diff --git a/components/filters/fuserfield/plugin.class.php b/components/filters/fuserfield/plugin.class.php
index 40b55add..7ed5b6cc 100755
--- a/components/filters/fuserfield/plugin.class.php
+++ b/components/filters/fuserfield/plugin.class.php
@@ -236,7 +236,8 @@ private function sql_replace(string $filtersearchtext, $filterstrmatch, $finalel
             }
             if ($operator === '~') {
                 // TODO can be improved by more native PDO approach.
-                $replace = " AND " . $field . " LIKE '%" . $filtersearchtext . "%'";
+                $searchitem = trim(str_replace("'", "''", $filtersearchtext));
+                $replace = " AND " . $field . " LIKE '%" . $searchitem . "%'";
             } else if ($operator === 'in') {
                 $processeditems = [];
 
diff --git a/components/filters/searchtext/plugin.class.php b/components/filters/searchtext/plugin.class.php
index a710a9d0..081909d0 100644
--- a/components/filters/searchtext/plugin.class.php
+++ b/components/filters/searchtext/plugin.class.php
@@ -135,7 +135,8 @@ private function sql_replace($filtersearchtext, $filterstrmatch, $finalelements)
             }
 
             if ($operator === '~') {
-                $replace = " AND " . $field . " LIKE '%" . $filtersearchtext . "%'";
+                $searchitem = trim(str_replace("'", "''", $filtersearchtext));
+                $replace = " AND " . $field . " LIKE '%" . $searchitem . "%'";
             } else if ($operator === 'in') {
                 $processeditems = [];
                 // Accept comma-separated values, allowing for '\,' as a literal comma.