From 2c620ba4404dcefc1d4db9e7d5b31de5a62842fe Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <tomahawk@jefferai.org>
Date: Thu, 13 Oct 2011 10:30:56 -0400
Subject: [PATCH] Properly escape strings in sql command

---
 src/libtomahawk/database/databasecommand_deletefiles.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libtomahawk/database/databasecommand_deletefiles.cpp b/src/libtomahawk/database/databasecommand_deletefiles.cpp
index d6ba1c7ad..5af63d8ca 100644
--- a/src/libtomahawk/database/databasecommand_deletefiles.cpp
+++ b/src/libtomahawk/database/databasecommand_deletefiles.cpp
@@ -73,7 +73,7 @@ DatabaseCommand_DeleteFiles::exec( DatabaseImpl* dbi )
             tDebug() << "Deleting" << m_dir.path() << "from db for localsource" << srcid;
             TomahawkSqlQuery dirquery = dbi->newquery();
             QString path( "file://" + m_dir.canonicalPath() + "/%" );
-            dirquery.prepare( QString( "SELECT id, url FROM file WHERE source IS NULL AND url LIKE %1" ).arg( path ) );
+            dirquery.prepare( QString( "SELECT id, url FROM file WHERE source IS NULL AND url LIKE \"%1\"" ).arg( path ) );
             dirquery.exec();
 
             while ( dirquery.next() )