diff --git a/cron/intimateTaskStatus.php b/cron/intimateTaskStatus.php
index 0e7252d9db687b6f0f661ce39ceb3a7bbdf993d0..7cb6730e23c6c73de2eb9a3ebdd48a899f8e7180 100755
--- a/cron/intimateTaskStatus.php
+++ b/cron/intimateTaskStatus.php
@@ -39,7 +39,7 @@ if($activevalue[0] == 1)
 
 	//get all those activities where the status is not completed even after the passing of 24 hours
 	$today = date("Ymd"); 
-	$result = $adb->pquery("select vtiger_activity.status,vtiger_activity.activityid,subject,(vtiger_activity.date_start +1),vtiger_crmentity.smownerid from vtiger_activity inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_activity.activityid where vtiger_crmentity.deleted=0 and vtiger_activity.status <> 'Completed' and activitytype='Task' and ".$today." > (vtiger_activity.date_start+1)", array());
+	$result = $adb->pquery("select vtiger_activity.status,vtiger_activity.activityid,subject,(vtiger_activity.date_start +1),vtiger_crmentity.smownerid from vtiger_activity inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_activity.activityid where vtiger_crmentity.deleted=0 and vtiger_activity.status <> 'Completed' and activitytype='Task' and ? > (vtiger_activity.date_start+1)", array($today));
 
 	while ($myrow = $adb->fetch_array($result))
 	{
diff --git a/cron/modules/SalesOrder/RecurringInvoice.service b/cron/modules/SalesOrder/RecurringInvoice.service
index 422d75d322e205456fe87c025ece3ddf92924b78..ccb87f5b54d1a6d44e24f5c1e8250f5fdeb35cb9 100644
--- a/cron/modules/SalesOrder/RecurringInvoice.service
+++ b/cron/modules/SalesOrder/RecurringInvoice.service
@@ -22,8 +22,8 @@ $sql="SELECT vtiger_salesorder.salesorderid, recurring_frequency, start_period,
 		 payment_duration, invoice_status FROM vtiger_salesorder
 		 INNER JOIN vtiger_crmentity ON vtiger_salesorder.salesorderid = vtiger_crmentity.crmid AND vtiger_crmentity.deleted = 0
 		 INNER JOIN vtiger_invoice_recurring_info ON vtiger_salesorder.salesorderid = vtiger_invoice_recurring_info.salesorderid
-		 WHERE DATE_FORMAT(start_period,'%Y-%m-%d') <= '$currentDate' AND DATE_FORMAT(end_period,'%Y-%m-%d') >= '$currentDate'";
-$result = $adb->pquery($sql, array());
+		 WHERE DATE_FORMAT(start_period,'%Y-%m-%d') <= ? AND DATE_FORMAT(end_period,'%Y-%m-%d') >= ?";
+$result = $adb->pquery($sql, array($currentDate, $currentDate));
 $no_of_salesorder = $adb->num_rows($result);
 
 for($i=0; $i<$no_of_salesorder;$i++) {
diff --git a/data/CRMEntity.php b/data/CRMEntity.php
index 5ad321e653471cf895e1874a7836890e91eff725..0cea66f725bc8288924ce99a86174eb8e3039edd 100644
--- a/data/CRMEntity.php
+++ b/data/CRMEntity.php
@@ -367,7 +367,8 @@ class CRMEntity {
 		$log->info("function insertIntoEntityTable " . $module . ' vtiger_table name ' . $table_name);
 		global $adb;
 		$insertion_mode = $this->mode;
-
+        $table_name = Vtiger_Util_Helper::validateStringForSql($table_name);
+        
 		//Checkin whether an entry is already is present in the vtiger_table to update
 		if ($insertion_mode == 'edit') {
 			$tablekey = $this->tab_name_index[$table_name];
@@ -726,6 +727,7 @@ class CRMEntity {
 	 */
 	function deleteRelation($table_name) {
 		global $adb;
+        $table_name = Vtiger_Util_Helper::validateStringForSql($table_name);
 		$check_query = "select * from $table_name where " . $this->tab_name_index[$table_name] . "=?";
 		$check_result = $adb->pquery($check_query, array($this->id));
 		$num_rows = $adb->num_rows($check_result);
@@ -1094,6 +1096,7 @@ class CRMEntity {
 	 */
 	function checkIfCustomTableExists($tablename) {
 		global $adb;
+        $table_name = Vtiger_Util_Helper::validateStringForSql($table_name);
 		$query = "select * from " . $adb->sql_escape_string($tablename);
 		$result = $this->db->pquery($query, array());
 		$testrow = $this->db->num_fields($result);
@@ -1541,6 +1544,8 @@ class CRMEntity {
 	/* Function to check if the mod number already exits */
 	function checkModuleSeqNumber($table, $column, $no) {
 		global $adb;
+        $table = Vtiger_Util_Helper::validateStringForSql($table);
+        $column = Vtiger_Util_Helper::validateStringForSql($column);
 		$result = $adb->pquery("select " . $adb->sql_escape_string($column) .
 				" from " . $adb->sql_escape_string($table) .
 				" where " . $adb->sql_escape_string($column) . " = ?", array($no));
@@ -1577,8 +1582,8 @@ class CRMEntity {
 			$fld_column = $adb->query_result($fieldinfo, 0, 'columnname');
 
