diff --git a/main/auth/profile.php b/main/auth/profile.php
index 17372add44..3891b9837e 100644
--- a/main/auth/profile.php
+++ b/main/auth/profile.php
@@ -358,12 +358,13 @@ function upload_user_production($user_id) {
  * @return    bool true o false
  * @uses Gets user ID from global variable
  */
-function check_user_password($password){
+function check_user_password($password) {
     global $_user;
     $user_id = api_get_user_id();
     if ($user_id != strval(intval($user_id)) || empty($password)) { return false; }
     $table_user = Database :: get_main_table(TABLE_MAIN_USER);
     $password = api_get_encrypted_password($password);
+    $password = Database::escape_string($password);
     $sql_password = "SELECT * FROM $table_user WHERE user_id='".$user_id."' AND password='".$password."'";
     $result = Database::query($sql_password);
     return Database::num_rows($result) != 0;