Escape page uri and title when inserting into database

author Christian Dywan <christian@twotoasts.de>

Sat, 6 Dec 2008 13:35:54 +0000 (14:35 +0100)

committer Christian Dywan <christian@twotoasts.de>

Sat, 6 Dec 2008 13:35:54 +0000 (14:35 +0100)
author Christian Dywan <christian@twotoasts.de>
Sat, 6 Dec 2008 13:35:54 +0000 (14:35 +0100)
committer Christian Dywan <christian@twotoasts.de>
Sat, 6 Dec 2008 13:35:54 +0000 (14:35 +0100)
diff --git a/midori/main.c b/midori/main.c

index 2bed84d58d5d17cdd2caa4597879383d97ec2cb7..2722f97d239cfe92922216f5114e559914f3db9d 100644 (file)
--- a/midori/main.c
+++ b/midori/main.c
@@ -716,13 +716,13 @@ midori_history_add_item_cb (KatzeArray* array,
              return;
          }
      }
-    sqlcmd = g_strdup_printf ("INSERT INTO history VALUES"
-                              "('%s', '%s', %" G_GUINT64_FORMAT ", -1)",
+    sqlcmd = sqlite3_mprintf ("INSERT INTO history VALUES"
+                              "('%q', '%q', %" G_GUINT64_FORMAT ", -1)",
                                katze_item_get_uri (item),
                                katze_item_get_name (item),
                                katze_item_get_added (item));
      success = db_exec (db, sqlcmd, &error);
-    g_free (sqlcmd);
+    sqlite3_free (sqlcmd);
      if (!success)
      {
          g_printerr (_("Failed to add history item: %s\n"), error->message);
author	Christian Dywan <christian@twotoasts.de>
	Sat, 6 Dec 2008 13:35:54 +0000 (14:35 +0100)
committer	Christian Dywan <christian@twotoasts.de>
	Sat, 6 Dec 2008 13:35:54 +0000 (14:35 +0100)