Index: branches/5.0.x/core/units/categories/categories_event_handler.php
===================================================================
diff -u -r12889 -r12896
--- branches/5.0.x/core/units/categories/categories_event_handler.php	(.../categories_event_handler.php)	(revision 12889)
+++ branches/5.0.x/core/units/categories/categories_event_handler.php	(.../categories_event_handler.php)	(revision 12896)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: categories_event_handler.php 12889 2009-11-10 09:55:04Z alex $
+* @version	$Id: categories_event_handler.php 12896 2009-11-10 17:40:29Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -2316,7 +2316,8 @@
 			reset($search_config);
 
 			foreach ($positive_words as $keyword_index => $positive_word) {
-				$positive_words[$keyword_index] = mysql_real_escape_string($positive_word);
+				$positive_word = $search_helper->transformWildcards($positive_word);
+				$positive_words[$keyword_index] = $this->Conn->escape($positive_word);
 			}
 
 			foreach ($field_list as $field) {
Index: branches/5.0.x/core/units/helpers/search_helper.php
===================================================================
diff -u -r12892 -r12896
--- branches/5.0.x/core/units/helpers/search_helper.php	(.../search_helper.php)	(revision 12892)
+++ branches/5.0.x/core/units/helpers/search_helper.php	(.../search_helper.php)	(revision 12896)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: search_helper.php 12892 2009-11-10 11:16:33Z alex $
+* @version	$Id: search_helper.php 12896 2009-11-10 17:40:29Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -58,9 +58,20 @@
 			return $ret;
 		}
 
+		/**
+		 * Replace wildcards to match MySQL
+		 *
+		 * @param string $keyword
+		 * @return string
+		 */
+		function transformWildcards($keyword)
+		{
+			return str_replace(Array ('%', '_', '*', '?') , Array ('\%', '\_', '%', '_'), $keyword);
+		}
+
 		function buildWhereClause($keyword, $fields)
 		{
-			$keywords = $this->splitKeyword($keyword);
+			$keywords = $this->splitKeyword( $this->transformWildcards($keyword) );
 
 			$normal_conditions = Array();
 			$plus_conditions = Array();
@@ -175,7 +186,6 @@
 			// process search keyword
 			$search_keyword = $this->Application->GetVar( $event->getPrefixSpecial(true).'_search_keyword');
 			$this->Application->StoreVar( $event->getPrefixSpecial().'_search_keyword', $search_keyword);
-			$search_keyword = str_replace('*', '%', $search_keyword);
 
 			$custom_filter = $this->processCustomFilters($event);
 
@@ -253,6 +263,7 @@
 							$match_to = mb_strtolower($use_phrases ? $this->Application->Phrase($val) : $val);
 
 							foreach ($search_keywords as $keyword => $sign) {
+								// doesn't support wildcards
 								if (strpos($match_to, mb_strtolower($keyword)) === false) {
 									if ($sign == '+') {
 										$filter_value = $table_name.'`'.$field_name.'` = NULL';
Index: branches/5.0.x/core/kernel/db/cat_event_handler.php
===================================================================
diff -u -r12789 -r12896
--- branches/5.0.x/core/kernel/db/cat_event_handler.php	(.../cat_event_handler.php)	(revision 12789)
+++ branches/5.0.x/core/kernel/db/cat_event_handler.php	(.../cat_event_handler.php)	(revision 12896)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: cat_event_handler.php 12789 2009-10-25 20:56:43Z alex $
+* @version	$Id: cat_event_handler.php 12896 2009-11-10 17:40:29Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -1067,8 +1067,6 @@
 
 		$this->saveToSearchLog($keywords, 0); // 0 - simple search, 1 - advanced search
 
-		$keywords = strtr($keywords, Array('%' => '\\%', '_' => '\\_'));
-
 		$event->setPseudoClass('_List');
 
 		$object =& $event->getObject();
@@ -1230,7 +1228,8 @@
 		reset($search_config);
 
 		foreach ($positive_words as $keyword_index => $positive_word) {
-			$positive_words[$keyword_index] = mysql_real_escape_string($positive_word);
+			$positive_word = $search_helper->transformWildcards($positive_word);
+			$positive_words[$keyword_index] = $this->Conn->escape($positive_word);
 		}
 
 		foreach ($field_list as $field) {
Index: branches/5.0.x/core/kernel/db/db_connection.php
===================================================================
diff -u -r12734 -r12896
--- branches/5.0.x/core/kernel/db/db_connection.php	(.../db_connection.php)	(revision 12734)
+++ branches/5.0.x/core/kernel/db/db_connection.php	(.../db_connection.php)	(revision 12896)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: db_connection.php 12734 2009-10-20 19:28:11Z alex $
+* @version	$Id: db_connection.php 12896 2009-11-10 17:40:29Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -605,7 +605,10 @@
 				return 'NULL';
 			}
 
-			return mysql_real_escape_string($string, $this->connectionID);
+			$string = mysql_real_escape_string($string, $this->connectionID);
+
+			// prevent double-escaping of MySQL wildcard symbols ("%" and  "_") in case if they were already escaped
+			return str_replace(Array ('\\\\%', '\\\\_'), Array ('\\%', '\\_'), $string);
 		}
 
 		/**