debian/midori
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Escape page uri and title when inserting into database

Browse source
This commit is contained in:
Christian Dywan 2008-12-06 14:35:54 +01:00
parent 6f4b895dfb
commit 3cbe78e5ee
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
midori/main.c
View file

@ -716,13 +716,13 @@ midori_history_add_item_cb (KatzeArray* array,
return; return;
} }
} }
sqlcmd = g_strdup_printf ("INSERT INTO history VALUES" sqlcmd = sqlite3_mprintf ("INSERT INTO history VALUES"
"('%s', '%s', %" G_GUINT64_FORMAT ", -1)", "('%q', '%q', %" G_GUINT64_FORMAT ", -1)",
katze_item_get_uri (item), katze_item_get_uri (item),
katze_item_get_name (item), katze_item_get_name (item),
katze_item_get_added (item)); katze_item_get_added (item));
success = db_exec (db, sqlcmd, &error); success = db_exec (db, sqlcmd, &error);
g_free (sqlcmd); sqlite3_free (sqlcmd);
if (!success) if (!success)
{ {
g_printerr (_("Failed to add history item: %s\n"), error->message); g_printerr (_("Failed to add history item: %s\n"), error->message);