mirrors/zathura
1
0
Fork 0
mirror of https://git.pwmt.org/pwmt/zathura.git synced 2024-11-13 08:13:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use sqlite3_mprintf for proper escaping

Browse Source 
Not that is really needed here since every argument is controlled by us. But
rather safe than sorry.

Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
This commit is contained in:
Sebastian Ramacher 2013-06-21 10:36:52 +02:00
parent 12aa509fc2
commit 3e5bfe3d59
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
database-sqlite.c
View File

@ -265,9 +265,14 @@ prepare_statement(sqlite3* session, const char* statement)
static bool static bool
check_column(sqlite3* session, const char* table, const char* col, bool* res) check_column(sqlite3* session, const char* table, const char* col, bool* res)
{ {
char* query = g_strdup_printf("PRAGMA table_info(%s);", table); /* we can't actually bind the argument with sqlite3_bind_text because
sqlite3_stmt* stmt = prepare_statement(session, query); * sqlite3_prepare_v2 fails with "PRAGMA table_info(?);" */
char* query = sqlite3_mprintf("PRAGMA table_info(%Q);", table);
if (query == NULL) {
return false;
}
sqlite3_stmt* stmt = prepare_statement(session, query);
if (stmt == NULL) { if (stmt == NULL) {
return false; return false;
} }
@ -286,7 +291,7 @@ check_column(sqlite3* session, const char* table, const char* col, bool* res)
} }
sqlite3_finalize(stmt); sqlite3_finalize(stmt);
g_free(query); sqlite3_free(query);
return true; return true;
} }