diff --git a/CHANGE_LOG.txt b/CHANGE_LOG.txt
index 05ac92f..a164d37 100644
--- a/CHANGE_LOG.txt
+++ b/CHANGE_LOG.txt
@@ -2,7 +2,8 @@
       - Updated: Schema migration simplified by using GenericTableUpdater
       - Updated: Plugin tables are dropped during uninstall.
       - Added: Backup table for orders is added in case uninstall happens by mistake.
-
+      - Fixed: SQL escaping
+      
 1.3.0 - Added: editable order weight
 
 1.2.0 - Added: packeta shipping method configuration
diff --git a/media/admin/com_virtuemart/controllers/zasilkovna.php b/media/admin/com_virtuemart/controllers/zasilkovna.php
index ca73910..823fb4e 100644
--- a/media/admin/com_virtuemart/controllers/zasilkovna.php
+++ b/media/admin/com_virtuemart/controllers/zasilkovna.php
@@ -73,7 +73,7 @@ public function save($data = 0)
         }
 
         $db = JFactory::getDBO();
-        $q = "UPDATE #__extensions SET custom_data='" . serialize($data) . "' WHERE element='zasilkovna'";
+        $q = "UPDATE #__extensions SET custom_data='" . $db->escape(serialize($data)) . "' WHERE element='zasilkovna'";
         $db->setQuery($q);
         $db->execute();