Index: res_config_pgsql.c =================================================================== --- res_config_pgsql.c (revision 18482) +++ res_config_pgsql.c (working copy) @@ -46,11 +46,12 @@ AST_MUTEX_DEFINE_STATIC(pgsql_lock); #define RES_CONFIG_PGSQL_CONF "res_pgsql.conf" PGconn* pgsqlConn = NULL; -static char dbhost[50]=""; -static char dbuser[50]=""; -static char dbpass[50]=""; -static char dbname[50]=""; -static char dbsock[50]=""; +#define MAX_DB_OPTION_SIZE 64 +static char dbhost[MAX_DB_OPTION_SIZE]=""; +static char dbuser[MAX_DB_OPTION_SIZE]=""; +static char dbpass[MAX_DB_OPTION_SIZE]=""; +static char dbname[MAX_DB_OPTION_SIZE]=""; +static char dbsock[MAX_DB_OPTION_SIZE]=""; static int dbport=5432; static time_t connect_time=0; @@ -99,9 +100,8 @@ /* Create the first part of the query using the first parameter/value pairs we just extracted If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */ + op = strchr(newparam, ' ')?"":" ="; - if(!strchr(newparam, ' ')) op = " ="; else op = ""; - snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s '%s'", table, newparam, op, newval); while((newparam = va_arg(ap, const char *))) { newval = va_arg(ap, const char *); @@ -159,8 +159,7 @@ } for(i = 0; i < numFields; i++) fieldnames[i]=PQfname(result,i); - for(rowIndex=0;rowIndex