From: hj kim <backto.kim@samsung.com>
Date: Tue, 14 May 2019 07:02:41 +0000 (+0900)
Subject: Modify code not to send sqlite query directly
X-Git-Tag: submit/tizen/20190522.060956~9
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a24fca00315fd544a67db270205b7fcbcc049d38;p=platform%2Fcore%2Fapi%2Fmedia-controller.git

Modify code not to send sqlite query directly

Change-Id: Ic41ed178127b9ab0d63a4d3154ad399f49b2e04a
---

diff --git a/src/media_controller_db.c b/src/media_controller_db.c
index d6854bb..1c8702b 100644
--- a/src/media_controller_db.c
+++ b/src/media_controller_db.c
@@ -275,18 +275,17 @@ int mc_db_update_repeat_mode(const char *server_name, int repeat_mode)
 int mc_db_update_icon_uri(const char *server_name, const char *uri)
 {
 	int ret = MEDIA_CONTROLLER_ERROR_NONE;
-	char *_query = NULL;
 	char *sql_str = NULL;
 
 	mc_retvm_if(!server_name, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Invalid server_name");
 
-	_query = sqlite3_mprintf("UPDATE '%q' SET icon_uri=%Q;", server_name, uri);
-
-	sql_str = g_strdup_printf("%s%s%s", MC_DB_CMD_UPDATE_ICON, MC_STRING_DELIMITER, _query);
+	if (uri)
+		sql_str = g_strdup_printf("%s%s%s%s%s", MC_DB_CMD_UPDATE_ICON, MC_STRING_DELIMITER, server_name, MC_STRING_DELIMITER,  uri);
+	else
+		sql_str = g_strdup_printf("%s%s%s", MC_DB_CMD_UPDATE_ICON, MC_STRING_DELIMITER, server_name);
 
 	ret = __mc_db_update_db(MC_PRIV_TYPE_SERVER, sql_str);
 
-	SQLITE3_SAFE_FREE(_query);
 	MC_SAFE_FREE(sql_str);
 
 	return ret;
diff --git a/svc/media_controller_db_util.c b/svc/media_controller_db_util.c
index e329125..e1f4126 100644
--- a/svc/media_controller_db_util.c
+++ b/svc/media_controller_db_util.c
@@ -644,12 +644,15 @@ int mc_db_parse_and_update_db(uid_t uid, const char *data, int data_size)
 			ret = MEDIA_CONTROLLER_ERROR_INVALID_OPERATION;
 			goto ERROR;
 		}
+
 		sql_str = params[3];
 		is_query_from_client = TRUE;
 
 	} else if (strncmp(MC_DB_CMD_UPDATE_ICON, params[0], strlen(MC_DB_CMD_UPDATE_ICON)) == 0) {
-		sql_str = params[1];
-		is_query_from_client = TRUE;
+		if (params[2])
+			sql_str = sqlite3_mprintf("UPDATE '%q' SET icon_uri=%Q;", params[1], params[2]);
+		else
+			sql_str = sqlite3_mprintf("UPDATE '%q' SET icon_uri=NULL;", params[1]);
 
 	} else if (strncmp(MC_DB_CMD_UPDATE_ABILITY, params[0], strlen(MC_DB_CMD_UPDATE_ABILITY)) == 0) {
 		if (params[2] == NULL || params[3] == NULL) {