diff --git a/core/trunk/core/class/web_service/class_web_service.php b/core/trunk/core/class/web_service/class_web_service.php
index 99415192095cb164ef30c9da144485e140450658..074287d16cdd6e75500a91089289d11d00186a9a 100644
--- a/core/trunk/core/class/web_service/class_web_service.php
+++ b/core/trunk/core/class/web_service/class_web_service.php
@@ -169,8 +169,20 @@ class webService {
                 $_SESSION['user']['UserId'] = $_SERVER["PHP_AUTH_USER"];
                 $password = $_SERVER["PHP_AUTH_PW"];
             }
+
+            $userID = str_replace('\'', '', $_SESSION['user']['UserId']);
+            $userID = str_replace('=', '', $userID);
+            $userID = str_replace('"', '', $userID);
+            $userID = str_replace('*', '', $userID);
+            $userID = str_replace(';', '', $userID);
+            $userID = str_replace('--', '', $userID);
+            $userID = str_replace(',', '', $userID);
+            $userID = str_replace('$', '', $userID);
+            $userID = str_replace('>', '', $userID);
+            $userID = str_replace('<', '', $userID);
+
             $connexion->query("select * from " . $_SESSION['tablename']['users']
-                . " where user_id = '" . $_SESSION['user']['UserId']
+                . " where user_id = '" . $userID
                 . "' and password = '" . md5($password) . "' and STATUS <> 'DEL'");
             //$connexion->show();exit;
             if ($connexion->nb_result() > 0) {