--- MPIWGWeb/MPIWGStaff.py	2005/11/24 19:14:18	1.10.2.19
+++ MPIWGWeb/MPIWGStaff.py	2005/11/25 12:14:46	1.10.2.20
@@ -318,9 +318,9 @@ class MPIWGStaff(CatalogAware,ZSQLExtend
              pt=PageTemplateFile(os.path.join(package_home(globals()),'zpt','editCV.zpt')).__of__(self)
              return pt()
         
-         query="UPDATE personal_www SET cv ='%s' WHERE oid='%s'"
-
-         self.ZSQLQuery(query%(cv,oid))
+         query="UPDATE personal_www SET cv =%s WHERE oid='%s'"
+         
+         self.ZSQLQuery(query%(self.ZSQLQuote(cv),oid))
         
          if RESPONSE:
             RESPONSE.redirect("editCV")
@@ -333,9 +333,9 @@ class MPIWGStaff(CatalogAware,ZSQLExtend
              pt=PageTemplateFile(os.path.join(package_home(globals()),'zpt','editAwards.zpt')).__of__(self)
              return pt()
         
-         query="UPDATE personal_www SET awards ='%s' WHERE oid='%s'"
+         query="UPDATE personal_www SET awards =%s WHERE oid='%s'"
       
-         self.ZSQLQuery(query%(awards,oid))
+         self.ZSQLQuery(query%(self.ZSQLQuote(awards),oid))
         
          if RESPONSE:
             RESPONSE.redirect("editAwards")