Index: contexthelp.module
===================================================================
--- contexthelp.module	(revision 1675)
+++ contexthelp.module	(working copy)
@@ -388,7 +388,7 @@
       // Add our language checking and data field checking for the view note the field is
       // utilizing LIKE is on the right hand side so we can support wildcards in the system
       $query .= " AND node.language = '%s' AND '%s' LIKE {%s}.%s";
-      $query = sprintf($query, $contexthelp_type, _contexthelp_get_user_locale(), $url, $tablename, $column_name);
+      $query = sprintf($query, $contexthelp_type, _contexthelp_get_user_locale(), db_escape_string($url), $tablename, $column_name);
       // Checking if we actually had to split the array first
       if (isset($data) && is_array($data)) {
         $query .= ' ORDER BY '. $data[1];
