From 4f056c68b7db3f961ac4730c9c2386ecb61b17bb Mon Sep 17 00:00:00 2001
From: Lars Gebhardt-Kusche <lars@kusche.berlin>
Date: Fri, 2 Jan 2026 01:50:54 +0100
Subject: [PATCH] fdfdf

---
 src/App/Search.php | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/App/Search.php b/src/App/Search.php
index 8542ec8..9902cf6 100644
--- a/src/App/Search.php
+++ b/src/App/Search.php
@@ -26,13 +26,13 @@ final class Search
         foreach ($tokens as $tok) {
             $tok = trim($tok);
             if ($tok === '') continue;
-            $conditions[] = "(title LIKE ? OR teaser_public LIKE ? OR description LIKE ? OR city LIKE ? OR region LIKE ? OR zip LIKE ?)";
-            $bind[] = '%' . $tok . '%';
-            $bind[] = '%' . $tok . '%';
-            $bind[] = '%' . $tok . '%';
-            $bind[] = '%' . $tok . '%';
-            $bind[] = '%' . $tok . '%';
-            $bind[] = '%' . $tok . '%';
+            $conditions[] = "(title LIKE CONCAT('%', ?, '%') OR teaser_public LIKE CONCAT('%', ?, '%') OR description LIKE CONCAT('%', ?, '%') OR city LIKE CONCAT('%', ?, '%') OR region LIKE CONCAT('%', ?, '%') OR zip LIKE CONCAT('%', ?, '%'))";
+            $bind[] = $tok;
+            $bind[] = $tok;
+            $bind[] = $tok;
+            $bind[] = $tok;
+            $bind[] = $tok;
+            $bind[] = $tok;
             $i++;
         }
 
@@ -77,9 +77,8 @@ final class Search
         $sql .= " LIMIT {$limit}";
 
         $stmt = $this->pdo->prepare($sql);
-
         try {
-            $stmt->execute();
+            $stmt->execute($bind);
             return $stmt->fetchAll(\PDO::FETCH_ASSOC) ?: [];
         } catch (\PDOException $e) {
             // Log into /debug/search_debug.log and continue with empty results