diff --git a/ChangeLog b/ChangeLog index b6d1ff9d..ef0e7c44 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21523,3 +21523,7 @@ * Escaped all SQL identifiers in 'rdpadengined/'. * Replaced " with ' delimiters in all SQL literal strings in 'rdpadengined/'. +2021-04-20 Fred Gleason + * Escaped all SQL identifiers in 'rdrepld/'. + * Replaced " with ' delimiters in all SQL literal strings in + 'rdrepld/'. diff --git a/rdrepld/citadelxds.cpp b/rdrepld/citadelxds.cpp index b6b24438..1f8159a6 100644 --- a/rdrepld/citadelxds.cpp +++ b/rdrepld/citadelxds.cpp @@ -46,7 +46,7 @@ CitadelXds::CitadelXds(ReplConfig *repl_config) QString sql; RDSqlQuery *q; - sql="select LAST_ISCI_XREFERENCE from VERSION"; + sql="select `LAST_ISCI_XREFERENCE` from `VERSION`"; q=new RDSqlQuery(sql); if(q->first()) { xds_isci_datetime=q->value(0).toDateTime(); @@ -68,9 +68,9 @@ bool CitadelXds::processCart(const unsigned cartnum) RDSqlQuery *q; bool ret=false; - sql=QString().sprintf("select FILENAME from ISCI_XREFERENCE \ - where (CART_NUMBER=%u)&&(LATEST_DATE>=now())&&\ - ((TYPE=\"R\")||(TYPE=\"B\"))",cartnum); + sql=QString().sprintf("select `FILENAME` from `ISCI_XREFERENCE` \ + where (`CART_NUMBER`=%u)&&(`LATEST_DATE`>=now())&&\ + ((`TYPE`='R')||(`TYPE`='B'))",cartnum); q=new RDSqlQuery(sql); if(q->first()) { ret=PostCut(RDCut::cutName(cartnum,1),q->value(0).toString()); @@ -83,15 +83,13 @@ bool CitadelXds::processCart(const unsigned cartnum) void CitadelXds::CheckIsciXreference() { QString sql; - RDSqlQuery *q; QFileInfo *fi=new QFileInfo(rda->system()->isciXreferencePath()); if(fi->exists()) { if(fi->lastModified()>xds_isci_datetime) { if(LoadIsciXreference(rda->system()->isciXreferencePath())) { - sql="update VERSION set LAST_ISCI_XREFERENCE=now()"; - q=new RDSqlQuery(sql); - delete q; + sql="update `VERSION` set `LAST_ISCI_XREFERENCE`=now()"; + RDSqlQuery::apply(sql); xds_isci_datetime=QDateTime(QDate::currentDate(),QTime::currentTime()); PurgeCuts(); } @@ -129,7 +127,7 @@ bool CitadelXds::LoadIsciXreference(const QString &filename) // // Purge Old Data // - sql="delete from ISCI_XREFERENCE"; + sql="delete from `ISCI_XREFERENCE`"; q=new RDSqlQuery(sql); delete q; @@ -156,18 +154,17 @@ bool CitadelXds::LoadIsciXreference(const QString &filename) datelist[1].toInt()); if(ValidateFilename(fields[8])) { if(date.isValid()) { - sql=QString("insert into ISCI_XREFERENCE set ")+ - "CART_NUMBER="+QString().sprintf("%u",cartnum)+","+ - "ISCI=\""+RDEscapeString(fields[4])+"\","+ - "FILENAME=\""+RDEscapeString(fields[8])+"\","+ - "LATEST_DATE=\""+date.toString("yyyy/MM/dd")+"\","+ - "TYPE=\""+RDEscapeString(fields[0])+"\","+ - "ADVERTISER_NAME=\""+RDEscapeString(fields[1])+"\","+ - "PRODUCT_NAME=\""+RDEscapeString(fields[2])+"\","+ - "CREATIVE_TITLE=\""+RDEscapeString(fields[5])+"\","+ - "REGION_NAME=\""+RDEscapeString(fields[7])+"\""; - q=new RDSqlQuery(sql); - delete q; + sql=QString("insert into `ISCI_XREFERENCE` set ")+ + "`CART_NUMBER`="+QString().sprintf("%u",cartnum)+","+ + "`ISCI`='"+RDEscapeString(fields[4])+"',"+ + "`FILENAME`='"+RDEscapeString(fields[8])+"',"+ + "`LATEST_DATE`='"+date.toString("yyyy/MM/dd")+"',"+ + "`TYPE`='"+RDEscapeString(fields[0])+"',"+ + "`ADVERTISER_NAME`='"+RDEscapeString(fields[1])+"',"+ + "`PRODUCT_NAME`='"+RDEscapeString(fields[2])+"',"+ + "`CREATIVE_TITLE`='"+RDEscapeString(fields[5])+"',"+ + "`REGION_NAME`='"+RDEscapeString(fields[7])+"'"; + RDSqlQuery::apply(sql); } else { rda->syslog(LOG_WARNING,"invalid date in line %d of \"%s\"", @@ -254,49 +251,52 @@ void CitadelXds::CheckCarts() // // Generate Update List // - sql="select CART_NUMBER,FILENAME from ISCI_XREFERENCE \ - where (LATEST_DATE>=now())&&((TYPE=\"R\")||(TYPE=\"B\"))"; + sql=QString("select ")+ + "`CART_NUMBER`,"+ // 00 + "`FILENAME` "+ // 01 + "from `ISCI_XREFERENCE` where "+ + "(`LATEST_DATE`>=now())&&((`TYPE`='R')||(`TYPE`='B'))"; q=new RDSqlQuery(sql); while(q->next()) { - sql=QString("select REPL_CART_STATE.ID from ")+ - "REPL_CART_STATE left join CUTS "+ - "on REPL_CART_STATE.CART_NUMBER=CUTS.CART_NUMBER where "+ - "(CUTS.ORIGIN_DATETIMEname())+"\")&&"+ - QString().sprintf("(REPL_CART_STATE.CART_NUMBER=%u)&&",q->value(0).toUInt())+ - "(REPL_CART_STATE.POSTED_FILENAME=\""+ - RDEscapeString(q->value(1).toString())+"\")&&"+ - "(REPL_CART_STATE.ITEM_DATETIME>\""+RDEscapeString(now)+"\")&&"+ - "(REPL_CART_STATE.REPOST=\"N\")"; + sql=QString("select `REPL_CART_STATE`.`ID` from ")+ + "`REPL_CART_STATE` left join `CUTS` "+ + "on `REPL_CART_STATE`.`CART_NUMBER`=`CUTS`.`CART_NUMBER` where "+ + "(`CUTS`.`ORIGIN_DATETIME`<`REPL_CART_STATE`.`ITEM_DATETIME`)&&"+ + "(`REPL_CART_STATE`.`REPLICATOR_NAME`='"+ + RDEscapeString(config()->name())+"')&&"+ + QString().sprintf("(`REPL_CART_STATE`.`CART_NUMBER`=%u)&&", + q->value(0).toUInt())+ + "(`REPL_CART_STATE`.`POSTED_FILENAME`='"+ + RDEscapeString(q->value(1).toString())+"')&&"+ + "(`REPL_CART_STATE`.`ITEM_DATETIME`>'"+RDEscapeString(now)+"')&&"+ + "(`REPL_CART_STATE`.`REPOST`='N')"; q1=new RDSqlQuery(sql); if(!q1->first()) { if(PostCut(RDCut::cutName(q->value(0).toUInt(),1), q->value(1).toString())) { - sql=QString("select ID from REPL_CART_STATE where ")+ - "(REPLICATOR_NAME=\""+RDEscapeString(config()->name())+"\")&&"+ - QString().sprintf("(CART_NUMBER=%u)&&",q->value(0).toUInt())+ - "(POSTED_FILENAME=\""+RDEscapeString(q->value(1).toString())+"\")"; + sql=QString("select `ID` from `REPL_CART_STATE` where ")+ + "(`REPLICATOR_NAME`='"+RDEscapeString(config()->name())+"')&&"+ + QString().sprintf("(`CART_NUMBER`=%u)&&",q->value(0).toUInt())+ + "(`POSTED_FILENAME`='"+RDEscapeString(q->value(1).toString())+"')"; q2=new RDSqlQuery(sql); if(q2->first()) { - sql=QString("update REPL_CART_STATE set ")+ - "ITEM_DATETIME=now(),"+ - "REPOST=\"N\" where "+ - "(REPLICATOR_NAME=\""+RDEscapeString(config()->name())+"\")&&"+ - QString().sprintf("(CART_NUMBER=%u)&&",q->value(0).toUInt())+ - "(POSTED_FILENAME=\""+RDEscapeString(q->value(1).toString())+"\")"; + sql=QString("update `REPL_CART_STATE` set ")+ + "`ITEM_DATETIME`=now(),"+ + "`REPOST`='N' where "+ + "(`REPLICATOR_NAME`='"+RDEscapeString(config()->name())+"')&&"+ + QString().sprintf("(`CART_NUMBER`=%u)&&",q->value(0).toUInt())+ + "(`POSTED_FILENAME`='"+RDEscapeString(q->value(1).toString())+"')"; } else { - sql=QString("insert into REPL_CART_STATE set ")+ - "ITEM_DATETIME=now(),"+ - "REPOST=\"N\","+ - "REPLICATOR_NAME=\""+RDEscapeString(config()->name())+"\","+ - QString().sprintf("CART_NUMBER=%u,",q->value(0).toUInt())+ - "POSTED_FILENAME=\""+RDEscapeString(q->value(1).toString())+"\""; + sql=QString("insert into `REPL_CART_STATE` set ")+ + "`ITEM_DATETIME`=now(),"+ + "`REPOST`='N',"+ + "`REPLICATOR_NAME`='"+RDEscapeString(config()->name())+"',"+ + QString().sprintf("`CART_NUMBER`=%u,",q->value(0).toUInt())+ + "`POSTED_FILENAME`='"+RDEscapeString(q->value(1).toString())+"'"; } delete q2; - q2=new RDSqlQuery(sql); - delete q2; + RDSqlQuery::apply(sql); } } delete q1; @@ -401,14 +401,14 @@ void CitadelXds::PurgeCuts() RDDelete::ErrorCode conv_err; sql=QString("select ")+ - "ID,"+ // 00 - "POSTED_FILENAME "+ // 01 - "from REPL_CART_STATE where "+ - "REPLICATOR_NAME=\""+RDEscapeString(config()->name())+"\""; + "`ID`,"+ // 00 + "`POSTED_FILENAME` "+ // 01 + "from `REPL_CART_STATE` where "+ + "`REPLICATOR_NAME`='"+RDEscapeString(config()->name())+"'"; q=new RDSqlQuery(sql); while(q->next()) { - sql=QString("select ID from ISCI_XREFERENCE where ")+ - "FILENAME=\""+RDEscapeString(q->value(1).toString())+"\""; + sql=QString("select `ID` from `ISCI_XREFERENCE` where ")+ + "`FILENAME`='"+RDEscapeString(q->value(1).toString())+"'"; q1=new RDSqlQuery(sql); if(!q1->first()) { QString path=config()->url(); @@ -425,7 +425,7 @@ void CitadelXds::PurgeCuts() config()->urlPassword(),"",false, rda->config()->logXloadDebugData()))== RDDelete::ErrorOk) { - sql=QString().sprintf("delete from REPL_CART_STATE where ID=%d", + sql=QString().sprintf("delete from `REPL_CART_STATE` where `ID`=%d", q->value(0).toInt()); q2=new RDSqlQuery(sql); delete q2; diff --git a/rdrepld/rdrepld.cpp b/rdrepld/rdrepld.cpp index 0b1498c8..e5dc2644 100644 --- a/rdrepld/rdrepld.cpp +++ b/rdrepld/rdrepld.cpp @@ -96,10 +96,6 @@ MainObject::MainObject(QObject *parent) // repl_temp_dir=RDTempDirectory::basePath(); - // connect(RDDbStatus(), - // SIGNAL(logText(RDConfig::LogPriority,const QString &)), - // this,SLOT(log(RDConfig::LogPriority,const QString &))); - if(qApp->arguments().size()!