From e646626c4a6e6cceb445fa06379708565a0d8f7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20Nicolaysen=20S=C3=B8rnes?=
 <alex@thehandofagony.com>
Date: Wed, 18 Jun 2008 00:19:28 +0200
Subject: [PATCH] Escape input in searchForApplication()

---
 include/util.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/util.php b/include/util.php
index 4009d1c..55af094 100644
--- a/include/util.php
+++ b/include/util.php
@@ -462,12 +462,12 @@ function searchForApplication($search_words)
            FROM appFamily
            WHERE appName != 'NONAME'
            AND appFamily.state = 'accepted'
-           AND (appName LIKE '%" . $search_words . "%'
-           OR keywords LIKE '%" . $search_words . "%'";
+           AND (appName LIKE '%?%'
+           OR keywords LIKE '%?%'";
 
     $sQuery.=" ) ORDER BY appName";
 
-    $hResult = query_appdb($sQuery);
+    $hResult = query_parameters($sQuery, $search_words, $search_words);
     return $hResult;
 }