#include "bacula.h"
-
#if HAVE_SQLITE3 || HAVE_MYSQL || HAVE_POSTGRESQL || HAVE_INGRES || HAVE_DBI
#include "cats.h"
{
SQL_ROW row;
int num_rows;
+ char esc[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
- Mmsg(mdb->cmd, "SELECT PoolId FROM Pool WHERE Name='%s'", pr->Name);
+ mdb->db_escape_string(jcr, esc, pr->Name, strlen(pr->Name));
+ Mmsg(mdb->cmd, "SELECT PoolId FROM Pool WHERE Name='%s'", esc);
Dmsg1(10, "selectpool: %s\n", mdb->cmd);
pr->PoolId = pr->NumVols = 0;