Add database::escape_string

16 years ago · a7d129bedf
parent a48433631f
commit a7d129bedf
1 changed files with 1 additions and 0 deletions
--- a/main/inc/lib/add_many_session_to_category_functions.lib.php
+++ b/main/inc/lib/add_many_session_to_category_functions.lib.php
@ -13,6 +13,7 @@ class AddManySessionToCategoryFunctions {
 			// xajax send utf8 datas... datas in db can be non-utf8 datas
 			$charset = api_get_setting('platform_charset');
 			$needle = api_convert_encoding($needle, $charset, 'utf-8');
+			$needle = Database::escape_string($needle);

 			$sql = 'SELECT * FROM '.$tbl_session.' WHERE name LIKE "'.$needle.'%" ORDER BY id';