Skip to content
Snippets Groups Projects
Verified Commit c941b153 authored by Xavier Robin's avatar Xavier Robin
Browse files

fix SQL injection

parent f36779d1
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
modules/conop/src/compound_lib.cc
+ 4
1
View file @ c941b153
...@@ -509,11 +509,14 @@ CompoundPtr CompoundLib::FindCompound(const String& id, ...@@ -509,11 +509,14 @@ CompoundPtr CompoundLib::FindCompound(const String& id,
} }
query+=" FROM chem_compounds" query+=" FROM chem_compounds"
" WHERE tlc='"+id+"' AND dialect='"+String(1, char(dialect))+"'"; " WHERE tlc=? AND dialect='"+String(1, char(dialect))+"'";
sqlite3_stmt* stmt; sqlite3_stmt* stmt;
int retval=sqlite3_prepare_v2(db_->ptr, query.c_str(), int retval=sqlite3_prepare_v2(db_->ptr, query.c_str(),
static_cast<int>(query.length()), static_cast<int>(query.length()),
&stmt, NULL); &stmt, NULL);
sqlite3_bind_text(stmt, 1, id.c_str(),
strlen(id.c_str()), NULL);
if (SQLITE_OK==retval) { if (SQLITE_OK==retval) {
int ret=sqlite3_step(stmt); int ret=sqlite3_step(stmt);
if (SQLITE_DONE==ret) { if (SQLITE_DONE==ret) {
... ...
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment