X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=daklib%2Fdatabase.py;h=0be839b65cb5db0adbd0a8b2baf31878af0f1032;hb=3657c94c57960067451d2ab42b92dc6d5acfa656;hp=a52555682624ca8aac8fa693acac8f805eb797f4;hpb=ac248cc46170af4620aafd918cf3f7d593c4a9da;p=dak.git

diff --git a/daklib/database.py b/daklib/database.py
index a5255568..0be839b6 100755
--- a/daklib/database.py
+++ b/daklib/database.py
@@ -907,7 +907,7 @@ def add_new_comment(package, version, comment, author):
 
     projectB.query(""" INSERT INTO new_comments (package, version, comment, author)
                        VALUES ('%s', '%s', '%s', '%s')
-    """ % (package, version, comment, author) )
+    """ % (package, version, pg.escape_string(comment), pg.escape_string(author)))
 
     return