Index: t3lib/tceforms/class.t3lib_tceforms_suggest_defaultreceiver.php
===================================================================
--- t3lib/tceforms/class.t3lib_tceforms_suggest_defaultreceiver.php	(revision 7796)
+++ t3lib/tceforms/class.t3lib_tceforms_suggest_defaultreceiver.php	(working copy)
@@ -234,6 +234,7 @@
 		$searchString = $this->params['value'];
 		$searchUid = intval($searchString);
 		if (strlen($searchString)) {
+			$searchString = $GLOBALS['TYPO3_DB']->quoteStr($searchString, $this->table);
 			$likeCondition = ' LIKE \'' . ($searchWholePhrase ? '%' : '') .
 				$GLOBALS['TYPO3_DB']->escapeStrForLike($searchString, $this->table).'%\'';