From a0a1476e5bbbcd389b5bc7bc4317db8cd3a48232 Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Mon, 20 Feb 2017 15:23:22 +0100
Subject: [PATCH] Fix where() escaping in MS SQL (bug #496)

---
 adminer/include/functions.inc.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php
index 43c04fdf..ee861f06 100644
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -412,10 +412,10 @@ function where($where, $fields = array()) {
 		$key = bracket_escape($key, 1); // 1 - back
 		$column = escape_key($key);
 		$return[] = $column
-			. (($jush == "sql" && preg_match('~^[0-9]*\\.[0-9]*$~', $val)) || $jush == "mssql"
-				? " LIKE " . q(addcslashes($val, "%_\\"))
+			. ($jush == "sql" && preg_match('~^[0-9]*\\.[0-9]*$~', $val) ? " LIKE " . q(addcslashes($val, "%_\\"))
+				: ($jush == "mssql" ? " LIKE " . q(preg_replace('~[_%[]~', '[\0]', $val))
 				: " = " . unconvert_field($fields[$key], q($val))
-			) // LIKE because of floats but slow with ints, in MS SQL because of text
+			)) // LIKE because of floats but slow with ints, in MS SQL because of text
 		; //! enum and set
 		if ($jush == "sql" && preg_match('~char|text~', $fields[$key]["type"]) && preg_match("~[^ -@]~", $val)) { // not just [a-z] to catch non-ASCII characters
 			$return[] = "$column = " . q($val) . " COLLATE " . charset($connection) . "_bin";