From 5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Sun, 24 Jun 2007 12:49:13 +0000
Subject: tweak the sql_like_expression feature a little bit to allow correct
 escaping

git-svn-id: file:///svn/phpbb/trunk@7789 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/search.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'phpBB/search.php')

diff --git a/phpBB/search.php b/phpBB/search.php
index 5b8bdf5f20..cbc5b6732f 100644
--- a/phpBB/search.php
+++ b/phpBB/search.php
@@ -100,7 +100,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 			trigger_error(sprintf($user->lang['TOO_FEW_AUTHOR_CHARS'], $config['min_search_author_chars']));
 		}
 
-		$sql_where = (strpos($author, '*') !== false) ? ' username_clean ' . $db->sql_like_expression(str_replace('*', '%', utf8_clean_string($author))) : " username_clean = '" . $db->sql_escape(utf8_clean_string($author)) . "'";
+		$sql_where = (strpos($author, '*') !== false) ? ' username_clean ' . $db->sql_like_expression(str_replace('*', $db->any_char, utf8_clean_string($author))) : " username_clean = '" . $db->sql_escape(utf8_clean_string($author)) . "'";
 
 		$sql = 'SELECT user_id
 			FROM ' . USERS_TABLE . "
-- 
cgit v1.2.1