diff -r e960d2465cd5 src/org/openbravo/retail/posterminal/PaidReceiptsHeader.java
--- a/src/org/openbravo/retail/posterminal/PaidReceiptsHeader.java	Mon Jun 22 05:36:15 2015 +0000
+++ b/src/org/openbravo/retail/posterminal/PaidReceiptsHeader.java	Tue Aug 11 14:35:53 2015 +0200
@@ -9,7 +9,9 @@
 package org.openbravo.retail.posterminal;
 
 import java.util.Arrays;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import org.codehaus.jettison.json.JSONArray;
 import org.codehaus.jettison.json.JSONException;
@@ -23,6 +25,18 @@
   }
 
   @Override
+  protected Map<String, Object> getParameterValues(JSONObject jsonsent) throws JSONException {
+    if (!jsonsent.getJSONObject("filters").getString("filterText").isEmpty()) {
+      Map<String, Object> paramValues = new HashMap<String, Object>();
+      paramValues.put("filterT1", ("%"
+          + jsonsent.getJSONObject("filters").getString("filterText").trim() + "%"));
+      return paramValues;
+    } else {
+      return null;
+    }
+  }
+
+  @Override
   protected List<String> getQuery(JSONObject jsonsent) throws JSONException {
 
     // OBContext.setAdminMode(true);
@@ -41,12 +55,10 @@
         + json.getString("organization")
         + "' and ord.obposApplications is not null";
 
-    final String filterText = sanitizeString(json.getString("filterText"));
-    if (!filterText.isEmpty()) {
-      hqlPaidReceipts += " and (ord.documentNo like '%" + filterText
-          + "%' or REPLACE(ord.documentNo, '/', '') like '%" + filterText
-          + "%' or upper(ord.businessPartner.name) like upper('%" + filterText + "%')) ";
+    if (!json.getString("filterText").isEmpty()) {
+      hqlPaidReceipts += " and (ord.documentNo like :filterT1 or REPLACE(ord.documentNo, '/', '') like :filterT1 or upper(ord.businessPartner.name) like upper(:filterT1)) ";
     }
+
     if (!json.isNull("documentType")) {
       JSONArray docTypes = json.getJSONArray("documentType");
       hqlPaidReceipts += " and ( ";