From ae511bd14a08928e370887eb99a049e695b4192c Mon Sep 17 00:00:00 2001
From: John Skoumbourdis <scoumbourdisj@gmail.com>
Date: Sun, 10 Dec 2017 20:21:10 +0200
Subject: [PATCH] #211: Bug if use where clause

---
 application/libraries/Grocery_CRUD.php | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/application/libraries/Grocery_CRUD.php b/application/libraries/Grocery_CRUD.php
index 26bd841d..2025526b 100755
--- a/application/libraries/Grocery_CRUD.php
+++ b/application/libraries/Grocery_CRUD.php
@@ -633,6 +633,7 @@ protected function set_ajax_list_queries($state_info = null)
 					$this->like($state_info->search->field , $state_info->search->text);
 				}
 			}
+            // Search all field
 			else
 			{
 				$columns = $this->get_columns();
@@ -643,6 +644,8 @@ protected function set_ajax_list_queries($state_info = null)
 					foreach($this->where as $where)
 						$this->basic_model->having($where[0],$where[1],$where[2]);
 
+                $temp_where_query_array = [];
+
 				foreach($columns as $column)
 				{
 					if(isset($temp_relation[$column->field_name]))
@@ -651,24 +654,32 @@ protected function set_ajax_list_queries($state_info = null)
 						{
 							foreach($temp_relation[$column->field_name] as $search_field)
 							{
-								$this->or_like($search_field, $search_text);
+                                $escaped_text = $this->basic_model->escape_str($search_text);
+                                $temp_where_query_array[] = $search_field . ' LIKE \'%' . $escaped_text . '%\'';
 							}
 						}
 						else
 						{
-							$this->or_like($temp_relation[$column->field_name], $search_text);
+                            $escaped_text = $this->basic_model->escape_str($search_text);
+                            $temp_where_query_array[] = $temp_relation[$column->field_name] . ' LIKE \'%' . $escaped_text . '%\'';
 						}
 					}
 					elseif(isset($this->relation_n_n[$column->field_name]))
 					{
 						//@todo have a where for the relation_n_n statement
 					}
-					elseif (isset($field_types[$column->field_name])
-                        && !in_array($field_types[$column->field_name]->type, array('date', 'datetime', 'timestamp')))
-					{
-						$this->or_like($column->field_name, $search_text);
+					elseif (
+					    isset($field_types[$column->field_name]) &&
+                        !in_array($field_types[$column->field_name]->type, array('date', 'datetime', 'timestamp'))
+                    ) {
+                        $escaped_text = $this->basic_model->escape_str($search_text);
+                        $temp_where_query_array[] = $column->field_name . ' LIKE \'%' . $escaped_text . '%\'';
 					}
 				}
+
+                if (!empty($temp_where_query_array)) {
+                    $this->where('(' . implode(' OR ', $temp_where_query_array) . ')', null);
+                }
 			}
 		}
 	}