Autres/Rivendellaudio
1
0
Fork 0
mirror of https://github.com/ElvishArtisan/rivendell.git synced 2025-10-11 17:13:47 +02:00
Code Issues Projects Releases Wiki Activity

2021-04-20 Fred Gleason <fredg@paravelsystems.com>

Browse Source 
* Escaped all SQL identifiers in 'ripcd/'.
	* Replaced " with ' delimiters in all SQL literal strings in
	'ripcd/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason
2021-04-20 09:20:54 -04:00
parent efd3920bb5
commit 65b6c9e671
14 changed files with 279 additions and 298 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
ripcd/sasusi.cpp
View File

@@ -50,13 +50,13 @@ SasUsi::SasUsi(RDMatrix *matrix,QObject *parent)
// Load Switch Table
//
sql=QString("select ")+
"ENGINE_NUM,"+ // 00
"DEVICE_NUM,"+ // 01
"RELAY_NUM "+ // 02
"from VGUEST_RESOURCES where "+
"(STATION_NAME=\""+RDEscapeString(rda->config()->stationName())+"\")&&"+
QString().sprintf("(MATRIX_NUM=%d) ",matrix->matrix())+
"order by NUMBER";
"`ENGINE_NUM`,"+ // 00
"`DEVICE_NUM`,"+ // 01
"`RELAY_NUM` "+ // 02
"from `VGUEST_RESOURCES` where "+
"(`STATION_NAME`='"+RDEscapeString(rda->config()->stationName())+"')&&"+
QString().sprintf("(`MATRIX_NUM`=%d) ",matrix->matrix())+
"order by `NUMBER`";
q=new RDSqlQuery(sql);
while(q->next()) {
sas_console_numbers.push_back(q->value(0).toInt());
@@ -491,24 +491,24 @@ void SasUsi::DispatchCommand()
if(sscanf(sas_buffer+1,"%u",&input)!=1) {
return;
}
sql=QString("select NUMBER from INPUTS where ")+
"(STATION_NAME=\""+RDEscapeString(rda->station()->name())+"\")&&"+
QString().sprintf("(MATRIX=%d)&&",sas_matrix)+
QString().sprintf("(NUMBER=%d)",input);
sql=QString("select `NUMBER` from `INPUTS` where ")+
"(`STATION_NAME`='"+RDEscapeString(rda->station()->name())+"')&&"+
QString().sprintf("(`MATRIX`=%d)&&",sas_matrix)+
QString().sprintf("(`NUMBER`=%d)",input);
q=new RDSqlQuery(sql);
if(q->first()) {
sql=QString("update INPUTS set ")+
"NAME=\""+RDEscapeString(label)+"\" where "+
"(STATION_NAME=\""+RDEscapeString(rda->station()->name())+"\")&&"+
QString().sprintf("(MATRIX=%d)&&",sas_matrix)+
QString().sprintf("(NUMBER=%d)",input);
sql=QString("update `INPUTS` set ")+
"`NAME`='"+RDEscapeString(label)+"' where "+
"(`STATION_NAME`='"+RDEscapeString(rda->station()->name())+"')&&"+
QString().sprintf("(`MATRIX`=%d)&&",sas_matrix)+
QString().sprintf("(`NUMBER`=%d)",input);
}
else {
sql=QString("insert into INPUTS set ")+
"NAME=\""+RDEscapeString(label)+"\","+
"STATION_NAME=\""+RDEscapeString(rda->station()->name())+"\","+
QString().sprintf("MATRIX=%d,",sas_matrix)+
QString().sprintf("NUMBER=%d",input);
sql=QString("insert into `INPUTS` set ")+
"`NAME`='"+RDEscapeString(label)+"',"+
"`STATION_NAME`='"+RDEscapeString(rda->station()->name())+"',"+
QString().sprintf("`MATRIX`=%d,",sas_matrix)+
QString().sprintf("`NUMBER`=%d",input);
}
delete q;
q=new RDSqlQuery(sql);
@@ -524,24 +524,24 @@ void SasUsi::DispatchCommand()
if(sscanf(sas_buffer+1,"%u",&output)!=1) {
return;
}
sql=QString("select NUMBER from OUTPUTS where ")+
"(STATION_NAME=\""+RDEscapeString(rda->station()->name())+"\")&&"+
QString().sprintf("(MATRIX=%d)&&",sas_matrix)+
QString().sprintf("(NUMBER=%d)",output);
sql=QString("select `NUMBER` from `OUTPUTS` where ")+
"(`STATION_NAME`='"+RDEscapeString(rda->station()->name())+"')&&"+
QString().sprintf("(`MATRIX`=%d)&&",sas_matrix)+
QString().sprintf("(`NUMBER`=%d)",output);
q=new RDSqlQuery(sql);
if(q->first()) {
sql=QString("update OUTPUTS set ")+
"NAME=\""+RDEscapeString(label)+"\" where "+
"(STATION_NAME=\""+RDEscapeString(rda->station()->name())+"\")&&"+
QString().sprintf("(MATRIX=%d)&&",sas_matrix)+
QString().sprintf("(NUMBER=%d)",output);
sql=QString("update `OUTPUTS` set ")+
"`NAME`='"+RDEscapeString(label)+"' where "+
"(`STATION_NAME`='"+RDEscapeString(rda->station()->name())+"')&&"+
QString().sprintf("(`MATRIX`=%d)&&",sas_matrix)+
QString().sprintf("(`NUMBER`=%d)",output);
}
else {
sql=QString("insert into OUTPUTS set ")+
"NAME=\""+RDEscapeString(label)+"\","+
"STATION_NAME=\""+RDEscapeString(rda->station()->name())+"\","+
QString().sprintf("MATRIX=%d,",sas_matrix)+
QString().sprintf("NUMBER=%d",output);
sql=QString("insert into `OUTPUTS` set ")+
"`NAME`='"+RDEscapeString(label)+"',"+
"`STATION_NAME`='"+RDEscapeString(rda->station()->name())+"',"+
QString().sprintf("`MATRIX`=%d,",sas_matrix)+
QString().sprintf("`NUMBER`=%d",output);
}
delete q;
q=new RDSqlQuery(sql);