diff --git a/main/inc/lib/events.lib.php b/main/inc/lib/events.lib.php
index 7399ce0b54..c149c54c7f 100644
--- a/main/inc/lib/events.lib.php
+++ b/main/inc/lib/events.lib.php
@@ -40,7 +40,7 @@ class Event
             } // don't change this
             $reallyNow = api_get_utc_datetime();
             $params = [
-                'open_remote_host' => $remhost,
+                'open_remote_host' => Database::escape_string($remhost),
                 'open_agent' => $_SERVER['HTTP_USER_AGENT'],
                 'open_referer' => $referer,
                 'open_date' => $reallyNow,
@@ -108,7 +108,7 @@ class Event
         $now = api_get_utc_datetime();
         $courseId = api_get_course_int_id();
         $user_id = api_get_user_id();
-        $ip = api_get_real_ip();
+        $ip = Database::escape_string(api_get_real_ip());
 
         if ($user_id) {
             $user_id = "'".$user_id."'";
@@ -181,7 +181,7 @@ class Event
                 'access_tool' => $tool,
                 'access_date' => $reallyNow,
                 'access_session_id' => $id_session,
-                'user_ip' => api_get_real_ip()
+                'user_ip' => Database::escape_string(api_get_real_ip())
             ];
             Database::insert($TABLETRACK_ACCESS, $params);
         }
@@ -1748,7 +1748,7 @@ class Event
         $courseId = intval($courseId);
         $user_id = intval($user_id);
         $session_id = intval($session_id);
-        $ip = api_get_real_ip();
+        $ip = Database::escape_string(api_get_real_ip());
 
         $sql = "INSERT INTO $course_tracking_table(c_id, user_ip, user_id, login_course_date, logout_course_date, counter, session_id)
                 VALUES('".$courseId."', '".$ip."', '".$user_id."', '$loginDate', '$logoutDate', $counter, '".$session_id."')";
diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php
index 7237f40f7b..739de8bc70 100755
--- a/main/inc/local.inc.php
+++ b/main/inc/local.inc.php
@@ -892,7 +892,7 @@ if (!isset($_SESSION['login_as'])) {
                                 session_id = ".api_get_session_id();
                     Database::query($sql);
                 } else {
-                    $ip = api_get_real_ip();
+                    $ip = Database::escape_string(api_get_real_ip());
                     $sql = "INSERT INTO $course_tracking_table (c_id, user_ip, user_id, login_course_date, logout_course_date, counter, session_id)
                             VALUES('".$_course['real_id']."', '".$ip."', '".$_user['user_id']."', '$time', '$time', '1','".api_get_session_id()."')";
                     Database::query($sql);