diff --git bp-core/bp-core-classes.php bp-core/bp-core-classes.php
index 4bd3b67..9486cb2 100644
|
|
class BP_User_Query { |
365 | 365 | // To avoid global joins, do a separate query |
366 | 366 | // @todo remove need for bp_is_active() check |
367 | 367 | if ( false !== $search_terms && bp_is_active( 'xprofile' ) ) { |
368 | | $search_terms_clean = mysql_real_escape_string( mysql_real_escape_string( $search_terms ) ); |
| 368 | $search_terms_clean = esc_sql( esc_sql( $search_terms ) ); |
369 | 369 | $search_terms_clean = like_escape( $search_terms_clean ); |
370 | 370 | $found_user_ids_query = "SELECT user_id FROM {$bp->profile->table_name_data} WHERE value LIKE '%" . $search_terms_clean . "%'"; |
371 | 371 | $found_user_ids = $wpdb->get_col( $found_user_ids_query ); |