Index: bp-core/bp-core-classes.php
===================================================================
--- bp-core/bp-core-classes.php	(revision 6960)
+++ bp-core/bp-core-classes.php	(working copy)
@@ -317,7 +317,7 @@
 		// To avoid global joins, do a separate query
 		// @todo remove need for bp_is_active() check
 		if ( false !== $search_terms && bp_is_active( 'xprofile' ) ) {
-			$found_user_ids = $wpdb->get_col( $wpdb->prepare( "SELECT user_id FROM {$bp->profile->table_name_data} WHERE value LIKE %s", '%%' . like_escape( $search_terms ) . '%%' ) );
+			$found_user_ids = $wpdb->get_col( $wpdb->prepare( "SELECT user_id FROM {$bp->profile->table_name_data} WHERE value LIKE %s", '%' . like_escape( $wpdb->escape( $search_terms ) ) . '%' ) );
 
 			if ( ! empty( $found_user_ids ) ) {
 				$sql['where'][] = "u.{$this->uid_name} IN (" . implode( ',', wp_parse_id_list( $found_user_ids ) ) . ")";