diff --git a/src/classes/logstreamdb.class.php b/src/classes/logstreamdb.class.php index 7ca0622..e326a86 100644 --- a/src/classes/logstreamdb.class.php +++ b/src/classes/logstreamdb.class.php @@ -624,11 +624,11 @@ class LogStreamDB extends LogStream { // Now Create LIKE Filters if ( isset($tmpfilters[$propertyname]) ) - $tmpfilters[$propertyname][FILTER_VALUE] .= $addor . $dbmapping[$szTableType][$propertyname] . $addnod . $szSearchBegin . $myfilter[FILTER_VALUE] . $szSearchEnd; + $tmpfilters[$propertyname][FILTER_VALUE] .= $addor . $dbmapping[$szTableType][$propertyname] . $addnod . $szSearchBegin . DB_RemoveBadChars($myfilter[FILTER_VALUE]) . $szSearchEnd; else { $tmpfilters[$propertyname][FILTER_TYPE] = FILTER_TYPE_STRING; - $tmpfilters[$propertyname][FILTER_VALUE] = $dbmapping[$szTableType][$propertyname] . $addnod . $szSearchBegin . $myfilter[FILTER_VALUE] . $szSearchEnd; + $tmpfilters[$propertyname][FILTER_VALUE] = $dbmapping[$szTableType][$propertyname] . $addnod . $szSearchBegin . DB_RemoveBadChars($myfilter[FILTER_VALUE]) . $szSearchEnd; } break; case FILTER_TYPE_NUMBER: @@ -642,7 +642,7 @@ class LogStreamDB extends LogStream { else { $tmpfilters[$szArrayKey][FILTER_TYPE] = FILTER_TYPE_NUMBER; - $tmpfilters[$szArrayKey][FILTER_VALUE] = $dbmapping[$szTableType][$propertyname] . " NOT IN (" . $myfilter[FILTER_VALUE]; + $tmpfilters[$szArrayKey][FILTER_VALUE] = $dbmapping[$szTableType][$propertyname] . " NOT IN (" . DB_RemoveBadChars($myfilter[FILTER_VALUE]); } } else @@ -653,7 +653,7 @@ class LogStreamDB extends LogStream { else { $tmpfilters[$propertyname][FILTER_TYPE] = FILTER_TYPE_NUMBER; - $tmpfilters[$propertyname][FILTER_VALUE] = $dbmapping[$szTableType][$propertyname] . " IN (" . $myfilter[FILTER_VALUE]; + $tmpfilters[$propertyname][FILTER_VALUE] = $dbmapping[$szTableType][$propertyname] . " IN (" . DB_RemoveBadChars($myfilter[FILTER_VALUE]); } } // --- diff --git a/src/classes/logstreampdo.class.php b/src/classes/logstreampdo.class.php index d5d3736..14eb412 100644 --- a/src/classes/logstreampdo.class.php +++ b/src/classes/logstreampdo.class.php @@ -651,11 +651,11 @@ class LogStreamPDO extends LogStream { // Not create LIKE Filters if ( isset($tmpfilters[$propertyname]) ) - $tmpfilters[$propertyname][FILTER_VALUE] .= $addor . $dbmapping[$szTableType][$propertyname] . $addnod . $szSearchBegin . $myfilter[FILTER_VALUE] . $szSearchEnd; + $tmpfilters[$propertyname][FILTER_VALUE] .= $addor . $dbmapping[$szTableType][$propertyname] . $addnod . $szSearchBegin . DB_RemoveBadChars($myfilter[FILTER_VALUE]) . $szSearchEnd; else { $tmpfilters[$propertyname][FILTER_TYPE] = FILTER_TYPE_STRING; - $tmpfilters[$propertyname][FILTER_VALUE] = $dbmapping[$szTableType][$propertyname] . $addnod . $szSearchBegin . $myfilter[FILTER_VALUE] . $szSearchEnd; + $tmpfilters[$propertyname][FILTER_VALUE] = $dbmapping[$szTableType][$propertyname] . $addnod . $szSearchBegin . DB_RemoveBadChars($myfilter[FILTER_VALUE]) . $szSearchEnd; } break; case FILTER_TYPE_NUMBER: @@ -669,7 +669,7 @@ class LogStreamPDO extends LogStream { else { $tmpfilters[$szArrayKey][FILTER_TYPE] = FILTER_TYPE_NUMBER; - $tmpfilters[$szArrayKey][FILTER_VALUE] = $dbmapping[$szTableType][$propertyname] . " NOT IN (" . $myfilter[FILTER_VALUE]; + $tmpfilters[$szArrayKey][FILTER_VALUE] = $dbmapping[$szTableType][$propertyname] . " NOT IN (" . DB_RemoveBadChars($myfilter[FILTER_VALUE]); } } else @@ -680,7 +680,7 @@ class LogStreamPDO extends LogStream { else { $tmpfilters[$propertyname][FILTER_TYPE] = FILTER_TYPE_NUMBER; - $tmpfilters[$propertyname][FILTER_VALUE] = $dbmapping[$szTableType][$propertyname] . " IN (" . $myfilter[FILTER_VALUE]; + $tmpfilters[$propertyname][FILTER_VALUE] = $dbmapping[$szTableType][$propertyname] . " IN (" . DB_RemoveBadChars($myfilter[FILTER_VALUE]); } } // ---