7 files changed, 13 insertions, 14 deletions

diff --git a/includes/cache.inc b/includes/cache.inc
index cbefdd2a3..b45d26b27 100644
--- a/includes/cache.inc
+++ b/includes/cache.inc
@@ -462,7 +462,7 @@ class DrupalDatabaseCache implements DrupalCacheInterface {
         }
         else {
           db_delete($this->bin)
-            ->condition('cid', $cid . '%', 'LIKE')
+            ->condition('cid', db_like($cid) . '%', 'LIKE')
             ->execute();
         }
       }
diff --git a/includes/locale.inc b/includes/locale.inc
index e9197f46e..a40a7d125 100644
--- a/includes/locale.inc
+++ b/includes/locale.inc
@@ -1480,12 +1480,12 @@ function _locale_translate_seek() {
   // Compute LIKE section.
   switch ($query['translation']) {
     case 'translated':
-      $sql_query->condition('t.translation', '%' . $query['string'] . '%', 'LIKE');
+      $sql_query->condition('t.translation', '%' . db_like($query['string']) . '%', 'LIKE');
       $sql_query->orderBy('t.translation', 'DESC');
       break;
     case 'untranslated':
       $sql_query->condition(db_and()
-        ->condition('s.source', '%' . $query['string'] . '%', 'LIKE')
+        ->condition('s.source', '%' . db_like($query['string']) . '%', 'LIKE')
         ->isNull('t.translation')
       );
       $sql_query->orderBy('s.source');
@@ -1493,10 +1493,10 @@ function _locale_translate_seek() {
     case 'all' :
     default:
       $condition = db_or()
-        ->condition('s.source', '%' . $query['string'] . '%', 'LIKE');
+        ->condition('s.source', '%' . db_like($query['string']) . '%', 'LIKE');
       if ($query['language'] != 'en') {
         // Only search in translations if the language is not forced to English.
-        $condition->condition('t.translation', '%' . $query['string'] . '%', 'LIKE');
+        $condition->condition('t.translation', '%' . db_like($query['string']) . '%', 'LIKE');
       }
       $sql_query->condition($condition);
       break;
diff --git a/modules/field/modules/field_sql_storage/field_sql_storage.module b/modules/field/modules/field_sql_storage/field_sql_storage.module
index bc0d379d8..65ceb5228 100644
--- a/modules/field/modules/field_sql_storage/field_sql_storage.module
+++ b/modules/field/modules/field_sql_storage/field_sql_storage.module
@@ -494,17 +494,17 @@ function field_sql_storage_field_storage_query($field_id, $conditions, $options)
     switch ($operator) {
       case 'STARTS_WITH':
         $operator = 'LIKE';
-        $value .= '%';
+        $value = db_like($value) . '%';
         break;
 
       case 'ENDS_WITH':
         $operator = 'LIKE';
-        $value = "$value%";
+        $value = '%' . db_like($value);
         break;
 
       case 'CONTAINS':
         $operator = 'LIKE';
-        $value = "%$value%";
+        $value = '%' . db_like($value) . '%';
         break;
     }
     // Translate field columns into prefixed db columns.
diff --git a/modules/profile/profile.pages.inc b/modules/profile/profile.pages.inc
index bfc23e221..346223285 100644
--- a/modules/profile/profile.pages.inc
+++ b/modules/profile/profile.pages.inc
@@ -53,7 +53,7 @@ function profile_browse() {
         $query->condition('v.value', $value);
         break;
       case 'list':
-        $query->condition('v.value', '%' . $value . '%', 'LIKE');
+        $query->condition('v.value', '%' . db_like($value) . '%', 'LIKE');
         break;
       default:
         drupal_not_found();
diff --git a/modules/search/search.extender.inc b/modules/search/search.extender.inc
index 99a96057e..05daa7850 100644
--- a/modules/search/search.extender.inc
+++ b/modules/search/search.extender.inc
@@ -442,4 +442,4 @@ class SearchQuery extends SelectQueryExtender {
 
     return $this->query->execute();
   }
-}
\ No newline at end of file
+}
diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module
index d7ee54ba6..a6ea124d0 100644
--- a/modules/taxonomy/taxonomy.module
+++ b/modules/taxonomy/taxonomy.module
@@ -813,6 +813,7 @@ class TaxonomyTermController extends DrupalDefaultEntityController {
       foreach ($conditions as $key => $condition) {
         if ($condition['field'] == 'base.name') {
           $conditions[$key]['operator'] = 'LIKE';
+          $conditions[$key]['value'] = db_like($conditions[$key]['value']);
         }
       }
     }
diff --git a/modules/taxonomy/taxonomy.pages.inc b/modules/taxonomy/taxonomy.pages.inc
index 712e8bc75..4b65472ef 100644
--- a/modules/taxonomy/taxonomy.pages.inc
+++ b/modules/taxonomy/taxonomy.pages.inc
@@ -102,13 +102,11 @@ function taxonomy_autocomplete($field_name, $tags_typed = '') {
     if (!empty($tags_typed)) {
       $query->condition('t.name', $tags_typed, 'NOT IN');
     }
+    // Select rows that match by term name.
     $tags_return = $query
       ->fields('t', array('tid', 'name'))
       ->condition('t.vid', $vids)
-      // Select rows that match by term name.
-      ->condition(db_or()
-      ->where("t.name LIKE :last_string", array(':last_string' => '%' . $tag_last . '%'))
-      )
+      ->condition('t.name', '%' . db_like($tag_last) . '%', 'LIKE')
       ->range(0, 10)
       ->execute()
       ->fetchAllKeyed();