From 6fca1631af41aa46f1b30543676b59c553ac9e29 Mon Sep 17 00:00:00 2001
From: Dmitri Bogomolov <4glitch@gmail.com>
Date: Thu, 25 Jan 2018 23:22:15 +0200
Subject: [PATCH] Made use of helper_sql.sqlExecuteChunked() also in
 on_action_InboxMarkUnread

---
 src/bitmessageqt/__init__.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/bitmessageqt/__init__.py b/src/bitmessageqt/__init__.py
index b43f8163..98c6dace 100644
--- a/src/bitmessageqt/__init__.py
+++ b/src/bitmessageqt/__init__.py
@@ -2784,9 +2784,13 @@ class MyForm(settingsmixin.SMainWindow):
             tableWidget.item(currentRow, 1).setUnread(True)
             tableWidget.item(currentRow, 2).setUnread(True)
             tableWidget.item(currentRow, 3).setFont(font)
-        #sqlite requires the exact number of ?s to prevent injection
-        rowcount = sqlExecute('''UPDATE inbox SET read=0 WHERE msgid IN (%s) AND read=1''' % (
-            "?," * len(inventoryHashesToMarkUnread))[:-1], *inventoryHashesToMarkUnread)
+        # for 1081
+        idCount = len(inventoryHashesToMarkUnread)
+        rowcount = sqlExecuteChunked(
+            '''UPDATE inbox SET read=0 WHERE msgid IN ({0}) AND read=1''',
+            idCount, *inventoryHashesToMarkUnread
+        )
+
         if rowcount == 1:
             # performance optimisation
             self.propagateUnreadCount(tableWidget.item(currentRow, 1 if tableWidget.item(currentRow, 1).type == AccountMixin.SUBSCRIPTION else 0).data(Qt.UserRole), self.getCurrentFolder())