From a5abd40040b93e469c2f3a0dffe29ffba405f51d Mon Sep 17 00:00:00 2001
From: Carlos Pacha <carlos@colosa.com>
Date: Mon, 4 Apr 2011 12:29:08 -0400
Subject: [PATCH] BUG 5408 this issue was improved.

I've not  been able to reproduce this bug, however I could see into the code it's doing "SELECT FIELD_UID, FIELDA, FIELDB FROM YOURTABLE" then to solve this issue I have added some code now the code it's doing "SELECT FIELD_UID, FIELDA, FIELDB FROM YOURTABLE where FIELDA LIKE 'FIELDSEARCH%'"
---
 gulliver/methods/genericAjax.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/gulliver/methods/genericAjax.php b/gulliver/methods/genericAjax.php
index b1f4fb35c..e58c926cc 100644
--- a/gulliver/methods/genericAjax.php
+++ b/gulliver/methods/genericAjax.php
@@ -23,7 +23,20 @@ if( isset($request) ){
       try{
         $sData = base64_decode(str_rot13($_GET['hash']));
         list($SQL, $DB_UID) = explode('@', $sData);
+        //fixed: improving the statement sql by krlos
+        $sSql=substr($SQL, 6, strlen($SQL));
+        $pattern = "/\bfrom\b/i";
+        $replacement = 'FROM';
+        $sSql = preg_replace($pattern, $replacement, $sSql);
+        $aSql = explode("FROM", $sSql);
+        
+        $afieldSql = explode(",",$aSql[0]);  
 
+        if(count($afieldSql)>1)
+          $SQL .= "where $afieldSql[1] like '". $_GET['input']."%'";
+        else
+          $SQL .= "where $afieldSql[0] like '". $_GET['input']."%'";
+        //add fixed
         $aRows = Array();
         try {
             $con = Propel::getConnection($DB_UID);