=1) { debug=true; } @@ -138,7 +134,6 @@ void MainObject::ProcessCarts() QString sql; RDSqlQuery *q; RDSqlQuery *q1; - RDSqlQuery *q2; QString repl_name; QString where; bool stale; @@ -146,29 +141,29 @@ void MainObject::ProcessCarts() for(unsigned i=0;iconfig()->name(); - sql=QString("select GROUP_NAME from REPLICATOR_MAP where ")+ - "REPLICATOR_NAME=\""+RDEscapeString(repl_name)+"\""; + sql=QString("select `GROUP_NAME` from `REPLICATOR_MAP` where ")+ + "`REPLICATOR_NAME`='"+RDEscapeString(repl_name)+"'"; q=new RDSqlQuery(sql); while(q->next()) { - where+=QString("(GROUP_NAME=\"")+ - RDEscapeString(q->value(0).toString())+"\")||"; + where+=QString("(GROUP_NAME='")+ + RDEscapeString(q->value(0).toString())+"')||"; } delete q; where=where.left(where.length()-2); sql=QString("select ")+ - "NUMBER,"+ // 00 - "TYPE,"+ // 01 - "METADATA_DATETIME "+ // 02 - "from CART where "+ + "`NUMBER`,"+ // 00 + "`TYPE`,"+ // 01 + "`METADATA_DATETIME` "+ // 02 + "from `CART` where "+ where; q=new RDSqlQuery(sql); while(q->next()) { sql=QString("select ")+ - "ID,"+ // 00 - "ITEM_DATETIME "+ // 01 - "from REPL_CART_STATE where "+ - "(REPLICATOR_NAME=\""+RDEscapeString(repl_name)+"\")&&"+ - QString().sprintf("(CART_NUMBER=%u)",q->value(0).toUInt()); + "`ID`,"+ // 00 + "`ITEM_DATETIME` "+ // 01 + "from `REPL_CART_STATE` where "+ + "(`REPLICATOR_NAME`='"+RDEscapeString(repl_name)+"')&&"+ + QString().sprintf("(`CART_NUMBER`=%u)",q->value(0).toUInt()); q1=new RDSqlQuery(sql); if(q1->first()) { stale=q->value(2).toDateTime()>q1->value(1).toDateTime(); @@ -179,18 +174,17 @@ void MainObject::ProcessCarts() if(stale) { if(repl_replicators[i]->processCart(q->value(0).toUInt())) { if(q1->isValid()) { - sql=QString("update REPL_CART_STATE set ")+ - "ITEM_DATETIME=now() where "+ - QString().sprintf("ID=%u",q1->value(0).toUInt()); + sql=QString("update `REPL_CART_STATE` set ")+ + "`ITEM_DATETIME`=now() where "+ + QString().sprintf("`ID`=%u",q1->value(0).toUInt()); } else { - sql=QString("insert into REPL_CART_STATE set ")+ - "REPLICATOR_NAME=\""+RDEscapeString(repl_name)+"\","+ - QString().sprintf("CART_NUMBER=%u,",q->value(0).toUInt())+ - "ITEM_DATETIME=now()"; + sql=QString("insert into `REPL_CART_STATE` set ")+ + "`REPLICATOR_NAME`='"+RDEscapeString(repl_name)+"',"+ + QString().sprintf("`CART_NUMBER`=%u,",q->value(0).toUInt())+ + "`ITEM_DATETIME`=now()"; } - q2=new RDSqlQuery(sql); - delete q2; + RDSqlQuery::apply(sql); } } delete q1; @@ -207,20 +201,20 @@ void MainObject::LoadReplicators() ReplConfig *config; sql=QString("select ")+ - "NAME,"+ // 00 - "TYPE_ID,"+ // 01 - "FORMAT,"+ // 02 - "CHANNELS,"+ // 03 - "SAMPRATE,"+ // 04 - "BITRATE,"+ // 05 - "QUALITY,"+ // 06 - "URL,"+ // 07 - "URL_USERNAME,"+ // 08 - "URL_PASSWORD,"+ // 09 - "ENABLE_METADATA,"+ // 10 - "NORMALIZATION_LEVEL "+ // 11 - "from REPLICATORS where "+ - "STATION_NAME=\""+RDEscapeString(rda->config()->stationName())+"\""; + "`NAME`,"+ // 00 + "`TYPE_ID`,"+ // 01 + "`FORMAT`,"+ // 02 + "`CHANNELS`,"+ // 03 + "`SAMPRATE`,"+ // 04 + "`BITRATE`,"+ // 05 + "`QUALITY`,"+ // 06 + "`URL`,"+ // 07 + "`URL_USERNAME`,"+ // 08 + "`URL_PASSWORD`,"+ // 09 + "`ENABLE_METADATA`,"+ // 10 + "`NORMALIZATION_LEVEL` "+ // 11 + "from `REPLICATORS` where "+ + "`STATION_NAME`='"+RDEscapeString(rda->config()->stationName())+"'"; q=new RDSqlQuery(sql); while(q->next()) { config=new ReplConfig();