From 25af99f308b8ab1b43b2e3d4cbaa5fb13a15806e Mon Sep 17 00:00:00 2001 From: Elson Costa Date: Mon, 19 Feb 2024 11:20:32 -0300 Subject: [PATCH] Fix search account by acc_number. --- admin/pages/accounts.php | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/admin/pages/accounts.php b/admin/pages/accounts.php index eb315dc89..1f0d2a5c1 100644 --- a/admin/pages/accounts.php +++ b/admin/pages/accounts.php @@ -62,19 +62,24 @@ function verify_number($number, $name, $max_length) $id = 0; if (isset($_REQUEST['id'])) $id = (int)$_REQUEST['id']; -else if (isset($_REQUEST['search_name'])) { - if (strlen($_REQUEST['search_name']) < 3 && !Validator::number($_REQUEST['search_name'])) { +else if ($searchName = $_REQUEST['search_name'] ?? null) { + if (strlen($searchName) < 3 && !Validator::number($searchName)) { echo 'Player name is too short.'; } else { - if (Validator::number($_REQUEST['search_name'])) - $id = $_REQUEST['search_name']; - else { - $query = $db->query('SELECT `id` FROM `accounts` WHERE `name` = ' . $db->quote($_REQUEST['search_name'])); + if (Validator::number($searchName)) { + $id = $searchName; + $query = $db->query("SELECT `id` FROM `accounts` WHERE `name` = {$id}"); + if ($query->rowCount() == 1) { + $query = $query->fetch(); + $id = $query['id']; + } + } else { + $query = $db->query("SELECT `id` FROM `accounts` WHERE `name` = {$db->quote($searchName)}"); if ($query->rowCount() == 1) { $query = $query->fetch(); $id = $query['id']; } else { - $query = $db->query('SELECT `id`, `name` FROM `accounts` WHERE `name` LIKE ' . $db->quote('%' . $_REQUEST['search_name'] . '%')); + $query = $db->query("SELECT `id`, `name` FROM `accounts` WHERE `name` LIKE {$db->quote("%{$searchName}%")}"); if ($query->rowCount() > 0 && $query->rowCount() <= 10) { echo 'Do you mean?