Index: branches/5.1.x/core/kernel/db/db_connection.php
===================================================================
diff -u -N -r12657 -r13086
--- branches/5.1.x/core/kernel/db/db_connection.php	(.../db_connection.php)	(revision 12657)
+++ branches/5.1.x/core/kernel/db/db_connection.php	(.../db_connection.php)	(revision 13086)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: db_connection.php 12657 2009-10-04 20:07:31Z alex $
+* @version	$Id: db_connection.php 13086 2010-01-12 19:47:40Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -9,7 +9,7 @@
 * the GNU General Public License, and as distributed it includes
 * or is derivative of works licensed under the GNU General Public License
 * or other free or open source software licenses.
-* See http://www.in-portal.net/license/ for copyright notices and details.
+* See http://www.in-portal.org/license for copyright notices and details.
 */
 
 	defined('FULL_PATH') or die('restricted access!');
@@ -605,7 +605,10 @@
 				return 'NULL';
 			}
 
-			return mysql_real_escape_string($string, $this->connectionID);
+			$string = mysql_real_escape_string($string, $this->connectionID);
+
+			// prevent double-escaping of MySQL wildcard symbols ("%" and  "_") in case if they were already escaped
+			return str_replace(Array ('\\\\%', '\\\\_'), Array ('\\%', '\\_'), $string);
 		}
 
 		/**