diff options
| author | Atul Pratap Singh <atulpratapsingh05@gmail.com> | 2012-06-30 09:58:46 +0400 |
|---|---|---|
| committer | Atul Pratap Singh <atulpratapsingh05@gmail.com> | 2012-06-30 09:58:46 +0400 |
| commit | 82ff5dc5e065e142b501ec5c91c4b8b5b6ce08ab (patch) | |
| tree | 122cb5316ed0af3acec8b675c349757c346eec2a /db_search.php | |
| parent | 0fc4d56effbd927e106125446d91e2eee78e7c93 (diff) | |
Improve usage visibility of criteriaSearchString variable
Diffstat (limited to 'db_search.php')
| -rw-r--r-- | db_search.php | 22 |
1 files changed, 7 insertions, 15 deletions
diff --git a/db_search.php b/db_search.php index 440e713dbd..588b17203f 100644 --- a/db_search.php +++ b/db_search.php @@ -64,19 +64,10 @@ if (empty($_REQUEST['criteriaSearchType']) if (empty($_REQUEST['criteriaSearchString']) || ! is_string($_REQUEST['criteriaSearchString']) ) { + $criteriaSearchString = ''; unset($_REQUEST['submit_search']); - $searched = ''; } else { - $searched = htmlspecialchars($_REQUEST['criteriaSearchString']); - // For "as regular expression" (search option 4), we should not treat - // this as an expression that contains a LIKE (second parameter of - // PMA_sqlAddSlashes()). - // - // Usage example: If user is seaching for a literal $ in a regexp search, - // he should enter \$ as the value. - $criteriaSearchString = PMA_sqlAddSlashes( - $_REQUEST['criteriaSearchString'], ($criteriaSearchType == 4 ? false : true) - ); + $criteriaSearchString = $_REQUEST['criteriaSearchString']; } $criteriaTables = array(); @@ -118,8 +109,8 @@ if ( $GLOBALS['is_ajax_request'] != true) { if (isset($_REQUEST['submit_search'])) { $response->addHTML( PMA_dbSearchGetSearchResults( - $criteriaTables, $searched, $searchTypeDescription, - $criteriaSearchString, $criteriaSearchType, + $criteriaTables, $searchTypeDescription, + $criteriaSearchString, $criteriaSearchType, (! empty($criteriaColumnName) ? $criteriaColumnName : '') ) ); @@ -136,8 +127,9 @@ if ($GLOBALS['is_ajax_request'] == true) { // Add search form $response->addHTML( PMA_dbSearchGetSelectionForm( - $searched, $criteriaSearchType, $tables_names_only, $criteriaTables, - $url_params, (! empty($criteriaColumnName) ? $criteriaColumnName : '') + $criteriaSearchString, $criteriaSearchType, $tables_names_only, + $criteriaTables, $url_params, + (! empty($criteriaColumnName) ? $criteriaColumnName : '') ) ); ?> |