diff --git a/interface/web/mail/mail_user_filter_edit.php b/interface/web/mail/mail_user_filter_edit.php
index 89f4b4fca3fc707290bc5bfa64155415b77d345b..8a13976bf7e0c820fcac66121886be23935294a8 100644
--- a/interface/web/mail/mail_user_filter_edit.php
+++ b/interface/web/mail/mail_user_filter_edit.php
@@ -70,6 +70,7 @@ class page_action extends tform_actions {
 		
 		$mailuser = $app->db->queryOneRecord("SELECT sys_groupid, custom_mailfilter FROM mail_user WHERE mailuser_id = ".$this->dataRecord["mailuser_id"]);
 		$rule_content = $mailuser['custom_mailfilter']."\n".$app->db->quote($this->getRule());
+		$rule_content = mysql_real_escape_string($rule_content);
 		$app->db->datalogUpdate('mail_user', "custom_mailfilter = '$rule_content'", 'mailuser_id', $this->dataRecord["mailuser_id"]);
 		
 		// set permissions