In the sqldiff program, make sure the first argument to the db_prepare()
utility function is always a valid format string.
FossilOrigin-Name: 8bb8d886ffa948cd7bc66c8c62da76bce233be2e
diff --git a/tool/sqldiff.c b/tool/sqldiff.c
index 4a5389c..dbdf726 100644
--- a/tool/sqldiff.c
+++ b/tool/sqldiff.c
@@ -684,7 +684,7 @@
/* Run the query and output differences */
if( !g.bSchemaOnly ){
- pStmt = db_prepare(sql.z);
+ pStmt = db_prepare("%s", sql.z);
while( SQLITE_ROW==sqlite3_step(pStmt) ){
int iType = sqlite3_column_int(pStmt, nPk);
if( iType==1 || iType==2 ){
@@ -1461,7 +1461,7 @@
}
/* Run the query and output difference summary */
- pStmt = db_prepare(sql.z);
+ pStmt = db_prepare("%s", sql.z);
nUpdate = 0;
nInsert = 0;
nDelete = 0;
@@ -2018,7 +2018,7 @@
xDiff(zTab, out);
}else{
/* Handle tables one by one */
- pStmt = db_prepare( all_tables_sql() );
+ pStmt = db_prepare("%s", all_tables_sql() );
while( SQLITE_ROW==sqlite3_step(pStmt) ){
xDiff((const char*)sqlite3_column_text(pStmt,0), out);
}