Index: lams_common/src/java/org/lamsfoundation/lams/lesson/dao/hibernate/LessonDAO.java
===================================================================
diff -u -rd0b6f213cba1026b0c9fdbdaa5dd44a49eddd3aa -r1576bcb6431a78662a658091e35c78007a3dad2c
--- lams_common/src/java/org/lamsfoundation/lams/lesson/dao/hibernate/LessonDAO.java	(.../LessonDAO.java)	(revision d0b6f213cba1026b0c9fdbdaa5dd44a49eddd3aa)
+++ lams_common/src/java/org/lamsfoundation/lams/lesson/dao/hibernate/LessonDAO.java	(.../LessonDAO.java)	(revision 1576bcb6431a78662a658091e35c78007a3dad2c)
@@ -28,6 +28,7 @@
 import java.util.List;
 import java.util.Map;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.hibernate.FetchMode;
 import org.hibernate.HibernateException;
@@ -176,6 +177,7 @@
 	if (!StringUtils.isBlank(searchPhrase)) {
 	    String[] tokens = searchPhrase.trim().split("\\s+");
 	    for (String token : tokens) {
+		token = StringEscapeUtils.escapeSql(token).replace("\\", "\\\\");
 		queryTextBuilder.append(" AND (users.firstName LIKE '%").append(token)
 			.append("%' OR users.lastName LIKE '%").append(token).append("%' OR users.login LIKE '%")
 			.append(token).append("%')");
@@ -209,6 +211,7 @@
 	if (!StringUtils.isBlank(searchPhrase)) {
 	    String[] tokens = searchPhrase.trim().split("\\s+");
 	    for (String token : tokens) {
+		token = StringEscapeUtils.escapeSql(token).replace("\\", "\\\\");
 		queryTextBuilder.append(" AND (users.firstName LIKE '%").append(token)
 			.append("%' OR users.lastName LIKE '%").append(token).append("%' OR users.login LIKE '%")
 			.append(token).append("%')");
@@ -397,6 +400,7 @@
 	    queryTextBuilder.append(" WHERE");
 	    String[] tokens = searchPhrase.trim().split("\\s+");
 	    for (String token : tokens) {
+		token = StringEscapeUtils.escapeSql(token).replace("\\", "\\\\");
 		queryTextBuilder.append(" (users.first_name LIKE '%").append(token)
 			.append("%' OR users.last_name LIKE '%").append(token).append("%' OR users.login LIKE '%")
 			.append(token).append("%') AND");
Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/dao/hibernate/UserDAO.java
===================================================================
diff -u -rcc749ec17c54066bccb3daa61c5d5478720b32b6 -r1576bcb6431a78662a658091e35c78007a3dad2c
--- lams_common/src/java/org/lamsfoundation/lams/usermanagement/dao/hibernate/UserDAO.java	(.../UserDAO.java)	(revision cc749ec17c54066bccb3daa61c5d5478720b32b6)
+++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/dao/hibernate/UserDAO.java	(.../UserDAO.java)	(revision 1576bcb6431a78662a658091e35c78007a3dad2c)
@@ -90,7 +90,7 @@
 	if (!StringUtils.isBlank(searchString)) {
 	    String[] tokens = searchString.trim().split("\\s+");
 	    for (String token : tokens) {
-		String escToken = StringEscapeUtils.escapeSql(token);
+		String escToken = StringEscapeUtils.escapeSql(token).replace("\\", "\\\\");
 		queryWithSearch.append(" AND (user.firstName LIKE '%").append(escToken)
 			.append("%' OR user.lastName LIKE '%").append(escToken).append("%' OR user.login LIKE '%")
 			.append(escToken).append("%' OR user.email LIKE '%").append(escToken).append("%')");