use sqlite3_mprintf() fuction instead of sprintf

[platform/core/uifw/ise-engine-sunpinyin.git] / src / ime-core / userdict.cpp

diff --git a/src/ime-core/userdict.cpp b/src/ime-core/userdict.cpp
index 339846f..693d929 100644 (file)
--- a/src/ime-core/userdict.cpp
+++ b/src/ime-core/userdict.cpp
@@ -120,12 +120,10 @@ CUserDict::removeWord(unsigned wid)
 {
     assert(m_db != NULL);
     char    *zErr = NULL;
-    char sql[256] = "DELETE FROM dict WHERE id=";
-
     if (wid > INI_USRDEF_WID) {
-        sprintf(sql, "%s%d;", sql, (wid - INI_USRDEF_WID));
+        char *sql = sqlite3_mprintf("DELETE FROM dict WHERE id=%d;", (wid - INI_USRDEF_WID));
         sqlite3_exec(m_db, sql, NULL, NULL, &zErr);
-
+        sqlite3_free(sql);
         m_dict.erase(m_dict.find(wid - INI_USRDEF_WID));
     }
 }