diff --git a/ChangeLog b/ChangeLog
index ef029e276..c94eda63e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,10 @@
 	(- _parseLine:) fixed incorrrect handling
 	of QP-encoded attributes.
 
+	* SoObjects/SOGo/SQLSource.m - we now properly
+	escape quotes for SQL parameters coming from
+	user's input.
+
 2010-03-22  Ludovic Marcotte <lmarcotte@inverse.ca>
 
 	* SoObjects/Mailer/SOGoDraftObject.m - we strip
diff --git a/SoObjects/SOGo/SQLSource.m b/SoObjects/SOGo/SQLSource.m
index 81582b27a..23172d282 100644
--- a/SoObjects/SOGo/SQLSource.m
+++ b/SoObjects/SOGo/SQLSource.m
@@ -184,6 +184,7 @@
 
   rc = NO;
 
+  _login = [_login stringByReplacingString: @"'"  withString: @"''"];
   cm = [GCSChannelManager defaultChannelManager];
   channel = [cm acquireOpenChannelForURL: _viewURL];
   if (channel)
@@ -237,6 +238,7 @@
 
   response = nil;
 
+  theID = [theID stringByReplacingString: @"'"  withString: @"''"];
   cm = [GCSChannelManager defaultChannelManager];
   channel = [cm acquireOpenChannelForURL: _viewURL];
   if (channel)
@@ -348,6 +350,8 @@
   if (channel)
     {
       lowerFilter = [filter lowercaseString];
+      lowerFilter = [lowerFilter stringByReplacingString: @"'"  withString: @"''"];
+
       sql = [NSString stringWithFormat: (@"SELECT *"
                                          @" FROM %@"
                                          @" WHERE LOWER(c_cn) LIKE '%%%@%%'"