Module: appdb Branch: master Commit: e646626c4a6e6cceb445fa06379708565a0d8f7f URL: http://source.winehq.org/git/appdb.git/?a=commit;h=e646626c4a6e6cceb445fa063... Author: Alexander Nicolaysen Sørnes <alex(a)thehandofagony.com> Date: Wed Jun 18 00:19:28 2008 +0200 Escape input in searchForApplication() --- include/util.php | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/util.php b/include/util.php index 4009d1c..55af094 100644 --- a/include/util.php +++ b/include/util.php @@ -462,12 +462,12 @@ function searchForApplication($search_words) FROM appFamily WHERE appName != 'NONAME' AND appFamily.state = 'accepted' - AND (appName LIKE '%" . $search_words . "%' - OR keywords LIKE '%" . $search_words . "%'"; + AND (appName LIKE '%?%' + OR keywords LIKE '%?%'"; $sQuery.=" ) ORDER BY appName"; - $hResult = query_appdb($sQuery); + $hResult = query_parameters($sQuery, $search_words, $search_words); return $hResult; }