diff --git a/cmis/cmis_model.py b/cmis/cmis_model.py
index d21498f2..fe5828e1 100644
--- a/cmis/cmis_model.py
+++ b/cmis/cmis_model.py
@@ -137,6 +137,18 @@ class cmis_backend(orm.Model):
             raise orm.except_orm(_('Cmis  Error!'),
                                  _("Error path for : " + path))
 
+    # Escape the name for characters not supported in filenames
+    def sanitize_input(self, file_name):
+        # for avoiding SQL Injection
+        file_name = file_name.replace("'", "\\'")
+        file_name = file_name.replace("%", "\%")
+        file_name = file_name.replace("_", "\_")
+        return file_name
+
+    def safe_query(self, query, file_name, repo):
+        args = map(self.sanitize_input, file_name)
+        return repo.query(query % ''.join(args))
+
     _columns = {
         'version': fields.selection(
             _select_versions,