diff options
| author |   Meik Sievertsen <acydburn@phpbb.com> | 2007-06-24 12:49:13 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2007-06-24 12:49:13 +0000 |
| commit | 5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274 (patch) | |
| tree | 63f64d470a44ff71aa4ef83775e3e0727dd76e46 /phpBB/search.php | |
| parent | new wrapper for LIKE expressions to streamline the fixes. We actually need to... (diff) | |
| download | phpbb-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.tar.gz phpbb-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.tar.bz2 phpbb-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.zip | |
tweak the sql_like_expression feature a little bit to allow correct escaping
git-svn-id: file:///svn/phpbb/trunk@7789 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/search.php')
| -rw-r--r-- | phpBB/search.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/search.php b/phpBB/search.php index 5b8bdf5f20..cbc5b6732f 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -100,7 +100,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) trigger_error(sprintf($user->lang['TOO_FEW_AUTHOR_CHARS'], $config['min_search_author_chars'])); } - $sql_where = (strpos($author, '*') !== false) ? ' username_clean ' . $db->sql_like_expression(str_replace('*', '%', utf8_clean_string($author))) : " username_clean = '" . $db->sql_escape(utf8_clean_string($author)) . "'"; + $sql_where = (strpos($author, '*') !== false) ? ' username_clean ' . $db->sql_like_expression(str_replace('*', $db->any_char, utf8_clean_string($author))) : " username_clean = '" . $db->sql_escape(utf8_clean_string($author)) . "'"; $sql = 'SELECT user_id FROM ' . USERS_TABLE . " |