- $seatClause[] = '( participant.role_id IN ( ' . implode(' , ', (array) $this->_formValues['participant_role_id']) . ' ) )';
+ $escapedRoles = array();
+ foreach ((array) $this->_formValues['participant_role_id'] as $participantRole) {
+ $escapedRoles[] = CRM_Utils_Type::escape($participantRole, 'String');
+ }
+ $seatClause[] = "( participant.role_id IN ( '" . implode("' , '", $escapedRoles) . "' ) )";