Autres/Rivendellaudio
1
0
Fork 0
mirror of https://github.com/ElvishArtisan/rivendell.git synced 2025-07-05 06:59:08 +02:00
Code Issues Projects Releases Wiki Activity

2021-04-23 Fred Gleason <fredg@paravelsystems.com>

Browse Source 
* Escaped all SQL identifiers in 'utils/rddgimport/'.
	* Replaced " with ' delimiters in all SQL literal strings in
	'utils/rddgimport/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason 2021-04-23 12:16:38 -04:00
parent 7f44ad5780
commit 9888b277ed
2 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -21563,3 +21563,7 @@
* Escaped all SQL identifiers in 'utils/rddbmgr/'. * Escaped all SQL identifiers in 'utils/rddbmgr/'.
* Replaced " with ' delimiters in all SQL literal strings in * Replaced " with ' delimiters in all SQL literal strings in
'utils/rddbmgr/'. 'utils/rddbmgr/'.
2021-04-23 Fred Gleason <fredg@paravelsystems.com>
* Escaped all SQL identifiers in 'utils/rddgimport/'.
* Replaced " with ' delimiters in all SQL literal strings in
'utils/rddgimport/'.

24
utils/rddgimport/rddgimport.cpp
View File

@ -403,7 +403,6 @@ bool MainWidget::CheckSpot(const QString &isci)
{ {
QString sql; QString sql;
RDSqlQuery *q; RDSqlQuery *q;
RDSqlQuery *q1;
bool ret=false; bool ret=false;
QDate today=QDate::currentDate(); QDate today=QDate::currentDate();
QDate killdate=dg_date_edit->date().addDays(RDDGIMPORT_KILLDATE_OFFSET); QDate killdate=dg_date_edit->date().addDays(RDDGIMPORT_KILLDATE_OFFSET);
@ -414,22 +413,25 @@ bool MainWidget::CheckSpot(const QString &isci)
endDateTimeSQL = RDCheckDateTime(QDateTime(killdate,QTime(23,59,59)), endDateTimeSQL = RDCheckDateTime(QDateTime(killdate,QTime(23,59,59)),
"yyyy-MM-dd hh:mm:ss"); "yyyy-MM-dd hh:mm:ss");
sql=QString("select CUT_NAME,CUTS.START_DATETIME,CUTS.END_DATETIME ")+ sql=QString("select ")+
"from CART left join CUTS on CART.NUMBER=CUTS.CART_NUMBER "+ "`CUTS`.`CUT_NAME`,"+ // 00
"where (CART.GROUP_NAME=\""+RDEscapeString(dg_svc->autospotGroup())+"\")&&" "`CUTS`.`START_DATETIME`,"+ // 01
"(CUTS.ISCI=\""+RDEscapeString(isci)+"\")"; "`CUTS`.`END_DATETIME` "+ // 02
"from `CART` left join `CUTS` on "+
"`CART`.`NUMBER`=`CUTS`.`CART_NUMBER` "+
"where (`CART`.`GROUP_NAME`='"+RDEscapeString(dg_svc->autospotGroup())+"')&&"
"(`CUTS`.`ISCI`='"+RDEscapeString(isci)+"')";
q=new RDSqlQuery(sql); q=new RDSqlQuery(sql);
while(q->next()) { while(q->next()) {
dg_carts[isci]=RDCut::cartNumber(q->value(0).toString()); dg_carts[isci]=RDCut::cartNumber(q->value(0).toString());
if(q->value(2).isNull()||(q->value(2).toDateTime().date()<killdate)) { if(q->value(2).isNull()||(q->value(2).toDateTime().date()<killdate)) {
sql="update CUTS set "; sql="update `CUTS` set ";
if(q->value(1).isNull()) { if(q->value(1).isNull()) {
sql+="START_DATETIME=\""+today.toString("yyyy-MM-dd")+" 00:00:00\","; sql+="`START_DATETIME`='"+today.toString("yyyy-MM-dd")+" 00:00:00',";
} }
sql+="END_DATETIME="+endDateTimeSQL+" "; sql+="`END_DATETIME`="+endDateTimeSQL+" ";
sql+="where CUT_NAME=\""+q->value(0).toString()+"\""; sql+="where `CUT_NAME`='"+q->value(0).toString()+"'";
q1=new RDSqlQuery(sql); RDSqlQuery::apply(sql);
delete q1;
} }
ret=true; ret=true;
} }