diff --git a/htdocs/takepos/ajax/ajax.php b/htdocs/takepos/ajax/ajax.php
index 5e0b329676a..e15963efb9a 100644
--- a/htdocs/takepos/ajax/ajax.php
+++ b/htdocs/takepos/ajax/ajax.php
@@ -235,7 +235,7 @@ if ($action == 'getProducts') {
 	$sql .= $hookmanager->resPrint;
 
 	// load only one page of products
-	$sql.= ' LIMIT '. $search_start . ',' . $search_limit;
+	$sql.= ' LIMIT '. $db->escape($search_start) . ',' . $db->escape($search_limit);
 
 	$resql = $db->query($sql);
 	if ($resql) {