not properly sanitizing input vars...

[proseLA]

on the zc158 test data, if one searches for die (' (i think the error starts with the open parenthesis), this will cause an error in the sql:

[24-Jul-2021 19:46:53 America/Los_Angeles] Request URI: /ajax.php?act=ajaxInstantSearch&method=instantSearch, IP address: 192.168.14.74
marco-pm/zencart_instantsearch-OLD#1  trigger_error() called at [/var/www/zcdev/includes/classes/db/mysql/query_factory.php:657]
marco-pm/zencart_instantsearch-OLD#2  queryFactory->show_error() called at [/var/www/zcdev/includes/classes/db/mysql/query_factory.php:624]
marco-pm/zencart_instantsearch-OLD#3  queryFactory->set_error() called at [/var/www/zcdev/includes/classes/db/mysql/query_factory.php:265]
marco-pm/zencart_instantsearch#4  queryFactory->Execute() called at [/var/www/zcdev/includes/classes/ajax/zcAjaxInstantSearch.php:46]
marco-pm/zencart_instantsearch-OLD#5  zcAjaxInstantSearch->instantSearch() called at [/var/www/zcdev/ajax.php:85]
--> PHP Fatal error: 1139:Got error 'missing ) at offset 5' from regexp :: SELECT p.products_id, p.products_model, p.products_image, pd.products_name, pd.products_viewed
                           FROM products_description as pd, products as p 
                           WHERE p.products_id = pd.products_id
                           AND p.products_status <> 0
                           AND ((pd.products_name REGEXP 'die|(') OR (p.products_model REGEXP 'die|(') OR (LEFT(pd.products_name, LENGTH('die (')) SOUNDS LIKE 'die ('))
                           AND language_id = '1' ==> (as called by) /var/www/zcdev/includes/classes/ajax/zcAjaxInstantSearch.php on line 46 <== in /var/www/zcdev/includes/classes/db/mysql/query_factory.php on line 657.

i have not incorporated your last commits, which is why i believe the line number is slightly off.... but i'll be more on my game soon.

[marco-pm]

Big oversight on my part! Thanks for reporting this issue.