diff --git a/filesystem/Folder.php b/filesystem/Folder.php
index 9f4b328c722..04695586e3a 100755
--- a/filesystem/Folder.php
+++ b/filesystem/Folder.php
@@ -42,7 +42,14 @@ static function findOrMake($folderPath) {
 		$item = null;
 		foreach($parts as $part) {
 			if(!$part) continue; // happens for paths with a trailing slash
-			$item = DataObject::get_one("Folder", "\"Name\" = '$part' AND \"ParentID\" = $parentID");
+			$item = DataObject::get_one(
+				"Folder", 
+				sprintf(
+					"\"Name\" = '%s' AND \"ParentID\" = %d",
+					Convert::raw2sql($part), 
+					(int)$parentID
+				)
+			);
 			if(!$item) {
 				$item = new Folder();
 				$item->ParentID = $parentID;