- * @param string $title Note title
+ * The note title is stored html-escaped in the database because we
+ * get it that way from tomboy. Thus we have to escape the search
+ * input, too.
+ *
+ * @param string $title Note title.
$row = \OC_DB::executeAudited(
'SELECT note_guid FROM `*PREFIX*grauphel_notes`'
. ' WHERE `note_user` = ? AND `note_title` = ?',
$row = \OC_DB::executeAudited(
'SELECT note_guid FROM `*PREFIX*grauphel_notes`'
. ' WHERE `note_user` = ? AND `note_title` = ?',