From 4fb1d73cc5daa365fc8ce62f5874250c57957846 Mon Sep 17 00:00:00 2001
From: Mohammad Zubair Ali <zubair@expresstech.io>
Date: Thu, 25 Apr 2024 15:02:12 +0530
Subject: [PATCH] fixed search result issue while using special text characters

---
 php/admin/admin-results-page.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/admin/admin-results-page.php b/php/admin/admin-results-page.php
index fde351b67..3653acd1a 100644
--- a/php/admin/admin-results-page.php
+++ b/php/admin/admin-results-page.php
@@ -152,7 +152,7 @@ function qsm_results_overview_tab_content() {
 	$order_by_sql        = 'ORDER BY time_taken_real DESC';
 	if ( isset( $_GET['qsm_search_phrase'] ) && ! empty( $_GET['qsm_search_phrase'] ) ) {
 		// Sanitizes the search phrase and then uses $wpdb->prepare to properly escape the queries after using $wpdb->esc_like.
-		$sanitized_search_phrase = sanitize_text_field( wp_unslash( $_GET['qsm_search_phrase'] ) );
+		$sanitized_search_phrase = htmlentities( sanitize_text_field( wp_unslash( $_GET['qsm_search_phrase'] ) ) );
 		$search_phrase_percents  = '%' . esc_sql( $wpdb->esc_like( $sanitized_search_phrase ) ) . '%';
 		$search_phrase_sql       = $wpdb->prepare( ' AND (quiz_name LIKE %s OR name LIKE %s OR business LIKE %s OR email LIKE %s OR phone LIKE %s)', $search_phrase_percents, $search_phrase_percents, $search_phrase_percents, $search_phrase_percents, $search_phrase_percents );
 	}