$searching = false;
if($search) {
$search_hdr = $search;
- $search = dbesc(protect_sprintf('%' . $search . '%'));
+ $search_txt = dbesc(protect_sprintf(preg_quote($search)));
$searching = true;
}
- $sql_extra .= (($searching) ? " AND `name` REGEXP '$search' " : "");
+ $sql_extra .= (($searching) ? " AND `name` REGEXP '$search_txt' " : "");
if($nets)
$sql_extra .= sprintf(" AND network = '%s' ", dbesc($nets));
}
-
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `pending` = 0 $sql_extra $sql_extra2 ORDER BY `name` ASC LIMIT %d , %d ",
intval($_SESSION['uid']),
intval($a->pager['start']),
'$total' => $total,
'$search' => $search_hdr,
'$desc' => t('Search your contacts'),
- '$finding' => (strlen($search) ? t('Finding: ') . "'" . $search . "'" : ""),
+ '$finding' => (($searching) ? t('Finding: ') . "'" . $search . "'" : ""),
'$submit' => t('Find'),
'$cmd' => $a->cmd,
'$contacts' => $contacts,