diff --git a/src/files.c b/src/files.c
index 5fa538c..bc9491e 100644
--- a/src/files.c
+++ b/src/files.c
@@ -1229,29 +1229,29 @@ void file_search() {
 		searchterms[i] = str3dup("%%", searchterms[i], "%%");
 	}
 	if (stype == 0) {
-		snprintf(sqlbuffer, 1024, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
+		snprintf(sqlbuffer, sizeof sqlbuffer, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
 		for (i = 1; i < searchterm_count; i++) {
-			strncat(sqlbuffer, " OR filename LIKE ?", 1024);
+			strlcat(sqlbuffer, " OR filename LIKE ?", sizeof sqlbuffer);
 		}
-		strncat(sqlbuffer, ")", 1024);
+		strlcat(sqlbuffer, ")", sizeof sqlbuffer);
 	}
 	if (stype == 1) {
-		snprintf(sqlbuffer, 1024, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (description LIKE ?");
+		snprintf(sqlbuffer, sizeof sqlbuffer, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (description LIKE ?");
 		for (i = 1; i < searchterm_count; i++) {
-			strncat(sqlbuffer, " OR description LIKE ?", 1024);
+			strlcat(sqlbuffer, " OR description LIKE ?", sizeof sqlbuffer);
 		}
-		strncat(sqlbuffer, ")", 1024);
+		strlcat(sqlbuffer, ")", sizeof sqlbuffer);
 	}
 	if (stype == 2) {
-		snprintf(sqlbuffer, 1024, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
+		snprintf(sqlbuffer, sizeof sqlbuffer, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
 		for (i = 1; i < searchterm_count; i++) {
-			strncat(sqlbuffer, " OR filename LIKE ?", 1024);
+			strlcat(sqlbuffer, " OR filename LIKE ?", sizeof sqlbuffer);
 		}
-		strncat(sqlbuffer, " OR description LIKE ?", 1024);
+		strlcat(sqlbuffer, " OR description LIKE ?", sizeof sqlbuffer);
 		for (i = 1; i < searchterm_count; i++) {
-			strncat(sqlbuffer, " OR description LIKE ?", 1024);
+			strlcat(sqlbuffer, " OR description LIKE ?", sizeof sqlbuffer);
 		}
-		strncat(sqlbuffer, ")", 1024);
+		strlcat(sqlbuffer, ")", sizeof sqlbuffer);
 	}
 
 	if (!all) {