diff options
author | shadlaws <shad@shadlaws.com> | 2013-01-25 08:47:29 +0100 |
---|---|---|
committer | shadlaws <shad@shadlaws.com> | 2013-01-25 08:47:29 +0100 |
commit | 48bd19808c38a8de20cfece1adc1ffe226da3783 (patch) | |
tree | d8cdea6ffe7e3862ee38f90082a43e30a7ced0bb /modules/gallery/helpers | |
parent | 4c1dc8457e82bd8960e10416981b5dadfc3aebe4 (diff) |
#1956 - Escape LIKE queries (for _ and %).
In MySQL queries, _ and % characters are treated as wildcards (similar to ? and *, respectively).
- Added escape_for_like function to MY_Database.php
- Added unit test to Database_Test
- Corrected the five unescaped instances in the code using this function.
Diffstat (limited to 'modules/gallery/helpers')
-rw-r--r-- | modules/gallery/helpers/item_rest.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php index 10799567..efeba2ef 100644 --- a/modules/gallery/helpers/item_rest.php +++ b/modules/gallery/helpers/item_rest.php @@ -64,7 +64,7 @@ class item_rest_Core { } if (isset($p->name)) { - $orm->where("name", "LIKE", "%{$p->name}%"); + $orm->where("name", "LIKE", "%" . Database::escape_for_like($p->name) . "%"); } if (isset($p->type)) { |