diff --git a/www/include/views/graphTemplates/listGraphTemplates.php b/www/include/views/graphTemplates/listGraphTemplates.php
index c117018e8510c827d3aa02755f03873ab1787244..ea700670ca97c65c3fb61ebf456bc13d16981b66 100644
--- a/www/include/views/graphTemplates/listGraphTemplates.php
+++ b/www/include/views/graphTemplates/listGraphTemplates.php
@@ -43,7 +43,7 @@ $SearchTool = null;
 $search = '';
 if (isset($_POST['searchGT']) && $_POST['searchGT']) {
     $search = $_POST['searchGT'];
-    $SearchTool = " WHERE name LIKE '%".$search."%'";
+    $SearchTool = " WHERE name LIKE '%" . $pearDB->escape($search) . "%'";
 }
 
 $res = $pearDB->query("SELECT COUNT(*) FROM giv_graphs_template".$SearchTool);
@@ -140,7 +140,7 @@ $o2 = $form->getElement('o2');
 $o2->setValue(null);
 
 $tpl->assign('limit', $limit);
-$tpl->assign('searchGT', $search);
+$tpl->assign('searchGT', htmlentities($search));
 
 /*
  * Apply a template definition