From 9888b277ed1b7ddddef78b94eae49556337bbcc4 Mon Sep 17 00:00:00 2001
From: Fred Gleason <fredg@paravelsystems.com>
Date: Fri, 23 Apr 2021 12:16:38 -0400
Subject: [PATCH] 2021-04-23 Fred Gleason <fredg@paravelsystems.com> 	*
 Escaped all SQL identifiers in 'utils/rddgimport/'. 	* Replaced " with '
 delimiters in all SQL literal strings in 	'utils/rddgimport/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
---
 ChangeLog                       |  4 ++++
 utils/rddgimport/rddgimport.cpp | 24 +++++++++++++-----------
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ab30225f..ec536ea9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21563,3 +21563,7 @@
 	* Escaped all SQL identifiers in 'utils/rddbmgr/'.
 	* Replaced " with ' delimiters in all SQL literal strings in
 	'utils/rddbmgr/'.
+2021-04-23 Fred Gleason <fredg@paravelsystems.com>
+	* Escaped all SQL identifiers in 'utils/rddgimport/'.
+	* Replaced " with ' delimiters in all SQL literal strings in
+	'utils/rddgimport/'.
diff --git a/utils/rddgimport/rddgimport.cpp b/utils/rddgimport/rddgimport.cpp
index f6f292ed..8d494a4b 100644
--- a/utils/rddgimport/rddgimport.cpp
+++ b/utils/rddgimport/rddgimport.cpp
@@ -403,7 +403,6 @@ bool MainWidget::CheckSpot(const QString &isci)
 {
   QString sql;
   RDSqlQuery *q;
-  RDSqlQuery *q1;
   bool ret=false;
   QDate today=QDate::currentDate();
   QDate killdate=dg_date_edit->date().addDays(RDDGIMPORT_KILLDATE_OFFSET);
@@ -414,22 +413,25 @@ bool MainWidget::CheckSpot(const QString &isci)
     endDateTimeSQL = RDCheckDateTime(QDateTime(killdate,QTime(23,59,59)),
                                     "yyyy-MM-dd hh:mm:ss");
 
-  sql=QString("select CUT_NAME,CUTS.START_DATETIME,CUTS.END_DATETIME ")+
-    "from CART left join CUTS on CART.NUMBER=CUTS.CART_NUMBER "+
-    "where (CART.GROUP_NAME=\""+RDEscapeString(dg_svc->autospotGroup())+"\")&&"
-    "(CUTS.ISCI=\""+RDEscapeString(isci)+"\")";
+  sql=QString("select ")+
+    "`CUTS`.`CUT_NAME`,"+        // 00
+    "`CUTS`.`START_DATETIME`,"+  // 01
+    "`CUTS`.`END_DATETIME` "+   // 02
+    "from `CART` left join `CUTS` on "+
+    "`CART`.`NUMBER`=`CUTS`.`CART_NUMBER` "+
+    "where (`CART`.`GROUP_NAME`='"+RDEscapeString(dg_svc->autospotGroup())+"')&&"
+    "(`CUTS`.`ISCI`='"+RDEscapeString(isci)+"')";
   q=new RDSqlQuery(sql);
   while(q->next()) {
     dg_carts[isci]=RDCut::cartNumber(q->value(0).toString());
     if(q->value(2).isNull()||(q->value(2).toDateTime().date()<killdate)) {
-      sql="update CUTS set ";
+      sql="update `CUTS` set ";
       if(q->value(1).isNull()) {
-	sql+="START_DATETIME=\""+today.toString("yyyy-MM-dd")+" 00:00:00\",";
+	sql+="`START_DATETIME`='"+today.toString("yyyy-MM-dd")+" 00:00:00',";
       }
-      sql+="END_DATETIME="+endDateTimeSQL+" ";
-      sql+="where CUT_NAME=\""+q->value(0).toString()+"\"";
-      q1=new RDSqlQuery(sql);
-      delete q1;
+      sql+="`END_DATETIME`="+endDateTimeSQL+" ";
+      sql+="where `CUT_NAME`='"+q->value(0).toString()+"'";
+      RDSqlQuery::apply(sql);
     }
     ret=true;
   }