diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index 4740594a49..2e7f605c86 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,12 @@
+2010-10-08  Dario Rodriguez <dario.rodriguez@artica.es>
+
+	* include/functions_io.php: Added functions ascii_to_html and html_to_ascii. 
+	Also use this functions to convert no printing chars in function safe_input 
+	and to revert the conversion in function safe_output.
+	* include/functions_db.php: Added function escape_string_sql, is a
+	wrapper db indepenten function to do the same that function mysql_real_escape_string
+	* index.php: Use function escape_string_sql with login parameters.
+
 2010-10-08  Sergio Martin <sergio.martin@artica.es>
 
 	* include/javascript/pandora.js
diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php
index 7fcb9ec0f7..692e75f14a 100644
--- a/pandora_console/include/functions_db.php
+++ b/pandora_console/include/functions_db.php
@@ -62,6 +62,23 @@ function check_login () {
 	exit;
 }
 
+/**
+ * 
+ * Escape string to set it properly to use in sql queries
+ * 
+ * @param string String to be cleaned.
+ * 
+ * @return string String cleaned.
+ */
+function escape_string_sql ($string) {
+	
+	$str = mysql_real_escape_string($string);
+	
+	return $str;
+}
+
+
+
 /**
  * Return a array of id_group of childrens (to branches down)
  * 
diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php
index 1148c3e7fc..d60f1a89cd 100755
--- a/pandora_console/include/functions_io.php
+++ b/pandora_console/include/functions_io.php
@@ -37,10 +37,51 @@ function safe_input($value) {
     // Specific for MySQL.
     $valueHtmlEncode = str_replace('/*', "&#47;&#42;", $valueHtmlEncode);
     $valueHtmlEncode = str_replace('*/', "&#42;&#47;", $valueHtmlEncode);
+	
+	//Replace ( for the html entitie
+	$valueHtmlEncode = str_replace('(', "&#40;", $valueHtmlEncode);
+	
+	//Replace ( for the html entitie
+	$valueHtmlEncode = str_replace(')', "&#41;", $valueHtmlEncode);	
+	
+	//Replace some characteres for html entities
+	for ($i=0;$i<32;$i++) {
+		$valueHtmlEncode = str_ireplace(chr($i),ascii_to_html($i), $valueHtmlEncode);			
+	}
 
 	return $valueHtmlEncode;
 }
 
+/** 
+ * Convert ascii char to html entitines
+ * 
+ * @param int num of ascci char
+ * 
+ * @return string String of html entitie
+ */
+function ascii_to_html($num) {
+	
+	if ($num <= 15) {
+		return "&#x0".dechex($num).";";
+	} else {
+		return "&#x".dechex($num).";";
+	}
+}
+
+/** 
+ * Convert hexadecimal html entity value to char
+ * 
+ * @param string String of html hexadecimal value
+ * 
+ * @return string String with char
+ */
+function html_to_ascii($hex) {
+		
+	$dec = hexdec($hex);
+	
+	return chr($dec);
+}
+
 /**
  * Convert the $value encode in html entity to clear char string. This function 
  * should be called always to "clean" HTML encoded data; to render to a text
@@ -72,6 +113,17 @@ function safe_output($value, $utf8 = true)
 		$valueHtmlEncode =  html_entity_decode ($value, ENT_QUOTES);
 	}
 	
+	//Replace the html entitie of ( for the char
+	$valueHtmlEncode = str_replace("&#40;", '(', $valueHtmlEncode);
+	
+	//Replace the html entitie of ) for the char
+	$valueHtmlEncode = str_replace("&#41;", ')', $valueHtmlEncode);		
+	
+	//Revert html entities to chars
+	for ($i=0;$i<32;$i++) {
+		$valueHtmlEncode = str_ireplace("&#x".dechex($i).";",html_to_ascii(dechex($i)), $valueHtmlEncode);			
+	}	
+	
 	return $valueHtmlEncode;	
 }
 
diff --git a/pandora_console/index.php b/pandora_console/index.php
index 2e799cb024..2dfb3f4526 100644
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@@ -157,11 +157,12 @@ if (! isset ($config['id_user']) && isset ($_GET["loginhash"])) {
 }
 elseif (! isset ($config['id_user']) && isset ($_GET["login"])) {
 	// Login process 
-	
+	include_once('include/functions_db.php');//Include it to use escape_string_sql function
 	$config["auth_error"] = ""; //Set this to the error message from the authorization mechanism
 	$nick = get_parameter_post ("nick"); //This is the variable with the login
 	$pass = get_parameter_post ("pass"); //This is the variable with the password
-	
+	$nick = escape_string_sql($nick);
+	$pass = escape_string_sql($pass);
 	// process_user_login is a virtual function which should be defined in each auth file.
 	// It accepts username and password. The rest should be internal to the auth file.
 	// The auth file can set $config["auth_error"] to an informative error output or reference their internal error messages to it