4 files changed, 10 insertions, 10 deletions

diff --git a/LedgerSMB/AA.pm b/LedgerSMB/AA.pm
index 29bf8ce3..b2df1567 100644
--- a/LedgerSMB/AA.pm
+++ b/LedgerSMB/AA.pm
@@ -887,12 +887,12 @@ sub transactions {
         $where .= qq|
 			AND (a.id IN (SELECT DISTINCT trans_id
 			                FROM acc_trans
-			               WHERE lower(memo) LIKE '$var')
+			               WHERE lower(memo) LIKE $var)
 			                     OR a.id IN 
 			                     (SELECT DISTINCT trans_id
 			                                 FROM invoice
 			                                WHERE lower(description)
-			                                      LIKE '$var'))|;
+			                                      LIKE $var))|;
     }
     
     if ($form->{invoice_type}) {
diff --git a/LedgerSMB/CT.pm b/LedgerSMB/CT.pm
index b6d04262..c398b108 100644
--- a/LedgerSMB/CT.pm
+++ b/LedgerSMB/CT.pm
@@ -768,7 +768,7 @@ sub get_history {
     $form->sort_order();
 
     if ( $form->{"$form->{db}number"} ne "" ) {
-        $var = $dbh->( $form->like( lc $form->{"$form->{db}number"} ) );
+        $var = $dbh->quote( $form->like( lc $form->{"$form->{db}number"} ) );
         $where .= " AND lower(ct.$form->{db}number) LIKE $var";
     }
 
@@ -786,8 +786,8 @@ sub get_history {
     }
 
     if ( $form->{employee} ne "" ) {
-        $var = $form->like( lc $form->{employee} );
-        $where .= " AND lower(e.name) LIKE '$var'";
+        $var = $dbh->quote($form->like(lc $form->{employee}));
+        $where .= " AND lower(e.name) LIKE $var";
     }
 
     $transwhere .=
diff --git a/LedgerSMB/OE.pm b/LedgerSMB/OE.pm
index 2bcdbdbb..3288fe94 100644
--- a/LedgerSMB/OE.pm
+++ b/LedgerSMB/OE.pm
@@ -197,10 +197,10 @@ sub transactions {
     }
 
     if ( $form->{description} ne "" ) {
-        $var = $form->like( lc $form->{description} );
+        $var = $dbh->quote($form->like( lc $form->{description} ));
         $query .= " AND o.id IN (SELECT DISTINCT trans_id
                              FROM orderitems
-			     WHERE lower(description) LIKE '$var')";
+			     WHERE lower(description) LIKE $var)";
         push @queryargs, $var;
     }
 
@@ -1989,12 +1989,12 @@ sub get_inventory {
     if ( $form->{partnumber} ne "" ) {
         $var = $dbh->quote( $form->like( lc $form->{partnumber} ) );
         $where .= "
-			AND lower(p.partnumber) LIKE '$var'";
+			AND lower(p.partnumber) LIKE $var";
     }
     if ( $form->{description} ne "" ) {
         $var = $dbh->quote( $form->like( lc $form->{description} ) );
         $where .= "
-			AND lower(p.description) LIKE '$var'";
+			AND lower(p.description) LIKE $var";
     }
     if ( $form->{partsgroup} ne "" ) {
         ( $null, $var ) = split /--/, $form->{partsgroup};
diff --git a/LedgerSMB/PE.pm b/LedgerSMB/PE.pm
index 86d3414f..fa1c9eda 100644
--- a/LedgerSMB/PE.pm
+++ b/LedgerSMB/PE.pm
@@ -987,7 +987,7 @@ sub partsgroups {
 
     if ( $form->{partsgroup} ne "" ) {
         $var = $dbh->quote( $form->like( lc $form->{partsgroup} ) );
-        $where .= " AND lower(partsgroup) LIKE '$var'";
+        $where .= " AND lower(partsgroup) LIKE $var";
     }
     $query .= qq| WHERE $where ORDER BY $sortorder|;