From bcd6f55376cb232903df90ee22a480085c123731 Mon Sep 17 00:00:00 2001
From: Neeraj Gupta <254676+ua741@users.noreply.github.com>
Date: Tue, 25 Mar 2025 12:27:26 +0530
Subject: [PATCH] Fix: Use parameterized query params

---
 mobile/lib/db/local/db.dart | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/mobile/lib/db/local/db.dart b/mobile/lib/db/local/db.dart
index 5ab012df22..3d3a661f91 100644
--- a/mobile/lib/db/local/db.dart
+++ b/mobile/lib/db/local/db.dart
@@ -145,7 +145,8 @@ class LocalDB with SqlDbBase {
     if (ids.isEmpty) return;
     final stopwatch = Stopwatch()..start();
     await _sqliteDB.execute(
-      'DELETE FROM assets WHERE id IN (${ids.join(',')})',
+      'DELETE FROM assets WHERE id IN (${List.filled(ids.length, "?").join(",")})',
+      ids.toList(),
     );
     debugPrint(
       '$runtimeType deleteEntries complete in ${stopwatch.elapsed.inMilliseconds}ms for ${ids.length} assets entries',
@@ -156,7 +157,8 @@ class LocalDB with SqlDbBase {
     if (pathIds.isEmpty) return;
     final stopwatch = Stopwatch()..start();
     await _sqliteDB.execute(
-      'DELETE FROM device_path WHERE path_id IN (${pathIds.join(',')})',
+      'DELETE FROM device_path WHERE path_id IN (${List.filled(pathIds.length, "?").join(",")})',
+      pathIds.toList(),
     );
     debugPrint(
       '$runtimeType deleteEntries complete in ${stopwatch.elapsed.inMilliseconds}ms for ${pathIds.length} path entries',