diff --git a/GameEngine/Account.php b/GameEngine/Account.php
index 59faf646..951f0783 100644
--- a/GameEngine/Account.php
+++ b/GameEngine/Account.php
@@ -178,6 +178,7 @@ class Account {
 
 	private function Login() {
 		global $database,$session,$form;
+		$_POST['user'] = mysql_real_escape_string($_POST['user']);
 		if(!isset($_POST['user']) || $_POST['user'] == "") {
 			$form->addError("user",LOGIN_USR_EMPTY);
 		}