Properly quote the search term.

author Michael J. Rubinsky <mrubinsk@horde.org>

Thu, 18 Mar 2010 16:54:37 +0000 (12:54 -0400)

committer Michael J. Rubinsky <mrubinsk@horde.org>

Thu, 18 Mar 2010 16:56:16 +0000 (12:56 -0400)
author Michael J. Rubinsky <mrubinsk@horde.org>
Thu, 18 Mar 2010 16:54:37 +0000 (12:54 -0400)
committer Michael J. Rubinsky <mrubinsk@horde.org>
Thu, 18 Mar 2010 16:56:16 +0000 (12:56 -0400)
diff --git a/ansel/lib/Storage.php b/ansel/lib/Storage.php

index 901899f..4c791de 100644 (file)
--- a/ansel/lib/Storage.php
+++ b/ansel/lib/Storage.php
@@ -1162,7 +1162,8 @@ class Ansel_Storage
      {
          $sql = 'SELECT DISTINCT image_location, image_latitude, image_longitude FROM ansel_images WHERE LENGTH(image_location) > 0';
          if (strlen($search)) {
-            $sql .= ' AND image_location LIKE "' . $search . '%"';
+            $sql .= ' AND image_location LIKE "' . $GLOBALS['ansel_db']->quote("$search%");
+
          }
          Horde::logMessage(sprintf("SQL QUERY BY Ansel_Storage::searchLocations: %s", $sql), 'DEBUG');
          $results = $this->_db->query($sql);
author	Michael J. Rubinsky <mrubinsk@horde.org>
	Thu, 18 Mar 2010 16:54:37 +0000 (12:54 -0400)
committer	Michael J. Rubinsky <mrubinsk@horde.org>
	Thu, 18 Mar 2010 16:56:16 +0000 (12:56 -0400)