diff --git a/htdocs/hrm/evaluation_list.php b/htdocs/hrm/evaluation_list.php
index b2eeaf2c886..84080f930fa 100644
--- a/htdocs/hrm/evaluation_list.php
+++ b/htdocs/hrm/evaluation_list.php
@@ -276,7 +276,7 @@ if ($search_all) {
 }
 
 if (empty($permissiontoreadall)) {
-	$sql.= " AND t.fk_user IN(".implode(", ", $user->getAllChildIds(1)).") ";
+	$sql.= " AND t.fk_user IN(".$db->sanitize(implode(", ", $user->getAllChildIds(1))).") ";
 }
 
 //$sql.= dolSqlDateFilter("t.field", $search_xxxday, $search_xxxmonth, $search_xxxyear);