Autres/Rivendellaudio
1
0
Fork 0
mirror of https://github.com/ElvishArtisan/rivendell.git synced 2025-08-03 17:39:27 +02:00
Code Issues Projects Releases Wiki Activity

2021-04-23 Fred Gleason <fredg@paravelsystems.com>

Browse Source 
* Escaped all SQL identifiers in 'utils/rdexport/'.
	* Replaced " with ' delimiters in all SQL literal strings in
	'utils/rdexport/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason 2021-04-23 12:21:35 -04:00
parent 9888b277ed
commit cd898bd868
2 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -21567,3 +21567,7 @@
* Escaped all SQL identifiers in 'utils/rddgimport/'. * Escaped all SQL identifiers in 'utils/rddgimport/'.
* Replaced " with ' delimiters in all SQL literal strings in * Replaced " with ' delimiters in all SQL literal strings in
'utils/rddgimport/'. 'utils/rddgimport/'.
2021-04-23 Fred Gleason <fredg@paravelsystems.com>
* Escaped all SQL identifiers in 'utils/rdexport/'.
* Replaced " with ' delimiters in all SQL literal strings in
'utils/rdexport/'.

26
utils/rdexport/rdexport.cpp
View File

@ -327,10 +327,10 @@ void MainObject::ExportTitle(const QString &title)
QString sql; QString sql;
RDSqlQuery *q; RDSqlQuery *q;
sql=QString("select NUMBER from CART where ")+ sql=QString("select `NUMBER` from `CART` where ")+
"(TITLE=\""+RDEscapeString(title)+"\")&&"+ "(`TITLE`='"+RDEscapeString(title)+"')&&"+
QString().sprintf("(TYPE=%u) ",RDCart::Audio)+ QString().sprintf("(`TYPE`=%u) ",RDCart::Audio)+
"order by NUMBER"; "order by `NUMBER`";
q=new RDSqlQuery(sql); q=new RDSqlQuery(sql);
while(q->next()) { while(q->next()) {
ExportCart(q->value(0).toUInt()); ExportCart(q->value(0).toUInt());
@ -344,10 +344,10 @@ void MainObject::ExportGroup(const QString &groupname)
QString sql; QString sql;
RDSqlQuery *q; RDSqlQuery *q;
sql=QString("select NUMBER from CART where ")+ sql=QString("select `NUMBER` from `CART` where ")+
"(GROUP_NAME=\""+RDEscapeString(groupname)+"\")&&"+ "(`GROUP_NAME`='"+RDEscapeString(groupname)+"')&&"+
QString().sprintf("(TYPE=%u) ",RDCart::Audio)+ QString().sprintf("(`TYPE`=%u) ",RDCart::Audio)+
"order by NUMBER"; "order by `NUMBER`";
q=new RDSqlQuery(sql); q=new RDSqlQuery(sql);
while(q->next()) { while(q->next()) {
ExportCart(q->value(0).toUInt()); ExportCart(q->value(0).toUInt());
@ -361,9 +361,9 @@ void MainObject::ExportSchedCode(const QString &schedcode)
QString sql; QString sql;
RDSqlQuery *q; RDSqlQuery *q;
sql=QString("select CART_NUMBER from CART_SCHED_CODES where ")+ sql=QString("select `CART_NUMBER` from `CART_SCHED_CODES` where ")+
"SCHED_CODE=\""+RDEscapeString(schedcode)+"\" "+ "`SCHED_CODE`='"+RDEscapeString(schedcode)+"' "+
"order by CART_NUMBER"; "order by `CART_NUMBER`";
q=new RDSqlQuery(sql); q=new RDSqlQuery(sql);
while(q->next()) { while(q->next()) {
ExportCart(q->value(0).toUInt()); ExportCart(q->value(0).toUInt());
@ -379,8 +379,8 @@ void MainObject::ExportCart(unsigned cartnum)
RDSqlQuery *q; RDSqlQuery *q;
if(cart->exists()&&(cart->type()==RDCart::Audio)) { if(cart->exists()&&(cart->type()==RDCart::Audio)) {
sql=QString().sprintf("select CUT_NAME from CUTS where CART_NUMBER=%u", sql=QString("select `CUT_NAME` from `CUTS` where ")+
cartnum); QString().sprintf("`CART_NUMBER`=%u",cartnum);
q=new RDSqlQuery(sql); q=new RDSqlQuery(sql);
while(q->next()) { while(q->next()) {
RDCut *cut=new RDCut(q->value(0).toString()); RDCut *cut=new RDCut(q->value(0).toString());