diff --git a/SqlInjection.ql b/SqlInjection.ql
index ec52b11..a038f9e 100644
--- a/SqlInjection.ql
+++ b/SqlInjection.ql
@@ -34,6 +34,11 @@ class SqliFlowConfig extends TaintTracking::Configuration {
     }
 }
 
-from SqliFlowConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink
-where conf.hasFlowPath(source, sink)
-select sink, source, sink, "Possible SQL injection"
+// from SqliFlowConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink
+// where conf.hasFlowPath(source, sink)
+// select sink, source, sink, "Possible SQL injection"
+
+// Extra taint step
+// snprintf(query, bufsize, "INSERT INTO users VALUES (%d, '%s')", id, info);
+from FunctionCall printf, DataFlow::Node into, DataFlow::Node out
+where printf.getTarget().getName() = "snprintf"
diff --git a/codeql-dataflow-sql-injection.code-workspace b/codeql-dataflow-sql-injection.code-workspace
index 362d7c2..6755577 100644
--- a/codeql-dataflow-sql-injection.code-workspace
+++ b/codeql-dataflow-sql-injection.code-workspace
@@ -2,6 +2,10 @@
 	"folders": [
 		{
 			"path": "."
+		},
+		{
+			"name": "[codeql-dataflow-sql-injection-d5b28fb source archive]",
+			"uri": "codeql-zip-archive://0-66/Users/hohn/local/db/codeql-dataflow-sql-injection-d5b28fb/src.zip/"
 		}
 	]
 }
\ No newline at end of file