if (($search_IN == 'name' || $search_IN == 'department' || $search_IN == 'username') &&
$config[sql_use_user_info_table] == 'true'){
$res = @da_sql_query($link,$config,
- "SELECT da_sql_limit($max_results,0,$config) username FROM $config[sql_user_info_table] WHERE
- lower($search_IN) LIKE '%$search%'
- da_sql_limit($max_results,1,$config) da_sql_limit($max_results,2,$config);");
+ "SELECT " . da_sql_limit($max_results,0,$config) . " username FROM $config[sql_user_info_table] WHERE
+ lower($search_IN) LIKE '%$search%' " .
+ da_sql_limit($max_results,1,$config) . " " . da_sql_limit($max_results,2,$config) . " ;");
if ($res){
while(($row = @da_sql_fetch_array($res,$config)))
$found_users[] = $row[username];
$attr = $attrmap[$radius_attr];
$attr = da_sql_escape_string($attr);
$res = @da_sql_query($link,$config,
- "SELECT da_sql_limit($max_results,0,$config) username FROM $table WHERE attribute = '$attr'
- AND value LIKE '%$search%' da_sql_limit($max_results,1,$config) da_sql_limit($max_results,2,$config);");
+ "SELECT " . da_sql_limit($max_results,0,$config) . " username FROM $table WHERE attribute = '$attr'
+ AND value LIKE '%$search%' " . da_sql_limit($max_results,1,$config) . " " . da_sql_limit($max_results,2,$config) . " ;");
if ($res){
while(($row = @da_sql_fetch_array($res,$config)))
$found_users[] = $row[username];