Index: branches/5.0.x/core/units/helpers/search_helper.php
===================================================================
diff -u -r12306 -r12365
--- branches/5.0.x/core/units/helpers/search_helper.php	(.../search_helper.php)	(revision 12306)
+++ branches/5.0.x/core/units/helpers/search_helper.php	(.../search_helper.php)	(revision 12365)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: search_helper.php 12306 2009-08-17 02:35:55Z dmitrya $
+* @version	$Id: search_helper.php 12365 2009-08-22 19:11:51Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -67,6 +67,8 @@
 			$minus_conditions = Array();
 
 			foreach ($keywords as $keyword => $sign) {
+				$keyword = $this->Conn->escape($keyword);
+
 				switch ($sign) {
 					case '+':
 						$plus_conditions[] = implode(' LIKE "%'.$keyword.'%" OR ', $fields).' LIKE "%'.$keyword.'%"';
@@ -249,9 +251,10 @@
 						$multiple = array_key_exists('multiple', $field_options) && $field_options['multiple'];
 
 						foreach ($field_options['options'] as $key => $val) {
+							$match_to = mb_strtolower($use_phrases ? $this->Application->Phrase($val) : $val);
+
 							foreach ($search_keywords as $keyword => $sign) {
-								$pattern = '#'.$keyword.'#i';
-								if (!preg_match($pattern, $use_phrases ? $this->Application->Phrase($val) : $val)) {
+								if (strpos($match_to, mb_strtolower($keyword)) === false) {
 									if ($sign == '+') {
 										$filter_value = $table_name.'`'.$field_name.'` = NULL';
 										break;
@@ -263,7 +266,7 @@
 
 								if ($sign == '+' || $sign == '') {
 									// don't add single quotes to found option ids when multiselect (but escape string anyway)
-									$search_keys[$key] = $multiple ? mysql_real_escape_string($key) : $this->Conn->qstr($key);
+									$search_keys[$key] = $multiple ? $this->Conn->escape($key) : $this->Conn->qstr($key);
 								}
 								elseif($sign == '-') {
 									// if same value if found as exclusive too, then remove from search result
@@ -304,7 +307,9 @@
 					case 'numeric':
 						$search_keys = Array();
 						foreach ($search_keywords as $keyword => $sign) {
-							if (!is_numeric($keyword) || ($sign == '-')) continue;
+							if (!is_numeric($keyword) || ($sign == '-')) {
+								continue;
+							}
 							$search_keys[] = $this->Conn->qstr($keyword);
 						}
 
@@ -558,7 +563,7 @@
 					break;
 
 				case 'picker':
-					$field_value = strlen($field_options['submit_value']) ? $field_options['submit_value'] : false;
+					$field_value = strlen($field_options['submit_value']) ? $this->Conn->escape($field_options['submit_value']) : false;
 					if ($field_value) {
 						$filter_value = $table_name.'`'.$field_name.'` LIKE "%|'.$field_value.'|%"';
 					}