From 5a082100c80af824bd5b8880b86e7d82e74b50be Mon Sep 17 00:00:00 2001
From: Christian Dywan <christian@twotoasts.de>
Date: Sun, 11 Jul 2010 23:49:13 +0200
Subject: [PATCH] Use sqlite3_mprintf to quote when inserting bookmark items

---
 panels/midori-bookmarks.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/panels/midori-bookmarks.c b/panels/midori-bookmarks.c
index 5450f0ba..d767bec6 100644
--- a/panels/midori-bookmarks.c
+++ b/panels/midori-bookmarks.c
@@ -232,12 +232,9 @@ midori_bookmarks_insert_item_db (sqlite3*     db,
     else
         parent = g_strdup ("");
 
-    /* Workaround a sqlite3_mprintf error with
-       handling of katze_item_get_meta_integer(). */
-    /* FIXME: Need proper single quote escaping. */
-    sqlcmd = g_strdup_printf (
+    sqlcmd = sqlite3_mprintf (
             "INSERT into bookmarks (uri, title, folder, toolbar, app) values"
-            " ('%s', '%s', '%s', %d, %d)",
+            " ('%q', '%q', '%q', %d, %d)",
             uri,
             katze_item_get_name (item),
             parent,
@@ -252,7 +249,7 @@ midori_bookmarks_insert_item_db (sqlite3*     db,
 
     g_free (uri);
     g_free (parent);
-    g_free (sqlcmd);
+    sqlite3_free (sqlcmd);
 }
 
 void