diff --git a/ChangeLog b/ChangeLog index f25b6525..b78fa6bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21503,3 +21503,7 @@ * Escaped all SQL identifiers in 'rdcatchd/'. * Replaced " with ' delimiters in all SQL literal strings in 'rdcatchd/'. +2021-04-19 Fred Gleason + * Escaped all SQL identifiers in 'rdlibrary/'. + * Replaced " with ' delimiters in all SQL literal strings in + 'rdlibrary/'. diff --git a/rdlibrary/audio_cart.cpp b/rdlibrary/audio_cart.cpp index b63a8ea2..542a5d12 100644 --- a/rdlibrary/audio_cart.cpp +++ b/rdlibrary/audio_cart.cpp @@ -312,8 +312,8 @@ void AudioCart::deleteCutData() // Check for RDCatch Events // for(int i=0;ifirst()) { if(QMessageBox::warning(this,tr("RDCatch Event Exists"), diff --git a/rdlibrary/edit_cart.cpp b/rdlibrary/edit_cart.cpp index 1cec15cb..f53b852f 100644 --- a/rdlibrary/edit_cart.cpp +++ b/rdlibrary/edit_cart.cpp @@ -749,9 +749,9 @@ void EditCart::okData() return; } if(!rda->system()->allowDuplicateCartTitles()) { - sql=QString("select NUMBER from CART where ")+ - "(TITLE=\""+RDEscapeString(rdcart_controls.title_edit->text())+"\") &&"+ - QString().sprintf("(NUMBER!=%u)",rdcart_cart->number()); + sql=QString("select `NUMBER` from `CART` where ")+ + "(`TITLE`='"+RDEscapeString(rdcart_controls.title_edit->text())+"') &&"+ + QString().sprintf("(`NUMBER`!=%u)",rdcart_cart->number()); q=new RDSqlQuery(sql); if(q->first()) { QMessageBox::warning(this,tr("Duplicate Title"), diff --git a/rdlibrary/edit_schedulercodes.cpp b/rdlibrary/edit_schedulercodes.cpp index 9246cb50..551691c1 100644 --- a/rdlibrary/edit_schedulercodes.cpp +++ b/rdlibrary/edit_schedulercodes.cpp @@ -106,7 +106,7 @@ EditSchedulerCodes::EditSchedulerCodes(QString *sched_codes, } } - sql=QString().sprintf("select CODE from SCHED_CODES"); + sql=QString().sprintf("select `CODE` from `SCHED_CODES`"); q=new RDSqlQuery(sql); while(q->next()) { if(codes_sel->destFindItem(q->value(0).toString())==0) { diff --git a/rdlibrary/list_reports.cpp b/rdlibrary/list_reports.cpp index 9b2d0c90..efb9a622 100644 --- a/rdlibrary/list_reports.cpp +++ b/rdlibrary/list_reports.cpp @@ -172,26 +172,21 @@ void ListReports::GenerateCartReport(QString *report) // // Generate Rows // - /* - if(list_type_filter.isEmpty()) { - return; - } - */ sql=QString("select ")+ - "CART.TYPE,"+ // 00 - "CART.NUMBER,"+ // 01 - "CART.GROUP_NAME,"+ // 02 - "CART.FORCED_LENGTH,"+ // 03 - "CART.TITLE,"+ // 04 - "CART.ARTIST,"+ // 05 - "CART.CUT_QUANTITY,"+ // 06 - "CART.USE_WEIGHTING,"+ // 07 - "CART.ENFORCE_LENGTH,"+ // 08 - "CART.LENGTH_DEVIATION,"+ // 09 - "CART.OWNER "+ // 10 - "from CART "+ - "left join GROUPS on CART.GROUP_NAME=GROUPS.NAME "+ - "left join CUTS on CART.NUMBER=CUTS.CART_NUMBER "; + "`CART`.`TYPE`,"+ // 00 + "`CART`.`NUMBER`,"+ // 01 + "`CART`.`GROUP_NAME`,"+ // 02 + "`CART`.