp b/rdairplay/rdairplay.cpp index 3df6b364..7e4665ce 100644 --- a/rdairplay/rdairplay.cpp +++ b/rdairplay/rdairplay.cpp @@ -835,8 +835,8 @@ void MainWidget::ripcConnectedData(bool state) } } if(!air_start_logname[i].isEmpty()) { - sql=QString("select NAME from LOGS where ")+ - "NAME=\""+RDEscapeString(air_start_logname[i])+"\""; + sql=QString("select `NAME` from `LOGS` where ")+ + "`NAME`='"+RDEscapeString(air_start_logname[i])+"'"; q=new RDSqlQuery(sql); if(q->first()) { rml.clear(); @@ -2180,8 +2180,8 @@ void MainWidget::SetActionMode(StartButton::Mode mode) } } if(svc_quan==0) { - sql=QString("select SERVICE_NAME from SERVICE_PERMS where ")+ - "STATION_NAME=\""+RDEscapeString(rda->station()->name())+"\""; + sql=QString("select `SERVICE_NAME` from `SERVICE_PERMS` where ")+ + "`STATION_NAME`='"+RDEscapeString(rda->station()->name())+"'"; q=new RDSqlQuery(sql); while(q->next()) { services_list.append( q->value(0).toString() );