--- mqtt/src/accmqtt.c	2012/05/05 14:51:01	1.2.2.4
+++ mqtt/src/accmqtt.c	2012/06/26 08:05:58	1.2.2.6
@@ -24,7 +24,20 @@ mqtt_rtlm_log(const char *fmt, ...)
 					__func__, __LINE__, \
 					sqlite3_errcode((_sql)), sqlite3_errmsg((_sql))))
 
+/* library pre-loaded actions */
+void
+_init()
+{
+	sqlite3_initialize();
+}
 
+void
+_fini()
+{
+	sqlite3_shutdown();
+}
+
+
 /*
  * mqtt_rtlm_open() Open database connection
  *
@@ -88,7 +101,7 @@ mqtt_rtlm_login(cfg_root_t *cfg, sqlite3 *sql, const c
 	/* insert into Users values (NULL, "", "", 1, strftime('%s','now')); */
 	int ret = 0;
 	sqlite3_stmt *stmt;
-	char *str, szStmt[BUFSIZ] = { 0 };
+	char *str, *psStmt;
 
 	if (!sql)
 		return -1;
@@ -98,13 +111,15 @@ mqtt_rtlm_login(cfg_root_t *cfg, sqlite3 *sql, const c
 		mqtt_rtlm_log("Error:: not found users table name");
 		return -1;
 	}
-	snprintf(szStmt, sizeof szStmt, "SELECT DISTINCT Username, Password, Access FROM %s "
-			"WHERE Username = '%s' AND Password = '%s' AND Access > 0;", str, user, pass);
+	psStmt = sqlite3_mprintf("SELECT DISTINCT Username, Password, Access FROM %s "
+			"WHERE Username = '%q' AND Password = '%q' AND Access > 0;", str, user, pass);
 
-	if (sqlite3_prepare_v2(sql, szStmt, strlen(szStmt), &stmt, NULL)) {
+	if (sqlite3_prepare_v2(sql, psStmt, strlen(psStmt), &stmt, NULL)) {
 		MQTT_RTLM_LOG(sql);
+		sqlite3_free(psStmt);
 		return -1;
-	}
+	} else
+		sqlite3_free(psStmt);
 	while (sqlite3_step(stmt) == SQLITE_ROW) {
 		if (sqlite3_data_count(stmt) < 1)
 			ret = 0;