`FORCED_LENGTH`,"+ // 03 + "`CART`.`TITLE`,"+ // 04 + "`CART`.`ARTIST`,"+ // 05 + "`CART`.`CUT_QUANTITY`,"+ // 06 + "`CART`.`USE_WEIGHTING`,"+ // 07 + "`CART`.`ENFORCE_LENGTH`,"+ // 08 + "`CART`.`LENGTH_DEVIATION`,"+ // 09 + "`CART`.`OWNER` "+ // 10 + "from `CART` "+ + "left join `GROUPS` on `CART`.`GROUP_NAME`=`GROUPS`.`NAME "+ + "left join `CUTS` on `CART`.`NUMBER`=`CUTS`.`CART_NUMBER` "; sql+=list_filter_sql; unsigned prev_cartnum=0; q=new RDSqlQuery(sql); @@ -318,30 +313,30 @@ void ListReports::GenerateCutReport(QString *report) // Generate Rows // sql=QString("select ")+ - "CART.NUMBER,"+ // 00 - "CUTS.CUT_NAME,"+ // 01 - "CART.USE_WEIGHTING,"+ // 02 - "CUTS.PLAY_ORDER,"+ // 03 - "CUTS.WEIGHT,"+ // 04 - "CART.TITLE,"+ // 05 - "CUTS.DESCRIPTION,"+ // 06 - "CUTS.LENGTH,"+ // 07 - "CUTS.LAST_PLAY_DATETIME,"+ // 08 - "CUTS.PLAY_COUNTER,"+ // 09 - "CUTS.START_DATETIME,"+ // 10 - "CUTS.END_DATETIME,"+ // 11 - "CUTS.SUN,"+ // 12 - "CUTS.MON,"+ // 13 - "CUTS.TUE,"+ // 14 - "CUTS.WED,"+ // 15 - "CUTS.THU,"+ // 16 - "CUTS.FRI,"+ // 17 - "CUTS.SAT,"+ // 18 - "CUTS.START_DAYPART,"+ // 19 - "CUTS.END_DAYPART "+ // 20 - "from CART "+ - "left join GROUPS on CART.GROUP_NAME=GROUPS.NAME "+ - "left join CUTS on CART.NUMBER=CUTS.CART_NUMBER "; + "`CART`.`NUMBER`,"+ // 00 + "`CUTS`.`CUT_NAME`,"+ // 01 + "`CART`.`USE_WEIGHTING`,"+ // 02 + "`CUTS`.`PLAY_ORDER`,"+ // 03 + "`CUTS`.`WEIGHT`,"+ // 04 + "`CART`.`TITLE`,"+ // 05 + "`CUTS`.`DESCRIPTION`,"+ // 06 + "`CUTS`.`LENGTH`,"+ // 07 + "`CUTS`.`LAST_PLAY_DATETIME`,"+ // 08 + "`CUTS`.`PLAY_COUNTER`,"+ // 09 + "`CUTS`.`START_DATETIME`,"+ // 10 + "`CUTS`.`END_DATETIME`,"+ // 11 + "`CUTS`.`SUN`,"+ // 12 + "`CUTS`.`MON`,"+ // 13 + "`CUTS`.`TUE`,"+ // 14 + "`CUTS`.`WED`,"+ // 15 + "`CUTS`.`THU`,"+ // 16 + "`CUTS`.`FRI`,"+ // 17 + "`CUTS`.`SAT`,"+ // 18 + "`CUTS`.`START_DAYPART`,"+ // 19 + "`CUTS`.`END_DAYPART` "+ // 20 + "from `CART` "+ + "left join `GROUPS` on `CART`.`GROUP_NAME`=`GROUPS`.`NAME` "+ + "left join `CUTS` on `CART`.`NUMBER`=`CUTS`.`CART_NUMBER` "; sql+=list_filter_sql; q=new RDSqlQuery(sql); while(q->next()) { @@ -511,40 +506,40 @@ void ListReports::GenerateCartDumpCsv(QString *report,bool prepend_names) // Generate Rows // sql=QString("select ")+ - "CART.NUMBER,"+ // 00 - "CART.TYPE,"+ // 01 - "CUTS.CUT_NAME,"+ // 02 - "CART.GROUP_NAME,"+ // 03 - "CART.TITLE,"+ // 04 - "CART.ARTIST,"+ // 05 - "CART.ALBUM,"+ // 06 - "CART.YEAR,"+ // 07 - "CUTS.ISRC,"+ // 08 - "CUTS.ISCI,"+ // 09 - "CART.LABEL,"+ // 10 - "CART.CLIENT,"+ // 11 - "CART.AGENCY,"+ // 12 - "CART.PUBLISHER,"+ // 13 - "CART.COMPOSER,"+ // 14 - "CART.CONDUCTOR,"+ // 15 - "CART.SONG_ID,"+ // 16 - "CART.USER_DEFINED,"+ // 17 - "CUTS.DESCRIPTION,"+ // 18 - "CUTS.OUTCUE,"+ // 19 - "CUTS.LENGTH,"+ // 20 - "CUTS.START_POINT,"+ // 21 - "CUTS.END_POINT,"+ // 22 - "CUTS.SEGUE_START_POINT,"+ // 23 - "CUTS.SEGUE_END_POINT,"+ // 24 - "CUTS.HOOK_START_POINT,"+ // 25 - "CUTS.HOOK_END_POINT,"+ // 26 - "CUTS.TALK_START_POINT,"+ // 27 - "CUTS.TALK_END_POINT,"+ // 28 - "CUTS.FADEUP_POINT,"+ // 29 - "CUTS.FADEDOWN_POINT "+ // 30 - "from CART "+ - "left join GROUPS on CART.GROUP_NAME=GROUPS.NAME "+ - "left join CUTS on CART.NUMBER=CUTS.CART_NUMBER "; + "`CART`.