Correcting SQL Query errors for customer search, 1761615

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1444 4979c152-3d1c-0410-bac9-87ea11338e46
author: einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> 2007-07-27 05:07:34 +0000
committer: einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> 2007-07-27 05:07:34 +0000
commit: 98b967b036c5560d2408442e2fd5c905686b234c (patch)
tree: f4a0e511d7da938c2faf3f93913aac7acf289ed2
parent: fc82031a2d6d90e95b76d32e61ecdef763981d9a (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/LedgerSMB/CT.pm b/LedgerSMB/CT.pm
index fd84016c..b6d04262 100644
--- a/LedgerSMB/CT.pm
+++ b/LedgerSMB/CT.pm
@@ -484,15 +484,15 @@ sub search {
     push @a, qw(name contact city state zipcode country notes phone email);
 
     if ( $form->{employee} ) {
-        $var = $form->like( lc $form->{employee} );
-        $where .= " AND lower(e.name) LIKE '$var'";
+        $var = $dbh->quote($form->like(lc $form->{employee}));
+        $where .= " AND lower(e.name) LIKE $var";
     }
 
     foreach $item (@a) {
 
         if ( $form->{$item} ne "" ) {
-            $var = $form->like( lc $form->{$item} );
-            $where .= " AND lower(ct.$item) LIKE '$var'";
+            $var = $dbh->quote($form->like( lc $form->{$item}) );
+            $where .= " AND lower(ct.$item) LIKE $var";
         }
     }
author	einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>	2007-07-27 05:07:34 +0000
committer	einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>	2007-07-27 05:07:34 +0000
commit	98b967b036c5560d2408442e2fd5c905686b234c (patch)
tree	f4a0e511d7da938c2faf3f93913aac7acf289ed2
parent	fc82031a2d6d90e95b76d32e61ecdef763981d9a (diff)