Ticket #7317: 7317.diff

src/bp-xprofile/bp-xprofile-functions.php

@@ -1063 +1063 @@
                 global $wpdb;
 
                 $bp = buddypress();
-                $id = $wpdb->get_var( $wpdb->prepare( "SELECT id FROM {$bp->profile->table_name_fields} WHERE name = %s", bp_xprofile_fullname_field_name() ) );
+                $id = $wpdb->get_var( $wpdb->prepare( "SELECT id FROM {$bp->profile->table_name_fields} WHERE name = %s", addslashes( bp_xprofile_fullname_field_name() ) ) );
 
                 wp_cache_set( 'fullname_field_id', $id, 'bp_xprofile' );
         }