From: Jonathan Prykop <jonathan@freeside.biz>
Date: Wed, 11 Nov 2015 05:20:55 +0000 (-0600)
Subject: RT#38597: OQM - svc Circuit use and setup [fixed sql quoting]
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=03c5dc73291c514d7373d3a15d671018edeb9568

RT#38597: OQM - svc Circuit use and setup [fixed sql quoting]
---

diff --git a/FS/FS/svc_circuit.pm b/FS/FS/svc_circuit.pm
index 408bd79e4..1a42efadd 100644
--- a/FS/FS/svc_circuit.pm
+++ b/FS/FS/svc_circuit.pm
@@ -6,7 +6,7 @@ use base qw(
   FS::MAC_Mixin
   FS::svc_Common
 );
-use FS::Record qw( qsearch qsearchs );
+use FS::Record qw( dbh qsearch qsearchs );
 use FS::circuit_provider;
 use FS::circuit_type;
 use FS::circuit_termination;
@@ -221,9 +221,9 @@ sub label {
 sub search_sql {
   my ($class, $string) = @_;
   my @where = ();
-  push @where, 'LOWER(svc_circuit.circuit_id) = \''.lc($string).'\'';
-  push @where, 'LOWER(circuit_provider.provider) = \''.lc($string).'\'';
-  push @where, 'LOWER(circuit_type.typename) = \''.lc($string).'\'';
+  push @where, 'LOWER(svc_circuit.circuit_id) = ' . dbh->quote($string);
+  push @where, 'LOWER(circuit_provider.provider) = ' . dbh->quote($string);
+  push @where, 'LOWER(circuit_type.typename) = ' . dbh->quote($string);
   '(' . join(' OR ', @where) . ')';
 }