diff options
Diffstat (limited to 'search.php')
-rw-r--r-- | search.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/search.php b/search.php index 84bf8a126..f1acf9701 100644 --- a/search.php +++ b/search.php @@ -48,7 +48,7 @@ if (isset($_POST['submit'])) and !preg_match('/^\s*$/', $_POST['search_allwords'])) { check_input_parameter('mode', $_POST, false, '/^(OR|AND)$/'); - + $drop_char_match = array( '-','^','$',';','#','&','(',')','<','>','`','\'','"','|',',','@','_', '?','%','~','.','[',']','{','}',':','\\','/','=','\'','!','*'); @@ -105,6 +105,8 @@ if (isset($_POST['submit'])) } // dates + check_input_parameter('date_type', $_POST, false, '/^date_(creation|available)$/'); + $type_date = $_POST['date_type']; if (!empty($_POST['start_year'])) @@ -144,7 +146,7 @@ if (isset($_POST['submit'])) INSERT INTO '.SEARCH_TABLE.' (rules, last_seen) VALUES - (\''.serialize($search).'\', NOW()) + (\''.pwg_db_real_escape_string(serialize($search)).'\', NOW()) ;'; pwg_query($query); |