new wrapper for LIKE expressions to streamline the fixes. We actually need to adjust them for different DBMS as well as SQLite2 not supporting escaping characters in LIKE statements (which is a reason why we think about dropping sqlite support completely).

git-svn-id: file:///svn/phpbb/trunk@7788 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-07-30 21:40:43 +02:00 · 2007-06-23 12:16:20 +00:00
parent 1e2db705ca
commit 318418b0f2
18 changed files with 97 additions and 82 deletions
--- a/phpBB/search.php
+++ b/phpBB/search.php
@@ -100,10 +100,11 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 			trigger_error(sprintf($user->lang['TOO_FEW_AUTHOR_CHARS'], $config['min_search_author_chars']));
 		}

-		$sql_where = (strpos($author, '*') !== false) ? ' LIKE ' : ' = ';
+		$sql_where = (strpos($author, '*') !== false) ? ' username_clean ' . $db->sql_like_expression(str_replace('*', '%', utf8_clean_string($author))) : " username_clean = '" . $db->sql_escape(utf8_clean_string($author)) . "'";
+
 		$sql = 'SELECT user_id
 			FROM ' . USERS_TABLE . "
-			WHERE username_clean $sql_where '" . $db->sql_escape(preg_replace('#\*+#', '%', utf8_clean_string($author))) . "'
+			WHERE $sql_where
 				AND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')';
 		$result = $db->sql_query_limit($sql, 100);