diff --git a/src/client/src/tscSQLParserImpl.c b/src/client/src/tscSQLParserImpl.c
index a0d2f09ae71952847cfe0b762be4336796bad573..f4c581148bfade00744f17ec8111267cf4d33c05 100644
--- a/src/client/src/tscSQLParserImpl.c
+++ b/src/client/src/tscSQLParserImpl.c
@@ -58,7 +58,7 @@ int32_t tSQLParse(SSqlInfo *pSQLInfo, const char *pStr) {
         goto abort_parse;
       }
       case TK_ILLEGAL: {
-        sprintf(pSQLInfo->pzErrMsg, "unrecognized token: \"%s\"", t0.z);
+        snprintf(pSQLInfo->pzErrMsg, tListLen(pSQLInfo->pzErrMsg), "unrecognized token: \"%s\"", t0.z);
         pSQLInfo->validSql = false;
         goto abort_parse;
       }
diff --git a/src/client/src/tscSql.c b/src/client/src/tscSql.c
index 35eab1c20bab780c2b18922bb314b6d01bcdcfff..967d01967e79948ea9f4420a8af258e42e698a48 100644
--- a/src/client/src/tscSql.c
+++ b/src/client/src/tscSql.c
@@ -631,7 +631,7 @@ char *taos_errstr(TAOS *taos) {
     code = pObj->pSql->res.code;
 
   if (code == TSDB_CODE_INVALID_SQL) {
-    sprintf(temp, "invalid SQL: %s", pObj->pSql->cmd.payload);
+    snprintf(temp, tListLen(temp), "invalid SQL: %s", pObj->pSql->cmd.payload);
     strcpy(pObj->pSql->cmd.payload, temp);
     return pObj->pSql->cmd.payload;
   } else {