diff --git a/server_privileges.php b/server_privileges.php
index 02eb82ac7..09104e15b 100644
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -165,8 +165,8 @@ function PMA_RangeOfUsers($initial = '')
     // strtolower() is used because the User field
     // might be BINARY, so LIKE would be case sensitive
     if (!empty($initial)) {
-        $ret = " WHERE `User` LIKE '" . $initial . "%'"
-            . " OR `User` LIKE '" . strtolower($initial) . "%'";
+        $ret = " WHERE `User` LIKE '" . PMA_sqlAddslashes($initial) . "%'"
+            . " OR `User` LIKE '" . PMA_sqlAddslashes(strtolower($initial)) . "%'";
     } else {
         $ret = '';
     }