Use sanitized value for query.

modules/Portal/models/ListView.php

@@ -54,7 +54,7 @@ class Portal_ListView_Model extends Vtiger_ListView_Model {
     
     public function getQuery() {
         $query = 'SELECT portalid, portalname, portalurl, createdtime FROM vtiger_portal';
-        $searchValue = $this->get('search_value');
+        $searchValue = $this->getForSql('search_value');
         if(!empty($searchValue))
             $query .= " WHERE portalname LIKE '".$searchValue."%'";