diff --git a/htdocs/hrm/class/evaluation.class.php b/htdocs/hrm/class/evaluation.class.php
index 7652b2bfd0f..b13f031c136 100644
--- a/htdocs/hrm/class/evaluation.class.php
+++ b/htdocs/hrm/class/evaluation.class.php
@@ -422,7 +422,7 @@ class Evaluation extends CommonObject
 			}
 		}
 		if (count($sqlwhere) > 0) {
-			$sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')';
+			$sql .= ' AND ('.$this->db->escape(implode(' '.$filtermode.' ', $sqlwhere)).')';
 		}
 
 		if (!empty($sortfield)) {
diff --git a/htdocs/hrm/class/evaluationdet.class.php b/htdocs/hrm/class/evaluationdet.class.php
index 0608f14dbe9..eb7ec1e253c 100644
--- a/htdocs/hrm/class/evaluationdet.class.php
+++ b/htdocs/hrm/class/evaluationdet.class.php
@@ -395,7 +395,7 @@ class Evaluationline extends CommonObject
 			}
 		}
 		if (count($sqlwhere) > 0) {
-			$sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')';
+			$sql .= ' AND ('.$this->db->escape(implode(' '.$filtermode.' ', $sqlwhere)).')';
 		}
 
 		if (!empty($sortfield)) {
diff --git a/htdocs/hrm/class/job.class.php b/htdocs/hrm/class/job.class.php
index 23b08e00012..2360c3536ef 100644
--- a/htdocs/hrm/class/job.class.php
+++ b/htdocs/hrm/class/job.class.php
@@ -396,7 +396,7 @@ class Job extends CommonObject
 			}
 		}
 		if (count($sqlwhere) > 0) {
-			$sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')';
+			$sql .= ' AND ('.$this->db->escape(implode(' '.$filtermode.' ', $sqlwhere)).')';
 		}
 
 		if (!empty($sortfield)) {
diff --git a/htdocs/hrm/class/position.class.php b/htdocs/hrm/class/position.class.php
index 673840c83d4..001a7151272 100644
--- a/htdocs/hrm/class/position.class.php
+++ b/htdocs/hrm/class/position.class.php
@@ -407,7 +407,7 @@ class Position extends CommonObject
 			}
 		}
 		if (count($sqlwhere) > 0) {
-			$sql .= ' AND (' . implode(' ' . $filtermode . ' ', $sqlwhere) . ')';
+			$sql .= ' AND ('.$this->db->escape(implode(' '.$filtermode.' ', $sqlwhere)).')';
 		}
 
 		if (!empty($sortfield)) {
diff --git a/htdocs/hrm/class/skill.class.php b/htdocs/hrm/class/skill.class.php
index b2fe7719564..5d37f367309 100644
--- a/htdocs/hrm/class/skill.class.php
+++ b/htdocs/hrm/class/skill.class.php
@@ -442,7 +442,7 @@ class Skill extends CommonObject
 			}
 		}
 		if (count($sqlwhere) > 0) {
-			$sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')';
+			$sql .= ' AND ('.$this->db->escape(implode(' '.$filtermode.' ', $sqlwhere)).')';
 		}
 
 		if (!empty($sortfield)) {
diff --git a/htdocs/hrm/class/skilldet.class.php b/htdocs/hrm/class/skilldet.class.php
index ca6752b2508..03cd095ecc7 100644
--- a/htdocs/hrm/class/skilldet.class.php
+++ b/htdocs/hrm/class/skilldet.class.php
@@ -388,7 +388,7 @@ class Skilldet extends CommonObject
 			}
 		}
 		if (count($sqlwhere) > 0) {
-			$sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')';
+			$sql .= ' AND ('.$this->db->escape(implode(' '.$filtermode.' ', $sqlwhere)).')';
 		}
 
 		if (!empty($sortfield)) {
diff --git a/htdocs/hrm/class/skillrank.class.php b/htdocs/hrm/class/skillrank.class.php
index c2a09936199..e9126707550 100644
--- a/htdocs/hrm/class/skillrank.class.php
+++ b/htdocs/hrm/class/skillrank.class.php
@@ -427,7 +427,7 @@ class SkillRank extends CommonObject
 			}
 		}
 		if (count($sqlwhere) > 0) {
-			$sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')';
+			$sql .= ' AND ('.$this->db->escape(implode(' '.$filtermode.' ', $sqlwhere)).')';
 		}
 
 		if (!empty($sortfield)) {