static int _pkginfo_get_dependency(sqlite3 *db, const char *pkgid,
GList **dependencies)
{
- static const char query[] =
+ static const char query_raw[] =
"SELECT DISTINCT depends_on, type, required_version "
- "FROM package_dependency_info WHERE package=?";
+ "FROM package_dependency_info WHERE package=%Q";
int ret;
+ char *query;
sqlite3_stmt *stmt;
dependency_x *dependency;
+ query = sqlite3_mprintf(query_raw, pkgid);
+ if (query == NULL) {
+ LOGE("out of memory");
+ return PMINFO_R_ERROR;
+ }
+
ret = sqlite3_prepare_v2(db, query, strlen(query), &stmt, NULL);
+ sqlite3_free(query);
if (ret != SQLITE_OK) {
LOGE("prepare failed: %s", sqlite3_errmsg(db));
return PMINFO_R_ERROR;