From 5af1c597ae5872aa9a72713145eaae87604859f5 Mon Sep 17 00:00:00 2001 From: Tomo Tsuyuki Date: Fri, 29 Apr 2022 17:21:28 +1000 Subject: [PATCH] Fix issue 62 Error with apostrophe --- components/filters/fuserfield/plugin.class.php | 3 ++- components/filters/searchtext/plugin.class.php | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/components/filters/fuserfield/plugin.class.php b/components/filters/fuserfield/plugin.class.php index 4dd1d876..1bb44730 100755 --- a/components/filters/fuserfield/plugin.class.php +++ b/components/filters/fuserfield/plugin.class.php @@ -178,7 +178,8 @@ private function sql_replace($filtersearchtext, $filterstrmatch, $finalelements) print_error('nosuchoperator'); } if ($operator == '~') { - $replace = " AND " . $field . " LIKE '%" . $filtersearchtext . "%'"; + $searchitem = trim(str_replace("'", "''", $filtersearchtext)); + $replace = " AND " . $field . " LIKE '%" . $searchitem . "%'"; } else if ($operator == 'in') { $processeditems = array(); // Accept comma-separated values, allowing for '\,' as a literal comma. diff --git a/components/filters/searchtext/plugin.class.php b/components/filters/searchtext/plugin.class.php index b0a92af7..e4168444 100644 --- a/components/filters/searchtext/plugin.class.php +++ b/components/filters/searchtext/plugin.class.php @@ -87,7 +87,8 @@ private function sql_replace($filtersearchtext, $filterstrmatch, $finalelements) print_error('nosuchoperator'); } if ($operator == '~') { - $replace = " AND " . $field . " LIKE '%" . $filtersearchtext . "%'"; + $searchitem = trim(str_replace("'", "''", $filtersearchtext)); + $replace = " AND " . $field . " LIKE '%" . $searchitem . "%'"; } else if ($operator == 'in') { $processeditems = array(); // Accept comma-separated values, allowing for '\,' as a literal comma.