Fix a vulnerable query from sql injection

[platform/core/appfw/pkgmgr-info.git] / src / pkgmgrinfo_appinfo.c

diff --git a/src/pkgmgrinfo_appinfo.c b/src/pkgmgrinfo_appinfo.c
index d1cc70d..1529a85 100644 (file)
--- a/src/pkgmgrinfo_appinfo.c
+++ b/src/pkgmgrinfo_appinfo.c
@@ -431,7 +431,7 @@ static int __get_appinfo_for_uid(sqlite3 *db, application_x *info, uid_t uid)
 {
        static const char query_raw[] =
                "SELECT is_splash_screen_enabled, is_disabled "
-               "FROM package_app_info_for_uid WHERE app_id='%s' AND uid='%d'";
+               "FROM package_app_info_for_uid WHERE app_id=%Q AND uid=%d";
        int ret;
        char *query;
        char *is_disabled = NULL;