Fix a vulnerable query from sql injection

Change-Id: Iae26050885188d4335f0500d118363e9bb68a9c9
Signed-off-by: Sangyoon Jang <s89.jang@samsung.com>

diff --git a/src/pkgmgrinfo_appinfo.c b/src/pkgmgrinfo_appinfo.c
index d1cc70d..1529a85 100644 (file)
--- a/src/pkgmgrinfo_appinfo.c
+++ b/src/pkgmgrinfo_appinfo.c
@@ -431,7 +431,7 @@ static int __get_appinfo_for_uid(sqlite3 *db, application_x *info, uid_t uid)
 {
        static const char query_raw[] =
                "SELECT is_splash_screen_enabled, is_disabled "
-               "FROM package_app_info_for_uid WHERE app_id='%s' AND uid='%d'";
+               "FROM package_app_info_for_uid WHERE app_id=%Q AND uid=%d";
        int ret;
        char *query;
        char *is_disabled = NULL;