- $count = countSumTotalData($filter['filter_name'], 'filters', 'filter_id', 'filter_name', true, sprintf(" AND `filter_function`='%s'", $filter['filter_function']));
+ $count = countSumTotalData($filter['filter_name'], 'filters', 'filter_id', 'filter_name', true, sprintf(" AND `filter_function`='%s'", SQL_ESCAPE($filter['filter_function'])));