diff --git a/modules/Portal/models/ListView.php b/modules/Portal/models/ListView.php
index 34e88dd914971cf67f7b7b8b973930a9a1dcfff5..d7df344d2fae425fc83886022034fb0e79ba3f26 100644
--- a/modules/Portal/models/ListView.php
+++ b/modules/Portal/models/ListView.php
@@ -22,8 +22,8 @@ class Portal_ListView_Model extends Vtiger_ListView_Model {
 		$startIndex = $pagingModel->getStartIndex();
 		$pageLimit = $pagingModel->getPageLimit();
         
-        $orderBy = $this->get('orderby');
-        $sortOrder = $this->get('sortorder');
+        $orderBy = $this->getForSql('orderby');
+        $sortOrder = $this->getForSql('sortorder');
 
         if(!empty($orderBy))
             $listQuery .= ' ORDER BY '.$orderBy.' '.$sortOrder;
@@ -61,7 +61,7 @@ class Portal_ListView_Model extends Vtiger_ListView_Model {
     
     public function getQuery() {
         $query = 'SELECT portalid, portalname, portalurl, createdtime FROM vtiger_portal';
-        $searchValue = $this->get('search_value');
+		$searchValue = Vtiger_Functions::realEscapeString($this->get('search_value'));
         if(!empty($searchValue))
             $query .= " WHERE portalname LIKE '".$searchValue."%'";
         
diff --git a/modules/Settings/LoginHistory/models/ListView.php b/modules/Settings/LoginHistory/models/ListView.php
index 6ca32f6cb41192593ce223b5bbdfa662416511ba..635658d39b4c2501809d6a9aa0bbfc1bb04ab5be 100644
--- a/modules/Settings/LoginHistory/models/ListView.php
+++ b/modules/Settings/LoginHistory/models/ListView.php
@@ -21,8 +21,8 @@ class Settings_LoginHistory_ListView_Model extends Settings_Vtiger_ListView_Mode
 				INNER JOIN vtiger_users ON vtiger_users.user_name = $module->baseTable.user_name";
 		
 		$search_key = $this->get('search_key');
-		$value = $this->get('search_value');
-		
+		$value = Vtiger_Functions::realEscapeString($this->get('search_value'));
+
 		if(!empty($search_key) && !empty($value)) {
 			$query .= " WHERE $module->baseTable.$search_key = '$value'";
 		}
@@ -55,4 +55,4 @@ class Settings_LoginHistory_ListView_Model extends Settings_Vtiger_ListView_Mode
 		$listResult = $db->pquery($listQuery, array());
 		return $db->query_result($listResult, 0, 'count');
 	}
-}
\ No newline at end of file
+}
diff --git a/vtlib/Vtiger/Functions.php b/vtlib/Vtiger/Functions.php
index 3bf9236817a3778cc5d102ad22574039af597584..aef165870c7c5d2ff824dbc5700427892e32e00d 100644
--- a/vtlib/Vtiger/Functions.php
+++ b/vtlib/Vtiger/Functions.php
@@ -1404,4 +1404,14 @@ class Vtiger_Functions {
 		}
 		return $isRelated;
 	}
+
+	/**
+	 * Function to Escapes special characters in a string for use in an SQL statement
+	 * @param type $value
+	 * @return type
+	 */
+	static function realEscapeString($value){
+		$value = mysql_real_escape_string($value);
+		return $value;
+	}
 }