Index: lams_common/src/java/org/lamsfoundation/lams/lesson/dao/hibernate/LessonDAO.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/lesson/dao/hibernate/LessonDAO.java,v
diff -u -r1.48 -r1.49
--- lams_common/src/java/org/lamsfoundation/lams/lesson/dao/hibernate/LessonDAO.java	11 May 2016 07:29:11 -0000	1.48
+++ lams_common/src/java/org/lamsfoundation/lams/lesson/dao/hibernate/LessonDAO.java	11 Nov 2016 08:50:51 -0000	1.49
@@ -28,6 +28,7 @@
 import java.util.List;
 import java.util.Map;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.hibernate.FetchMode;
 import org.hibernate.HibernateException;
@@ -176,6 +177,7 @@
 	if (!StringUtils.isBlank(searchPhrase)) {
 	    String[] tokens = searchPhrase.trim().split("\\s+");
 	    for (String token : tokens) {
+		token = StringEscapeUtils.escapeSql(token).replace("\\", "\\\\");
 		queryTextBuilder.append(" AND (users.firstName LIKE '%").append(token)
 			.append("%' OR users.lastName LIKE '%").append(token).append("%' OR users.login LIKE '%")
 			.append(token).append("%')");
@@ -209,6 +211,7 @@
 	if (!StringUtils.isBlank(searchPhrase)) {
 	    String[] tokens = searchPhrase.trim().split("\\s+");
 	    for (String token : tokens) {
+		token = StringEscapeUtils.escapeSql(token).replace("\\", "\\\\");
 		queryTextBuilder.append(" AND (users.firstName LIKE '%").append(token)
 			.append("%' OR users.lastName LIKE '%").append(token).append("%' OR users.login LIKE '%")
 			.append(token).append("%')");
@@ -397,6 +400,7 @@
 	    queryTextBuilder.append(" WHERE");
 	    String[] tokens = searchPhrase.trim().split("\\s+");
 	    for (String token : tokens) {
+		token = StringEscapeUtils.escapeSql(token).replace("\\", "\\\\");
 		queryTextBuilder.append(" (users.first_name LIKE '%").append(token)
 			.append("%' OR users.last_name LIKE '%").append(token).append("%' OR users.login LIKE '%")
 			.append(token).append("%') AND");
Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/dao/hibernate/UserDAO.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/usermanagement/dao/hibernate/UserDAO.java,v
diff -u -r1.10 -r1.11
--- lams_common/src/java/org/lamsfoundation/lams/usermanagement/dao/hibernate/UserDAO.java	30 Aug 2016 06:54:22 -0000	1.10
+++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/dao/hibernate/UserDAO.java	11 Nov 2016 08:50:51 -0000	1.11
@@ -90,7 +90,7 @@
 	if (!StringUtils.isBlank(searchString)) {
 	    String[] tokens = searchString.trim().split("\\s+");
 	    for (String token : tokens) {
-		String escToken = StringEscapeUtils.escapeSql(token);
+		String escToken = StringEscapeUtils.escapeSql(token).replace("\\", "\\\\");
 		queryWithSearch.append(" AND (user.firstName LIKE '%").append(escToken)
 			.append("%' OR user.lastName LIKE '%").append(escToken).append("%' OR user.login LIKE '%")
 			.append(escToken).append("%' OR user.email LIKE '%").append(escToken).append("%')");