From c53d4c985854263579b02a778aa3c81c209506a1 Mon Sep 17 00:00:00 2001
From: Fred Gleason <fredg@paravelsystems.com>
Date: Mon, 19 Apr 2021 18:47:49 -0400
Subject: [PATCH] 2021-04-19 Fred Gleason <fredg@paravelsystems.com> 	*
 Escaped all SQL identifiers in 'rdcartslots/'. 	* Replaced " with '
 delimiters in all SQL literal strings in 	'rdcartslots/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
---
 ChangeLog                   | 4 ++++
 rdcartslots/rdcartslots.cpp | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 10960ed2..786960fb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21487,3 +21487,7 @@
 	* Escaped all SQL identifiers in 'rdairplay/'.
 	* Replaced " with ' delimiters in all SQL literal strings in
 	'rdairplay/'.
+2021-04-19 Fred Gleason <fredg@paravelsystems.com>
+	* Escaped all SQL identifiers in 'rdcartslots/'.
+	* Replaced " with ' delimiters in all SQL literal strings in
+	'rdcartslots/'.
diff --git a/rdcartslots/rdcartslots.cpp b/rdcartslots/rdcartslots.cpp
index b8d67863..16903c81 100644
--- a/rdcartslots/rdcartslots.cpp
+++ b/rdcartslots/rdcartslots.cpp
@@ -141,8 +141,8 @@ void MainWidget::caeConnectedData(bool state)
 {
   QList<int> cards;
 
-  QString sql=QString("select CARD from CARTSLOTS where ")+
-    "STATION_NAME=\""+RDEscapeString(rda->config()->stationName())+"\"";
+  QString sql=QString("select `CARD` from `CARTSLOTS` where ")+
+    "`STATION_NAME`='"+RDEscapeString(rda->config()->stationName())+"'";
   RDSqlQuery *q=new RDSqlQuery(sql);
   while(q->next()) {
    cards.push_back(q->value(0).toInt());