mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-10 18:54:08 +02:00
Code Issues Releases Wiki Activity

tweak the sql_like_expression feature a little bit to allow correct escaping

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@7789 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2007-06-24 12:49:13 +00:00
parent 318418b0f2
commit 5aa220bcd2
22 changed files with 96 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/search.php
View File

@@ -100,7 +100,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
trigger_error(sprintf($user->lang['TOO_FEW_AUTHOR_CHARS'], $config['min_search_author_chars']));
}
$sql_where = (strpos($author, '*') !== false) ? ' username_clean ' . $db->sql_like_expression(str_replace('*', '%', utf8_clean_string($author))) : " username_clean = '" . $db->sql_escape(utf8_clean_string($author)) . "'";
$sql_where = (strpos($author, '*') !== false) ? ' username_clean ' . $db->sql_like_expression(str_replace('*', $db->any_char, utf8_clean_string($author))) : " username_clean = '" . $db->sql_escape(utf8_clean_string($author)) . "'";
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . "