diff --git a/Ajax.php b/Ajax.php
index 3b8f6d5b..a00ea666 100644
--- a/Ajax.php
+++ b/Ajax.php
@@ -265,7 +265,7 @@
             } else {
                 $ip = $_SERVER['REMOTE_ADDR'];
             }
-
+            $ip = sqlSecurityFilter($ip);
 
             echo "" . _youReNotAllowedToUseThisProgram . "! " . _thisAttemptedViolationHasBeenLoggedAndYourIpAddressWasCaptured . ".";
             DBQuery("INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$ip','" . date('Y-m-d') . "','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','" . User('USERNAME') . "')");
diff --git a/ForExport.php b/ForExport.php
index 3631f58a..bee842a6 100644
--- a/ForExport.php
+++ b/ForExport.php
@@ -137,7 +137,7 @@
 			} else {
 				$ip = $_SERVER['REMOTE_ADDR'];
 			}
-			
+			$ip = sqlSecurityFilter($ip);
 			
 			echo ""._youReNotAllowedToUseThisProgram."! "._thisAttemptedViolationHasBeenLoggedAndYourIpAddressWasCaptured.".";
 			DBQuery("INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$ip','".date('Y-m-d')."','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','".User('USERNAME')."')");
diff --git a/ForWindow.php b/ForWindow.php
index fbf7be03..1c8b51bd 100644
--- a/ForWindow.php
+++ b/ForWindow.php
@@ -126,7 +126,7 @@
             } else {
                 $ip = $_SERVER['REMOTE_ADDR'];
             }
-
+            $ip = sqlSecurityFilter($ip);
             echo ""._youReNotAllowedToUseThisProgram."! "._thisAttemptedViolationHasBeenLoggedAndYourIpAddressWasCaptured.".";
 
             DBQuery("INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$ip','" . date('Y-m-d') . "','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','" . optional_param('modname', '', PARAM_NOTAGS) . "','" . User('USERNAME') . "')");
diff --git a/Modules.php b/Modules.php
index 7ada7a7d..69af27ee 100644
--- a/Modules.php
+++ b/Modules.php
@@ -1007,7 +1007,7 @@
             } else {
                 $ip = $_SERVER['REMOTE_ADDR'];
             }
-
+            $ip = sqlSecurityFilter($ip);
             if ($openSISNotifyAddress)
                 mail($openSISNotifyAddress, 'HACKING ATTEMPT', "INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$ip','" . date('Y-m-d') . "','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','" . User('USERNAME') . "')");
             if (false && function_exists('query')) {
@@ -1017,7 +1017,7 @@
                 } else {
                     $ip = $_SERVER['REMOTE_ADDR'];
                 }
-
+                $ip = sqlSecurityFilter($ip);
                 $connection = new mysqli('os4ed.com', 'openSIS_log', 'openSIS_log', 'openSIS_log');
 
                 $connection->query("INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$ip','" . date('Y-m-d') . "','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','" . optional_param('modname', '', PARAM_CLEAN) . "','" . User('USERNAME') . "')");
diff --git a/functions/HackingLogFnc.php b/functions/HackingLogFnc.php
index 1efdfb86..974c22cf 100644
--- a/functions/HackingLogFnc.php
+++ b/functions/HackingLogFnc.php
@@ -49,7 +49,7 @@ function HackingLog()
 	} else {
 		$ip = $_SERVER['REMOTE_ADDR'];
 	}
-
+	$ip = sqlSecurityFilter($ip);
 	if ($openSISNotifyAddress)
 		mail($openSISNotifyAddress, 'HACKING ATTEMPT', "INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$ip','" . date('Y-m-d') . "','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','" . User('USERNAME') . "')");
 
@@ -60,6 +60,7 @@ function HackingLog()
 		} else {
 			$ip = $_SERVER['REMOTE_ADDR'];
 		}
+		$ip = sqlSecurityFilter($ip);
 		$access = 'c09heEQ1czZmcng0eG14dk4va0l0dz09';
 		$url = 'dkZDQUNOTUhXaWF6dkYwNTlDNEpSQT09';
 
diff --git a/index.php b/index.php
index 331fa0e7..f1794e74 100644
--- a/index.php
+++ b/index.php
@@ -438,7 +438,7 @@
             } else {
                 $ip = $_SERVER['REMOTE_ADDR'];
             }
-
+            
 
             $date = date("Y-m-d H:i:s");
             $fname_ins = singleQuoteReplace("'", "''", $_SESSION['FIRST_NAME']);