diff -ruN urulu-2.1.orig/src/server/widgetallocator.php urulu-2.1/src/server/widgetallocator.php
--- urulu-2.1.orig/src/server/widgetallocator.php	Thu Aug 30 01:00:41 2007
+++ urulu-2.1/src/server/widgetallocator.php	Sat Feb  2 17:53:55 2008
@@ -547,7 +547,7 @@
 			FROM
 				datserialisation AS T1
 			WHERE
-				T1.conid = '" . USyn::instance()->conid . "'
+				T1.conid = '" . DB::instance()->escape(USyn::instance()->conid) . "'
 		");
 		return $tuple[0]->cnt > 0;
 	}
@@ -560,13 +560,13 @@
 			FROM
 				datserialisation AS T1
 			WHERE 
-				T1.conid = '" . USyn::instance()->conid . "'
+				T1.conid = '" . DB::instance()->escape(USyn::instance()->conid) . "'
 		");
 		DB::instance()->query("
 			DELETE FROM
 				datserialisation
 			WHERE 
-				conid = '" . USyn::instance()->conid . "'
+				conid = '" . DB::instance()->escape(USyn::instance()->conid) . "'
 		");
 	}
 	public function getCachedWidgetIds() {
@@ -595,7 +595,7 @@
 					INSERT INTO
 						datserialisation (conid, widgetid)
 					SELECT
-						'" . USyn::instance()->conid . "' AS conid,
+						'" . DB::instance()->escape(USyn::instance()->conid) . "' AS conid,
 						T1.widgetid AS widgetid
 					FROM
 						datwidgetcache" . $this->mWidgetCache . " AS T1