cellular-infrastructure
/
osmo-bsc
mirror of https://gerrit.osmocom.org/osmo-bsc
9
0
Fork 0
Code Issues Releases Wiki Activity

[db] Properly quote name and extension for SQL access

This commit is contained in:
Harald Welte 2010-12-26 19:12:30 +01:00
parent c728eeaf9b
commit 019d0167b6
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
openbsc/src/db.c
View File

@ -689,8 +689,13 @@ int db_sync_subscriber(struct gsm_subscriber *subscriber)
{
dbi_result result;
char tmsi[14];
char *q_tmsi;
char *q_tmsi, *q_name, *q_extension;
dbi_conn_quote_string_copy(conn,
subscriber->name, &q_name);
dbi_conn_quote_string_copy(conn,
subscriber->extension, &q_extension);
if (subscriber->tmsi != GSM_RESERVED_TMSI) {
sprintf(tmsi, "%u", subscriber->tmsi);
dbi_conn_quote_string_copy(conn,
@ -708,14 +713,16 @@ int db_sync_subscriber(struct gsm_subscriber *subscriber)
"tmsi = %s, "
"lac = %i "
"WHERE imsi = %s ",
subscriber->name,
subscriber->extension,
q_name,
q_extension,
subscriber->authorized,
q_tmsi,
subscriber->lac,
subscriber->imsi);
free(q_tmsi);
free(q_name);
free(q_extension);
if (!result) {
LOGP(DDB, LOGL_ERROR, "Failed to update Subscriber (by IMSI).\n");