Index: branches/5.0.x/core/kernel/db/db_connection.php
===================================================================
diff -u -r12734 -r12896
--- branches/5.0.x/core/kernel/db/db_connection.php	(.../db_connection.php)	(revision 12734)
+++ branches/5.0.x/core/kernel/db/db_connection.php	(.../db_connection.php)	(revision 12896)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: db_connection.php 12734 2009-10-20 19:28:11Z alex $
+* @version	$Id: db_connection.php 12896 2009-11-10 17:40:29Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -605,7 +605,10 @@
 				return 'NULL';
 			}
 
-			return mysql_real_escape_string($string, $this->connectionID);
+			$string = mysql_real_escape_string($string, $this->connectionID);
+
+			// prevent double-escaping of MySQL wildcard symbols ("%" and  "_") in case if they were already escaped
+			return str_replace(Array ('\\\\%', '\\\\_'), Array ('\\%', '\\_'), $string);
 		}
 
 		/**