From 9fa4033b2a076e7f4e41fd281beea7eabec1d94f Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <tomahawk@jefferai.org>
Date: Thu, 13 Oct 2011 10:35:05 -0400
Subject: [PATCH] OK, actually properly escape

---
 src/libtomahawk/database/databasecommand_deletefiles.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/libtomahawk/database/databasecommand_deletefiles.cpp b/src/libtomahawk/database/databasecommand_deletefiles.cpp
index 5af63d8ca..7172309e3 100644
--- a/src/libtomahawk/database/databasecommand_deletefiles.cpp
+++ b/src/libtomahawk/database/databasecommand_deletefiles.cpp
@@ -29,6 +29,7 @@
 #include "databaseimpl.h"
 #include "network/servent.h"
 #include "utils/logger.h"
+#include "utils/tomahawkutils.h"
 
 using namespace Tomahawk;
 
@@ -73,7 +74,7 @@ DatabaseCommand_DeleteFiles::exec( DatabaseImpl* dbi )
             tDebug() << "Deleting" << m_dir.path() << "from db for localsource" << srcid;
             TomahawkSqlQuery dirquery = dbi->newquery();
             QString path( "file://" + m_dir.canonicalPath() + "/%" );
-            dirquery.prepare( QString( "SELECT id, url FROM file WHERE source IS NULL AND url LIKE \"%1\"" ).arg( path ) );
+            dirquery.prepare( QString( "SELECT id, url FROM file WHERE source IS NULL AND url LIKE \"%1\"" ).arg( TomahawkUtils::sqlEscape( path ) ) );
             dirquery.exec();
 
             while ( dirquery.next() )