From 70e6b8a03d8d3b8c3f039b4f1f0d9909777d1dea Mon Sep 17 00:00:00 2001
From: Graham Knop <graham@plainblack.com>
Date: Thu, 6 Nov 2008 22:16:08 +0000
Subject: [PATCH] fixed #9028: Thingy fails when setting values containing
 single quotes

---
 docs/changelog/7.x.x.txt           | 2 +-
 lib/WebGUI/Asset/Wobject/Thingy.pm | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index 219a1723e..1525278a9 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -8,7 +8,7 @@
  - fixed #9025: Testing function of UsersOnline macro fails.
  - Brand new Survey system.  Make sure to export your old results as they will
    not be imported, only the surveys themselves.
-
+ - fixed #9028: Thingy fails when setting values containing single quotes
 
 7.6.2
  - fixed: not allowed to add calendar events if in can edit group but not can add event group
diff --git a/lib/WebGUI/Asset/Wobject/Thingy.pm b/lib/WebGUI/Asset/Wobject/Thingy.pm
index faa3ae292..cddf0ee3b 100644
--- a/lib/WebGUI/Asset/Wobject/Thingy.pm
+++ b/lib/WebGUI/Asset/Wobject/Thingy.pm
@@ -3009,7 +3009,8 @@ sequenceNumber');
                 "searchFields_is".$fieldType => 1,
             });
             my $searchValue = $session->form->process("field_".$field->{fieldId});
-            push(@constraints,$dbh->quote_identifier("field_".$field->{fieldId})." like '%".$searchValue."%'") if ($searchValue);
+            push @constraints, $dbh->quote_identifier("field_".$field->{fieldId}) . " LIKE "
+                . $dbh->quote('%'.$searchValue.'%') if ($searchValue);
         }
         if($field->{displayInSearch}){
             my $orderByUrl = $self->session->url->append($currentUrl,"orderBy=".$field->{fieldId});