Well thet image you attached... clearly shows the line:$queryterm=db_real_escape($_REQUEST,false); //escape the term ONLY...no quotes.in your code twice. It looks to me like you didn't remove the second one. It looks to me like the change was commited to develop/next on Jul 29, 2015. So I would think that all the releases after that should all have the updated code.