diff --git a/htdocs/product/class/api_products.class.php b/htdocs/product/class/api_products.class.php
index 1a965ba0f8d..e736833514c 100644
--- a/htdocs/product/class/api_products.class.php
+++ b/htdocs/product/class/api_products.class.php
@@ -1360,7 +1360,7 @@ class Products extends DolibarrApi
 
         $sql = 'SELECT ';
         $sql .= 'v.fk_product_attribute, v.rowid, v.ref, v.value FROM '.MAIN_DB_PREFIX.'product_attribute_value as v';
-        $sql .= " WHERE v.fk_product_attribute IN (SELECT rowid FROM ".MAIN_DB_PREFIX."product_attribute WHERE ref LIKE '".trim($ref)."')";
+        $sql .= " WHERE v.fk_product_attribute IN (SELECT rowid FROM ".MAIN_DB_PREFIX."product_attribute WHERE ref LIKE '".$this->db->escape(trim($ref))."')";
 
         $resql = $this->db->query($sql);