diff --git a/main/auth/profile.php b/main/auth/profile.php
index 2967501f68..04bb758594 100644
--- a/main/auth/profile.php
+++ b/main/auth/profile.php
@@ -409,13 +409,13 @@ function upload_user_production($user_id)
  */
 function check_user_password($password)
 {
-    global $_user;
     $user_id = api_get_user_id();
     if ($user_id != strval(intval($user_id)) || empty($password)) {
         return false;
     }
     $table_user = Database :: get_main_table(TABLE_MAIN_USER);
     $password = api_get_encrypted_password($password);
+    $password = Database::escape_string($password);
     $sql_password = "SELECT * FROM $table_user WHERE user_id='".$user_id."' AND password='".$password."'";
     $result = Database::query($sql_password);