`NUMBER`,"+ // 00 + "`CART`.`TYPE`,"+ // 01 + "`CUTS`.`CUT_NAME`,"+ // 02 + "`CART`.`GROUP_NAME`,"+ // 03 + "`CART`.`TITLE`,"+ // 04 + "`CART`.`ARTIST`,"+ // 05 + "`CART`.`ALBUM`,"+ // 06 + "`CART`.`YEAR`,"+ // 07 + "`CUTS`.`ISRC`,"+ // 08 + "`CUTS`.`ISCI`,"+ // 09 + "`CART`.`LABEL`,"+ // 10 + "`CART`.`CLIENT`,"+ // 11 + "`CART`.`AGENCY`,"+ // 12 + "`CART`.`PUBLISHER`,"+ // 13 + "`CART`.`COMPOSER`,"+ // 14 + "`CART`.`CONDUCTOR`,"+ // 15 + "`CART`.`SONG_ID`,"+ // 16 + "`CART`.`USER_DEFINED`,"+ // 17 + "`CUTS`.`DESCRIPTION`,"+ // 18 + "`CUTS`.`OUTCUE`,"+ // 19 + "`CUTS`.`LENGTH`,"+ // 20 + "`CUTS`.`START_POINT`,"+ // 21 + "`CUTS`.`END_POINT`,"+ // 22 + "`CUTS`.`SEGUE_START_POINT`,"+ // 23 + "`CUTS`.`SEGUE_END_POINT`,"+ // 24 + "`CUTS`.`HOOK_START_POINT`,"+ // 25 + "`CUTS`.`HOOK_END_POINT`,"+ // 26 + "`CUTS`.`TALK_START_POINT`,"+ // 27 + "`CUTS`.`TALK_END_POINT`,"+ // 28 + "`CUTS`.`FADEUP_POINT`,"+ // 29 + "`CUTS`.`FADEDOWN_POINT` "+ // 30 + "from `CART` "+ + "left join `GROUPS` on `CART`.`GROUP_NAME`=`GROUPS`.`NAME "+ + "left join `CUTS` on `CART`.`NUMBER`=`CUTS`.`CART_NUMBER` "; sql+=list_filter_sql; q=new RDSqlQuery(sql); diff --git a/rdlibrary/notebubble.cpp b/rdlibrary/notebubble.cpp index 1b78c51b..6bfbd4a0 100644 --- a/rdlibrary/notebubble.cpp +++ b/rdlibrary/notebubble.cpp @@ -51,8 +51,8 @@ bool NoteBubble::setCartNumber(unsigned cartnum) note_show_timer->stop(); hide(); - QString sql=QString("select NOTES from CART where ")+ - QString().sprintf("NUMBER=%u",cartnum); + QString sql=QString("select `NOTES` from `CART` where ")+ + QString().sprintf("`NUMBER`=%u",cartnum); RDSqlQuery *q=new RDSqlQuery(sql); if(q->first()&&(!q->value(0).toString().trimmed().isEmpty())) { setText(q->value(0).toString()); diff --git a/rdlibrary/rdlibrary.cpp b/rdlibrary/rdlibrary.cpp index 8025c443..c8ac9c80 100644 --- a/rdlibrary/rdlibrary.cpp +++ b/rdlibrary/rdlibrary.cpp @@ -355,10 +355,10 @@ void MainWidget::addData() } delete add_cart; - sql=QString("insert into CART set ")+ - QString().sprintf("NUMBER=%u,TYPE=%d,",cart_num,cart_type)+ - "GROUP_NAME=\""+RDEscapeString(lib_default_group)+"\","+ - "TITLE=\""+RDEscapeString(cart_title)+"\""; + sql=QString("insert into `CART` set ")+ + QString().sprintf("`NUMBER`=%u,`TYPE`=%d,",cart_num,cart_type)+ + "`GROUP_NAME`='"+RDEscapeString(lib_default_group)+"',"+ + "`TITLE`='"+RDEscapeString(cart_title)+"'"; q=new RDSqlQuery(sql); delete q; @@ -458,10 +458,10 @@ void