diff options
| -rw-r--r-- | mod/members/pages/members/search.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/mod/members/pages/members/search.php b/mod/members/pages/members/search.php index 39b54990e..94127768a 100644 --- a/mod/members/pages/members/search.php +++ b/mod/members/pages/members/search.php @@ -19,16 +19,16 @@ if ($vars['search_type'] == 'tag') { $users = $results['entities']; $content = elgg_view_entity_list($users, $count, $offset, $limit, false, false, true); } else { - $name = get_input('name'); + $name = sanitize_string(get_input('name')); $title = elgg_echo('members:title:searchname', array($name)); - global $CONFIG; + $db_prefix = elgg_get_config('dbprefix'); $params = array( 'type' => 'user', 'full_view' => false, - 'joins' => array("join {$CONFIG->dbprefix}users_entity u on e.guid=u.guid"), - 'wheres' => array("(u.name like \"%{$name}%\" or u.username like \"%{$name}%\")"), + 'joins' => array("JOIN {$db_prefix}users_entity u ON e.guid=u.guid"), + 'wheres' => array("(u.name LIKE \"%{$name}%\" OR u.username LIKE \"%{$name}%\")"), ); $content .= elgg_list_entities($params); } |