Index: wp-includes/taxonomy.php
===================================================================
--- wp-includes/taxonomy.php	(revision 16956)
+++ wp-includes/taxonomy.php	(working copy)
@@ -1237,7 +1237,7 @@
 	}
 
 	if ( !empty($name__like) )
-		$where .= " AND t.name LIKE '{$name__like}%'";
+		$where .= " AND t.name LIKE '" . like_escape( $name__like ) . "%'";
 
 	if ( '' !== $parent ) {
 		$parent = (int) $parent;
Index: wp-includes/comment.php
===================================================================
--- wp-includes/comment.php	(revision 16956)
+++ wp-includes/comment.php	(working copy)
@@ -345,7 +345,7 @@
 	 * @return string
 	 */
 	function get_search_sql( $string, $cols ) {
-		$string = esc_sql( $string );
+		$string = esc_sql( like_escape( $string ) );
 
 		$searches = array();
 		foreach ( $cols as $col )
Index: wp-includes/functions.php
===================================================================
--- wp-includes/functions.php	(revision 16956)
+++ wp-includes/functions.php	(working copy)
@@ -1206,7 +1206,7 @@
 
 	foreach ( $pung as $link_test ) {
 		if ( !in_array( $link_test, $post_links_temp[0] ) ) { // link no longer in post
-			$mid = $wpdb->get_col( $wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $link_test . '%') );
+			$mid = $wpdb->get_col( $wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, like_escape( $link_test ) . '%') );
 			do_action( 'delete_postmeta', $mid );
 			$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id IN(%s)", implode( ',', $mid ) ) );
 			do_action( 'deleted_postmeta', $mid );
@@ -1226,7 +1226,7 @@
 	}
 
 	foreach ( (array) $post_links as $url ) {
-		if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $url . '%' ) ) ) {
+		if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, like_escape( $url ) . '%' ) ) ) {
 
 			if ( $headers = wp_get_http_headers( $url) ) {
 				$len = (int) $headers['content-length'];
Index: wp-includes/class-wp-xmlrpc-server.php
===================================================================
--- wp-includes/class-wp-xmlrpc-server.php	(revision 16956)
+++ wp-includes/class-wp-xmlrpc-server.php	(working copy)
@@ -3367,7 +3367,7 @@
 			} elseif ( is_string($urltest['fragment']) ) {
 				// ...or a string #title, a little more complicated
 				$title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']);
-				$sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title);
+				$sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", like_escape( $title ) );
 				if (! ($post_ID = $wpdb->get_var($sql)) ) {
 					// returning unknown error '0' is better than die()ing
 			  		return new IXR_Error(0, '');
Index: wp-includes/query.php
===================================================================
--- wp-includes/query.php	(revision 16956)
+++ wp-includes/query.php	(working copy)
@@ -2045,11 +2045,11 @@
 			$n = !empty($q['exact']) ? '' : '%';
 			$searchand = '';
 			foreach( (array) $q['search_terms'] as $term ) {
-				$term = addslashes_gpc($term);
+				$term = esc_sql( like_escape( $term ) );
 				$search .= "{$searchand}(($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}'))";
 				$searchand = ' AND ';
 			}
-			$term = esc_sql($q['s']);
+			$term = esc_sql( like_escape( $q['s'] ) );
 			if ( empty($q['sentence']) && count($q['search_terms']) > 1 && $q['search_terms'][0] != $q['s'] )
 				$search .= " OR ($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}')";
 
Index: wp-includes/canonical.php
===================================================================
--- wp-includes/canonical.php	(revision 16956)
+++ wp-includes/canonical.php	(working copy)
@@ -385,7 +385,7 @@
 	if ( !get_query_var('name') )
 		return false;
 
-	$where = $wpdb->prepare("post_name LIKE %s", get_query_var('name') . '%');
+	$where = $wpdb->prepare("post_name LIKE %s", like_escape( get_query_var('name') ) . '%');
 
 	// if any of post_type, year, monthnum, or day are set, use them to refine the query
 	if ( get_query_var('post_type') )
Index: wp-admin/admin-ajax.php
===================================================================
--- wp-admin/admin-ajax.php	(revision 16956)
+++ wp-admin/admin-ajax.php	(working copy)
@@ -1246,11 +1246,11 @@
 
 	$searchand = $search = '';
 	foreach ( (array) $search_terms as $term ) {
-		$term = addslashes_gpc($term);
+		$term = esc_sql( like_escape( $term ) );
 		$search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
 		$searchand = ' AND ';
 	}
-	$term = $wpdb->escape($s);
+	$term = esc_sql( like_escape( $s ) );
 	if ( count($search_terms) > 1 && $search_terms[0] != $s )
 		$search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";