2021-04-20 Fred Gleason <fredg@paravelsystems.com>

* Escaped all SQL identifiers in 'ripcd/'. * Replaced " with ' delimiters in all SQL literal strings in 'ripcd/'. Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
2025-10-17 08:01:13 +02:00 · 2021-04-20 09:20:54 -04:00
parent efd3920bb5
commit 65b6c9e671
14 changed files with 279 additions and 298 deletions
--- a/ripcd/ripcd.cpp
+++ b/ripcd/ripcd.cpp
@@ -733,12 +733,12 @@ void MainObject::LoadGpiTable()
    }
  }
  QString sql=QString("select ")+
-    "MATRIX,"+          // 00
-    "NUMBER,"+          // 01
-    "OFF_MACRO_CART,"+  // 02
-    "MACRO_CART "+      // 03
-    "from GPIS where "+
-    "STATION_NAME=\""+RDEscapeString(rda->config()->stationName())+"\"";
+    "`MATRIX`,"+          // 00
+    "`NUMBER`,"+          // 01
+    "`OFF_MACRO_CART`,"+  // 02
+    "`MACRO_CART` "+      // 03
+    "from `GPIS` where "+
+    "`STATION_NAME`='"+RDEscapeString(rda->config()->stationName())+"'";
  RDSqlQuery *q=new RDSqlQuery(sql);
  while(q->next()) {
    ripcd_gpi_macro[q->value(0).toInt()][q->value(1).toInt()-1][0]=
@@ -749,12 +749,12 @@ void MainObject::LoadGpiTable()
  delete q;

  sql=QString("select ")+
-    "MATRIX,"+          // 00
-    "NUMBER,"+          // 01
-    "OFF_MACRO_CART,"+  // 02
-    "MACRO_CART "+      // 03
-    "from GPOS where "+
-    "STATION_NAME=\""+RDEscapeString(rda->config()->stationName())+"\"";
+    "`MATRIX`,"+          // 00
+    "`NUMBER`,"+          // 01
+    "`OFF_MACRO_CART`,"+  // 02
+    "`MACRO_CART` "+      // 03
+    "from `GPOS` where "+
+    "`STATION_NAME`='"+RDEscapeString(rda->config()->stationName())+"'";
  q=new RDSqlQuery(sql);
  while(q->next()) {
    ripcd_gpo_macro[q->value(0).toInt()][q->value(1).toInt()-1][0]=