[db] Properly quote name and extension for SQL access

commit: 019d0167b6bf3fb757a1974e108016e45e9b5aaa [log] [tgz]
author: Harald Welte <laforge@gnumonks.org> Sun Dec 26 19:12:30 2010 +0100
committer: Harald Welte <laforge@gnumonks.org> Sun Dec 26 19:20:15 2010 +0100
tree: 1474889aa5f8aa4085e6b9c1ca067f119dec4acc
parent: c728eeaf9b3fc71c9434e6ae3515d4ddc12e66d8 [diff] [blame]
diff --git a/openbsc/src/db.c b/openbsc/src/db.c
index fd5dd81..2051288 100644
--- a/openbsc/src/db.c
+++ b/openbsc/src/db.c

@@ -689,8 +689,13 @@
 {
 	dbi_result result;
 	char tmsi[14];
-	char *q_tmsi;
+	char *q_tmsi, *q_name, *q_extension;
 
+	dbi_conn_quote_string_copy(conn, 
+				   subscriber->name, &q_name);
+	dbi_conn_quote_string_copy(conn, 
+				   subscriber->extension, &q_extension);
+	
 	if (subscriber->tmsi != GSM_RESERVED_TMSI) {
 		sprintf(tmsi, "%u", subscriber->tmsi);
 		dbi_conn_quote_string_copy(conn,
@@ -708,14 +713,16 @@
 		"tmsi = %s, "
 		"lac = %i "
 		"WHERE imsi = %s ",
-		subscriber->name,
-		subscriber->extension,
+		q_name,
+		q_extension,
 		subscriber->authorized,
 		q_tmsi,
 		subscriber->lac,
 		subscriber->imsi);
 
 	free(q_tmsi);
+	free(q_name);
+	free(q_extension);
 
 	if (!result) {
 		LOGP(DDB, LOGL_ERROR, "Failed to update Subscriber (by IMSI).\n");
commit	019d0167b6bf3fb757a1974e108016e45e9b5aaa	[log] [tgz]
author	Harald Welte <laforge@gnumonks.org>	Sun Dec 26 19:12:30 2010 +0100
committer	Harald Welte <laforge@gnumonks.org>	Sun Dec 26 19:20:15 2010 +0100
tree	1474889aa5f8aa4085e6b9c1ca067f119dec4acc
parent	c728eeaf9b3fc71c9434e6ae3515d4ddc12e66d8 [diff] [blame]