From fc8f9dd9cb72cac2c16de781e03d3a343fbfbfe7 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Sat, 11 Oct 2003 13:21:47 +0000
Subject: [PATCH] bug 821350

---
 ChangeLog       | 2 ++
 tbl_select.php3 | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index f6c0f7388..7326f6140 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,8 @@ $Source$
 
 2003-10-11 Marc Delisle  <lem9@users.sourceforge.net>
     * libraries/grab_globals.lib.php3: bug 807047, better fix
+    * tbl_select.php3: bug 821350: escape single quotes in table
+      Search page
 
 2003-10-10 Marc Delisle  <lem9@users.sourceforge.net>
     * footer.inc.php3: bug 819036, undefined function PMA_setHistory()
diff --git a/tbl_select.php3 b/tbl_select.php3
index 8ce9129eb..b602308aa 100755
--- a/tbl_select.php3
+++ b/tbl_select.php3
@@ -277,7 +277,10 @@ else {
                     $quot     = '';
                     $func[$i] = 'IS';
                 }
-                $sql_query    .= ' AND ' . PMA_backquote(urldecode($names[$i])) . " $func[$i] $quot$fields[$i]$quot";
+                //$sql_query    .= ' AND ' . PMA_backquote(urldecode($names[$i])) . " $func[$i] $quot$fields[$i]$quot";
+
+                $sql_query    .= ' AND ' . PMA_backquote(urldecode($names[$i])) . ' ' . $func[$i] . ' ' . $quot . PMA_sqlAddslashes($fields[$i]) . $quot;
+
             } // end if
         } // end for
     } // end if