Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/lookup-server.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/server/lib/UserManager.php
diff options
context:
space:
mode:
Diffstat (limited to 'server/lib/UserManager.php')
-rw-r--r--server/lib/UserManager.php14
1 files changed, 8 insertions, 6 deletions
diff --git a/server/lib/UserManager.php b/server/lib/UserManager.php
index ced8dc7..93497c4 100644
--- a/server/lib/UserManager.php
+++ b/server/lib/UserManager.php
@@ -127,9 +127,8 @@ class UserManager {
* @return array
*/
private function performSearch($search, $exactMatch, $parameters, $minKarma) {
-
$operator = $exactMatch ? ' = ' : ' LIKE ';
- $limit = $exactMatch ? ' 1 ' : ' 50 ';
+ $limit = $exactMatch ? 1 : 50;
$constraint = '';
if (!empty($parameters)) {
@@ -155,12 +154,15 @@ FROM (
)
GROUP BY userId
) AS tmp
-WHERE karma >= ' . $minKarma . '
+WHERE karma >= :karma
ORDER BY karma
-LIMIT ' . $limit);
+LIMIT :limit');
+
+ $stmt->bindParam(':karma', $minKarma, \PDO::PARAM_INT);
+ $stmt->bindParam(':limit', $limit, \PDO::PARAM_INT);
- $search = $exactMatch ? $search : $this->db->quote('%' . $this->escapeWildcard($search) . '%');
- $stmt->bindParam(':search', $search, \PDO::PARAM_STR);
+ $search = $exactMatch ? $search : '%' . $this->escapeWildcard($search) . '%';
+ $stmt->bindParam('search', $search, \PDO::PARAM_STR);
// bind parameters
foreach ($parameters as $parameter) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 13:45:33 +0300