--- MPIWGWeb/MPIWGStaff.py	2006/04/21 17:58:45	1.10.2.26
+++ MPIWGWeb/MPIWGStaff.py	2006/07/03 14:28:47	1.10.2.27
@@ -309,10 +309,10 @@ class MPIWGStaff(CatalogAware,ZSQLExtend
         for newEntry in newEntries.keys():
             query="INSERT INTO %s "%newEntry
             keys=['id_main']
-            values=["'"+id_main+"'"]
+            values=["'"+sql_quote(id_main)+"'"]
             for key in newEntries[newEntry].keys():
                 keys.append(key)
-                values.append("'"+newEntries[newEntry][key]+"'")
+                values.append("'"+sql_quote(newEntries[newEntry][key])+"'")
 
 
             keystring=",".join(keys)