2021-04-20 Fred Gleason <fredg@paravelsystems.com>

* Escaped all SQL identifiers in 'utils/rddbconfig/'. * Replaced " with ' delimiters in all SQL literal strings in 'utils/rddbconfig/'. Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
2025-07-04 06:29:08 +02:00 · 2021-04-20 11:44:46 -04:00 · 2021-04-20 11:44:46 -04:00 · c2fcc23cfd
commit c2fcc23cfd
parent cf29c18364
3 changed files with 21 additions and 5 deletions
--- a/4
+++ b/4
@ -21555,3 +21555,7 @@
 	* Escaped all SQL identifiers in 'utils/rdclilogedit/'.
 	* Replaced " with ' delimiters in all SQL literal strings in
 	'utils/rdclilogedit/'.
+2021-04-20 Fred Gleason <fredg@paravelsystems.com>
+	* Escaped all SQL identifiers in 'utils/rddbconfig/'.
+	* Replaced " with ' delimiters in all SQL literal strings in
+	'utils/rddbconfig/'.
--- a/utils/rddbconfig/createdb.cpp
+++ b/utils/rddbconfig/createdb.cpp
@ -94,7 +94,7 @@ bool CreateDb::create(QWidget *parent,QString *err_str,RDConfig *rd_config)
  q=new QSqlQuery(sql,db);
  delete q;

-  sql=QString().sprintf("create user '%s'@'%%' identified by \"%s\"",
+  sql=QString().sprintf("create user '%s'@'%%' identified by '%s'",
 			rd_config->mysqlUsername().toUtf8().constData(),
 			rd_config->mysqlPassword().toUtf8().constData());
  q=new QSqlQuery(sql,db);
@ -105,7 +105,7 @@ bool CreateDb::create(QWidget *parent,QString *err_str,RDConfig *rd_config)
  }
  delete q;

-  sql=QString().sprintf("create user '%s'@'localhost' identified by \"%s\"",
+  sql=QString().sprintf("create user '%s'@'localhost' identified by '%s'",
 			rd_config->mysqlUsername().toUtf8().constData(),
 			rd_config->mysqlPassword().toUtf8().constData());
  q=new QSqlQuery(sql,db);
@ -116,10 +116,22 @@ bool CreateDb::create(QWidget *parent,QString *err_str,RDConfig *rd_config)
  }
  delete q;

-  sql=QString().sprintf("grant SELECT, INSERT, UPDATE, DELETE, CREATE, DROP,\
-    INDEX, ALTER, LOCK TABLES on %s.* to %s", 
+  sql=QString("grant ")+
+    "SELECT,"+
+    "INSERT,"+
+    "UPDATE,"+
+    "DELETE,"+
+    "CREATE,"+
+    "DROP,"+
+    "INDEX,"+
+    "ALTER,"+
+    "LOCK TABLES "+
+    "on `"+db_name+"` to `"+rd_config->mysqlUsername()+"`";
+/*
+    "on %s.* to %s", 
 			db_name.toUtf8().constData(),
 			rd_config->mysqlUsername().toUtf8().constData());
+*/
  q=new QSqlQuery(sql,db);
  if (!q->isActive()) {
    *err_str+=QString().sprintf("Could not set permissions: %s",
--- a/utils/rddbconfig/db.cpp
+++ b/utils/rddbconfig/db.cpp
@ -45,7 +45,7 @@ Db::Db(QString *err_str,RDConfig *config)
    return;
  }

-  q=new QSqlQuery("select DB from VERSION",db);
+  q=new QSqlQuery("select `DB` from `VERSION`",db);
  if(q->first()) {
    db_schema=q->value(0).toUInt();
  }