From ef154b78a169402e7f968cd2189b69b041a73543 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Mon, 20 Feb 2012 02:16:41 +0100
Subject: [PATCH] [ticket/10630] Use sql_like_expression() method instead of
 hardcoded LIKE '%x%'

PHPBB3-10630
---
 phpBB/includes/search/search.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phpBB/includes/search/search.php b/phpBB/includes/search/search.php
index 2f20d11495..df7c8a0892 100644
--- a/phpBB/includes/search/search.php
+++ b/phpBB/includes/search/search.php
@@ -295,7 +295,7 @@ class search_backend
 			$sql_where = '';
 			foreach ($authors as $author)
 			{
-				$sql_where .= (($sql_where) ? ' OR ' : '') . 'search_authors LIKE \'% ' . (int) $author . ' %\'';
+				$sql_where .= (($sql_where) ? ' OR ' : '') . 'search_authors ' . $db->sql_like_expression($db->any_char . ' ' . (int) $author . ' ' . $db->any_char);
 			}
 
 			$sql = 'SELECT search_key