maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

use prepared statements for global-search

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2022-03-09 14:10:44 +01:00
parent 1a40c9ba17
commit f236896764
2 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/Froxlor/Ajax/Ajax.php
View File

@@ -417,10 +417,13 @@ class Ajax
private function searchStringSql(array $searchfields, $searchtext)
{
$result = "(";
$result = ['sql' => [], 'values' => []];
$result['sql'] = "(";
foreach ($searchfields as $sf) {
$result .= $sf . " LIKE " . \Froxlor\Database\Database::quote('%' . $searchtext . '%') . " OR ";
$result['sql'] .= $sf . " LIKE :searchtext OR ";
}
return substr($result, 0, -3) . ")";
$result['sql'] = substr($result['sql'], 0, -3) . ")";
$result['values'] = ['searchtext' => '%' . $searchtext . '%'];
return $result;
}
}