diff --git a/warden_server/warden_server.py b/warden_server/warden_server.py
index 760443f2b077f2ad635e099c1f0444e31eca63d9..0dc445acc86e3f7fc7cd6dda2a3a934ac06b3ac6 100755
--- a/warden_server/warden_server.py
+++ b/warden_server/warden_server.py
@@ -714,10 +714,11 @@ class MySQL(ObjectBase):
         if group or nogroup:
             subquery = []
             for name in (group or nogroup):
-                subquery.append("c.name = %s")      # exact client
+                escaped_name = name.replace('&', '&&').replace("_", "&_").replace("%", "&%")  # escape for LIKE
+                subquery.append("c.name = %s")                                # exact client
                 params.append(name)
-                subquery.append("c.name LIKE %s")   # whole subtree
-                params.append(name + ".%")
+                subquery.append("c.name LIKE CONCAT(%s, '.%%') ESCAPE '&'")   # whole subtree
+                params.append(escaped_name)
 
             query.append(" AND %s (%s)" % (self._get_not(group), " OR ".join(subquery)))