 			if ($fld_table == $this->table_name) {
-				$records = $adb->query("SELECT $this->table_index AS recordid FROM $this->table_name " .
-						"WHERE $fld_column = '' OR $fld_column is NULL");
+				$records = $adb->pquery("SELECT $this->table_index AS recordid FROM $this->table_name " .
+						"WHERE $fld_column = '' OR $fld_column is NULL", array());
 
 				if ($records && $adb->num_rows($records)) {
 					$returninfo['totalrecords'] = $adb->num_rows($records);
@@ -2722,6 +2727,7 @@ class CRMEntity {
 			$module = getTabModuleName($tabId);
 		}
 		$query = $this->getNonAdminAccessQuery($module, $user, $parentRole, $userGroups);
+        $tableName = Vtiger_Util_Helper::validateStringForSql($tableName);
 		$query = "create temporary table IF NOT EXISTS $tableName(id int(11) primary key) ignore " .
 				$query;
 		$db = PearDatabase::getInstance();
diff --git a/include/PopulateComboValues.php b/include/PopulateComboValues.php
index bc7337fdd4eb9dfb9063811b17b40353b36a234d..6dc4dc812afc71c6b8704e0f339bf30bdb8f97ef 100644
--- a/include/PopulateComboValues.php
+++ b/include/PopulateComboValues.php
@@ -31,6 +31,7 @@ class PopulateComboValues
 	function insertComboValues($values, $tableName,$picklistid)
 	{
 		global $log;
+        $tableName = Vtiger_Util_Helper::validateStringForSql($tableName);
 		$log->debug("Entering insertComboValues(".$values.", ".$tableName.") method ...");
 		global $adb;
 		//inserting the value in the vtiger_picklistvalues_seq for the getting uniqueID for each picklist values...
@@ -81,7 +82,7 @@ class PopulateComboValues
 				
 		global $app_list_strings,$adb;
 		global $combo_strings;
-		$comboRes = $adb->query("SELECT distinct fieldname FROM vtiger_field WHERE uitype IN ('15') OR fieldname = 'salutationtype' and vtiger_field.presence in (0,2)");
+		$comboRes = $adb->pquery("SELECT distinct fieldname FROM vtiger_field WHERE uitype IN ('15') OR fieldname = 'salutationtype' and vtiger_field.presence in (0,2)", array());
 		$noOfCombos = $adb->num_rows($comboRes);
 		for($i=0; $i<$noOfCombos; $i++)
 		{
@@ -124,7 +125,7 @@ class PopulateComboValues
 		global $app_list_strings,$adb;
 		global $combo_strings;
 		// uitype -> 16 - Non standard picklist, 115 - User status, 83 - Tax Class
-		$comboRes = $adb->query("SELECT distinct fieldname FROM vtiger_field WHERE uitype IN ('16','115','83') AND fieldname NOT IN ('hdnTaxType','email_flag') and vtiger_field.presence in (0,2)");
+		$comboRes = $adb->pquery("SELECT distinct fieldname FROM vtiger_field WHERE uitype IN ('16','115','83') AND fieldname NOT IN ('hdnTaxType','email_flag') and vtiger_field.presence in (0,2)", array());
 		$noOfCombos = $adb->num_rows($comboRes);
 		for($i=0; $i<$noOfCombos; $i++)
 		{
diff --git a/include/Webservices/Custom/VtigerCompanyDetails.php b/include/Webservices/Custom/VtigerCompanyDetails.php
index 8b8076bb5fe8fba4dc709f1583bfae850294a9d5..ced8ebb66f0247ecbda076cc03febd83f49c3443 100644
--- a/include/Webservices/Custom/VtigerCompanyDetails.php
+++ b/include/Webservices/Custom/VtigerCompanyDetails.php
@@ -17,6 +17,7 @@ require_once 'include/Webservices/VtigerActorOperation.php';
 class VtigerCompanyDetails extends VtigerActorOperation {
 	public function create($elementType, $element) {
 		$db = PearDatabase::getInstance();
+        $params = array();
 		$sql = 'select * from vtiger_organizationdetails';
 		$result = $db->pquery($sql,$params);
 		$rowCount = $db->num_rows($result);