I do not see how your error can happen. In our image-inc.php file we explicitly addslashes where needed. Most variables are typecast and addslashes is used in that function. Now a username is not typecast so that specifically is addslashed right before the query so the 64 million dollar question is why is your name not addslashes?
Content visible to verified customers only.