fix: SQL syntax error with LIKE ESCAPE clause - use double backslash in escape sequence

Agent-Logs-Url: https://github.com/thorsten/phpMyFAQ/sessions/fb97f7b6-1d3a-49ea-9c67-aa74beee56f2

Co-authored-by: thorsten <45284+thorsten@users.noreply.github.com>

Author: Copilot

phpmyfaq/src/phpMyFAQ/Search.php

@@ -249,7 +249,7 @@ private function searchCustomPages(string $searchTerm, bool $allLanguages = true
             // Escape LIKE metacharacters (%, _) to prevent wildcard injection
             $escapedWord = str_replace(['\\', '%', '_'], ['\\\\', '\\%', '\\_'], $word);
             $searchConditions[] = sprintf(
-                "(page_title LIKE '%%%s%%' ESCAPE '\\' OR content LIKE '%%%s%%' ESCAPE '\\')",
+                "(page_title LIKE '%%%s%%' ESCAPE '\\\\' OR content LIKE '%%%s%%' ESCAPE '\\\\')",
                 $escapedWord,
                 $escapedWord,
             );

phpmyfaq/src/phpMyFAQ/Search/Database/PdoPgsql.php

@@ -74,7 +74,7 @@ public function search(string $searchTerm): mixed
                 FROM
                     %s %s %s %s
                 WHERE
-                    (%s) ILIKE ('%%%s%%') ESCAPE '\\'
+                    (%s) ILIKE ('%%%s%%') ESCAPE '\\\\'
                     %s
                     %s",
             $columns,

phpmyfaq/src/phpMyFAQ/Search/SearchDatabase.php

@@ -264,7 +264,7 @@ public function getMatchClause(string $searchTerm = ''): string
                 }
 
                 $where = sprintf(
-                    "%s%s LIKE '%%%s%%' ESCAPE '\\'",
+                    "%s%s LIKE '%%%s%%' ESCAPE '\\\\'",
                     $where,
                     $this->matchingColumns[$j],
                     self::escapeLikeWildcards($this->configuration->getDb()->escape($keys[$i])),

tests/phpMyFAQ/Search/SearchDatabaseTest.php

@@ -149,7 +149,7 @@ public function testGetMatchClause()
     {
         $this->searchDatabase->setMatchingColumns(['faqdata.author']);
         $this->assertEquals(
-            " (faqdata.author LIKE '%Thorsten%' ESCAPE '\\')",
+            " (faqdata.author LIKE '%Thorsten%' ESCAPE '\\\\')",
             $this->searchDatabase->getMatchClause('Thorsten'),
         );
         $this->assertIsString($this->searchDatabase->getMatchClause('Thorsten'));
@@ -159,7 +159,7 @@ public function testGetMatchClauseWithTwoSearchTerms()
     {
         $this->searchDatabase->setMatchingColumns(['faqdata.author']);
         $this->assertEquals(
-            " (faqdata.author LIKE '%Thorsten%' ESCAPE '\\') OR (faqdata.author LIKE '%Rinne%' ESCAPE '\\')",
+            " (faqdata.author LIKE '%Thorsten%' ESCAPE '\\\\') OR (faqdata.author LIKE '%Rinne%' ESCAPE '\\\\')",
             $this->searchDatabase->getMatchClause('Thorsten Rinne'),
         );
         $this->assertIsString($this->searchDatabase->getMatchClause('Thorsten'));
@@ -169,7 +169,7 @@ public function testGetMatchClauseWithTwoColumns()
     {
         $this->searchDatabase->setMatchingColumns(['faqdata.author', 'faqdata.thema']);
         $this->assertEquals(
-            " (faqdata.author LIKE '%Thorsten%' ESCAPE '\\' OR faqdata.thema LIKE '%Thorsten%' ESCAPE '\\')",
+            " (faqdata.author LIKE '%Thorsten%' ESCAPE '\\\\' OR faqdata.thema LIKE '%Thorsten%' ESCAPE '\\\\')",
             $this->searchDatabase->getMatchClause('Thorsten'),
         );
         $this->assertIsString($this->searchDatabase->getMatchClause('Thorsten'));