]> git.sur5r.net Git - bacula/bacula/blobdiff - bacula/src/cats/sql_delete.c
projects / bacula / bacula / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use db_escape_string() in all db_xxx functions
[bacula/bacula] / bacula / src / cats / sql_delete.c
diff --git a/bacula/src/cats/sql_delete.c b/bacula/src/cats/sql_delete.c
index 3683f667cfd6a1e3cbaa12c04009f13a0d8ed568..05376087a653b7dcf4aa05923c9147c38f7c2515 100644 (file)
--- a/bacula/src/cats/sql_delete.c
+++ b/bacula/src/cats/sql_delete.c
@@ -65,9 +65,11 @@ db_delete_pool_record(JCR *jcr, B_DB *mdb, POOL_DBR *pr)
 {
    SQL_ROW row;
    int num_rows;
+   char esc[MAX_ESCAPE_NAME_LENGTH];
 
    db_lock(mdb);
-   Mmsg(mdb->cmd, "SELECT PoolId FROM Pool WHERE Name='%s'", pr->Name);
+   mdb->db_escape_string(jcr, esc, pr->Name, strlen(pr->Name));
+   Mmsg(mdb->cmd, "SELECT PoolId FROM Pool WHERE Name='%s'", esc);
    Dmsg1(10, "selectpool: %s\n", mdb->cmd);
 
    pr->PoolId = pr->NumVols = 0;
Cloned from http://git.bacula.org/bacula