From a7d129bedfa633a79fa77a5d133c52d4ed54eff5 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Thu, 27 May 2010 18:14:37 +0200
Subject: [PATCH] Add database::escape_string

---
 main/inc/lib/add_many_session_to_category_functions.lib.php | 1 +
 1 file changed, 1 insertion(+)
 mode change 100644 => 100755 main/inc/lib/add_many_session_to_category_functions.lib.php

diff --git a/main/inc/lib/add_many_session_to_category_functions.lib.php b/main/inc/lib/add_many_session_to_category_functions.lib.php
old mode 100644
new mode 100755
index 65ee540338..623d548749
--- a/main/inc/lib/add_many_session_to_category_functions.lib.php
+++ b/main/inc/lib/add_many_session_to_category_functions.lib.php
@@ -13,6 +13,7 @@ class AddManySessionToCategoryFunctions {
 			// xajax send utf8 datas... datas in db can be non-utf8 datas
 			$charset = api_get_setting('platform_charset');
 			$needle = api_convert_encoding($needle, $charset, 'utf-8');
+			$needle = Database::escape_string($needle);
 
 			$sql = 'SELECT * FROM '.$tbl_session.' WHERE name LIKE "'.$needle.'%" ORDER BY id';