MainWidget::deleteData() for(int i=0;icartNumber(carts.at(i)); sql=QString("select ")+ - "CUT_NAME "+ // 00 - "from RECORDINGS where "+ - QString().sprintf("(CUT_NAME like \"%06u_%%\")||",cartnum)+ - QString().sprintf("(MACRO_CART=%u)",cartnum); + "`CUT_NAME` "+ // 00 + "from `RECORDINGS` where "+ + QString().sprintf("(`CUT_NAME` like '%06u_%%')||",cartnum)+ + QString().sprintf("(`MACRO_CART`=%u)",cartnum); q=new RDSqlQuery(sql); if(q->first()) { QString str=tr("Cart")+ @@ -691,10 +691,10 @@ void MainWidget::notificationReceivedData(RDNotification *notify) case RDNotification::AddAction: and_fields.push_back(QString().sprintf("CART.NUMBER=%u",cartnum)); sql=QString("select ")+ - "CART.NUMBER "+ // 00 - "from CART "+ - "left join GROUPS on CART.GROUP_NAME=GROUPS.NAME "+ - "left join CUTS on CART.NUMBER=CUTS.CART_NUMBER "+ + "`CART`.`NUMBER` "+ // 00 + "from `CART` "+ + "left join `GROUPS` on `CART`.`GROUP_NAME`=`GROUPS`.`NAME` "+ + "left join `CUTS` on `CART`.`NUMBER`=`CUTS`.`CART_NUMBER` "+ lib_cart_filter->filterSql(and_fields); q=new RDSqlQuery(sql); if(q->first()) { diff --git a/rdlibrary/validate_cut.cpp b/rdlibrary/validate_cut.cpp index e7dafefe..3093fbb3 100644 --- a/rdlibrary/validate_cut.cpp +++ b/rdlibrary/validate_cut.cpp @@ -2,7 +2,7 @@ // // Validate a Rivendell Audio Cut // -// (C) Copyright 2006-2018 Fred Gleason +// (C) Copyright 2006-2021 Fred Gleason // // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License version 2 as @@ -27,33 +27,33 @@ QString ValidateCutFields() QString sql; sql=QString("select ")+ - "PLAY_ORDER,"+ // 00 - "WEIGHT,"+ // 01 - "DESCRIPTION,"+ // 02 - "LENGTH,"+ // 03 - "LAST_PLAY_DATETIME,"+ // 04 - "PLAY_COUNTER,"+ // 05 - "ORIGIN_DATETIME,"+ // 06 - "ORIGIN_NAME,"+ // 07 - "ORIGIN_LOGIN_NAME,"+ // 08 - "SOURCE_HOSTNAME,"+ // 09 - "OUTCUE,"+ // 10 - "CUT_NAME,"+ // 11 - "LENGTH,"+ // 12 offsets begin here - "EVERGREEN,"+ // 13 - "START_DATETIME,"+ // 14 - "END_DATETIME,"+ // 15 - "START_DAYPART,"+ // 16 - "END_DAYPART,"+ // 17 - "MON,"+ // 18 - "TUE,"+ // 19 - "WED,"+ // 20 - "THU,"+ // 21 - "FRI,"+ // 22 - "SAT,"+ // 23 - "SUN,"+ // 24 - "SHA1_HASH "+ // 25 - "from CUTS"; + "`PLAY_ORDER`,"+ // 00 + "`WEIGHT`,"+ // 01 + "`DESCRIPTION`,"+ // 02 + "`LENGTH`,"+ // 03 + "`LAST_PLAY_DATETIME`,"+ // 04 + "`PLAY_COUNTER`,"+ // 05 + "`ORIGIN_DATETIME`,"+ // 06 + "`ORIGIN_NAME`,"+ // 07 + "`ORIGIN_LOGIN_NAME`,"+ // 08 + "`SOURCE_HOSTNAME`,"+ // 09 + "`OUTCUE`,"+ // 10 + "`CUT_NAME`,"+ // 11 + "`LENGTH`,"+ // 12 offsets begin here + "`EVERGREEN`,"+ // 13 + "`START_DATETIME`,"+ // 14 + "`END_DATETIME`,"+ // 15 + "`START_DAYPART`,"+ // 16 + "`END_DAYPART`,"+ // 17 + "`MON`,"+ // 18 + "`TUE`,"+ // 19 + "`WED`,"+ // 20 + "`THU`,"+ // 21 + "`FRI`,"+ // 22 + "`SAT`,"+ // 23 + "`SUN`,"+ // 24 + "`SHA1_HASH` "+ // 25 + "from `CUTS`"; return sql; }