From e8d9197b96f67a12c282fad9636e0dc6a141e267 Mon Sep 17 00:00:00 2001
From: Mike Nolan <tesses@tesses.net>
Date: Wed, 1 Jan 2025 06:34:56 +0000
Subject: [PATCH] Escape ze string

---
 www/search.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/www/search.php b/www/search.php
index 04a1e9b..0115c04 100644
--- a/www/search.php
+++ b/www/search.php
@@ -31,8 +31,8 @@ if(isset($_GET["q"]))
 
         
     }
-
-    $stmt = $pdo->prepare("select * from SavedVideo where Title like '%$search%' LIMIT ".strval($offset*20).", 20");
+    $mySearch = $pdo->quote("%".$search."%");
+    $stmt = $pdo->prepare("select * from SavedVideo where Title like $mySearch LIMIT ".strval($offset*20).", 20");
     $stmt->execute();
     $videos = $stmt->fetchAll();