From c7b44f6368e4679b802939ef1b36e4e5052a6b35 Mon Sep 17 00:00:00 2001
From: King_DuckZ <king_duckz@gmx.com>
Date: Tue, 5 Jan 2016 13:30:17 +0000
Subject: [PATCH] Use parametric queries.

---
 src/scan/dbbackend.cpp | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/src/scan/dbbackend.cpp b/src/scan/dbbackend.cpp
index 77e02f5..f12a94d 100644
--- a/src/scan/dbbackend.cpp
+++ b/src/scan/dbbackend.cpp
@@ -40,12 +40,10 @@ namespace din {
 
 		uint32_t group_id;
 		{
-			std::ostringstream oss;
-			oss << "SELECT path,level,group_id,is_directory,is_symlink,size FROM files WHERE hash='" <<
-				tiger_to_string(parHash, true) << "'" <<
-				" LIMIT 1;";
-
-			auto resultset = conn.query(oss.str());
+			auto resultset = conn.query(
+				"SELECT path,level,group_id,is_directory,is_symlink,size FROM files WHERE hash=$1 LIMIT 1;",
+				tiger_to_string(parHash, true)
+			);
 			if (resultset.empty()) {
 				return false;
 			}
@@ -61,10 +59,10 @@ namespace din {
 		}
 
 		{
-			std::ostringstream oss;
-			oss << "SELECT \"desc\",\"type\",\"disk_number\" FROM sets WHERE \"id\"=" << group_id << ';';
-
-			auto resultset = conn.query(oss.str());
+			auto resultset = conn.query(
+				"SELECT \"desc\",\"type\",\"disk_number\" FROM sets WHERE \"id\"=$1;",
+				group_id
+			);
 			if (resultset.empty()) {
 				std::ostringstream err_msg;
 				err_msg << "Missing set: found a record with group_id=" << group_id;