diff --git a/inc/account/account.login.php b/inc/account/account.login.php
index 6a9672c..d4eb983 100644
--- a/inc/account/account.login.php
+++ b/inc/account/account.login.php
@@ -21,9 +21,9 @@
 if(isset($_GET['exec']) && $_GET['exec'] == "login")
 {
 
-	$login = str_replace("'", "", $_POST['login']);
+	$login = $RDB->real_escape_string($_POST['login']);
 	$pass = $Account->sha_password($login, $_POST['pass']);
-	$account_id = $RDB->selectCell("SELECT `id` FROM `account` WHERE `username` = '".$_POST['login']."' LIMIT 1");
+	$account_id = $RDB->selectCell("SELECT `id` FROM `account` WHERE `username` = '$login' LIMIT 1");
 	
 	// initiate the login array, and send it in
 	$params = array('username' => $login, 'sha_pass_hash' => $pass);