diff --git a/code/web/public_php/login/r2_login.php b/code/web/public_php/login/r2_login.php
index 854c4feab..843f12b85 100755
--- a/code/web/public_php/login/r2_login.php
+++ b/code/web/public_php/login/r2_login.php
@@ -190,8 +190,8 @@ function checkUserValidity($login, $password, $clientApplication, $cp, &$id, &$r
     if (mysqli_num_rows($result) == 0) {
         if ($AcceptUnknownUser) {
             // login doesn't exist, create it
-            $password = mysqli_real_escape_string($link, $password);
-            $query = "INSERT INTO user (Login, Password) VALUES ('$login', '$password')";
+            $escaped_password = $mysqli->escape_string($password);
+            $query = "INSERT INTO user (Login, Password) VALUES ('$login', '$escaped_password')";
             $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
 
             // get the user to have his UId