Index: trunk/cgi-bin/search.cgi
===================================================================
--- trunk/cgi-bin/search.cgi	(revision 370)
+++ trunk/cgi-bin/search.cgi	(revision 371)
@@ -279,8 +279,10 @@
 #    which probably shouldn't be for reasons of sanity.
 
+  my $cols = "cidr,custid,type,city,description";
+
   if ($category eq 'all') {
 
     print qq(<div class="heading">Showing all netblock and static-IP allocations</div><br>\n);
-    $sql = "select * from searchme";
+    $sql = "select $cols from searchme";
     my $count = countRows($sql);
     $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
@@ -293,5 +295,5 @@
     # Query for a customer ID.  Note that we can't restrict to "numeric-only"
     # as we have non-numeric custIDs in the legacy data.  :/
-    $sql = "select * from searchme where custid ilike '%$query%' or oldcustid ilike '%$query%'";
+    $sql = "select $cols from searchme where custid ilike '%$query%' or oldcustid ilike '%$query%'";
     my $count = countRows($sql);
     $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
@@ -302,5 +304,5 @@
     print qq(<div class="heading">Searching for descriptions containing '$query'</div><br>\n);
     # Query based on description (includes "name" from old DB).
-    $sql = "select * from searchme where description ilike '%$query%'".
+    $sql = "select $cols from searchme where description ilike '%$query%'".
 	" or custid ilike '%$query%'";
     my $count = countRows($sql);
@@ -320,10 +322,10 @@
 	# /0->/9 are silly to worry about right now.  I don't think
 	# we'll be getting a class A anytime soon.  <g>
-        $sql = "select * from searchme where cidr='$query'";
+        $sql = "select $cols from searchme where cidr='$query'";
 	queryResults($sql, $webvar{page}, 1);
       } else {
 	#print "Finding all blocks with netmask /$maskbits, leading octet(s) $net<br>\n";
 	# Partial match;  beginning of subnet and maskbits are provided
-	$sql = "select * from searchme where text(cidr) like '$net%' and ".
+	$sql = "select $cols from searchme where text(cidr) like '$net%' and ".
 		"text(cidr) like '%$maskbits'";
 	my $count = countRows($sql);
@@ -336,15 +338,15 @@
       my ($net,$ip) = ($query =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.)(\d{1,3})/);
       my $sfor = new NetAddr::IP $query;
-      $sth = $ip_dbh->prepare("select * from searchme where text(cidr) like '$net%'");
+      $sth = $ip_dbh->prepare("select $cols from searchme where text(cidr) like '$net%'");
       $sth->execute;
       while (my @data = $sth->fetchrow_array()) {
         my $cidr = new NetAddr::IP $data[0];
 	if ($cidr->contains($sfor)) {
-	  queryResults("select * from searchme where cidr='$cidr'", $webvar{page}, 1);
+	  queryResults("select $cols from searchme where cidr='$cidr'", $webvar{page}, 1);
 	}
       }
     } elsif ($query =~ /^(\d{1,3}\.){1,3}\d{1,3}\.?$/) {
       #print "Finding matches with leading octet(s) $query<br>\n";
-      $sql = "select * from searchme where text(cidr) like '$query%'";
+      $sql = "select $cols from searchme where text(cidr) like '$query%'";
       my $count = countRows($sql);
       $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";