diff --git a/phpBB/search.php b/phpBB/search.php
index d06dbfd71f..bd9bb83cab 100644
--- a/phpBB/search.php
+++ b/phpBB/search.php
@@ -197,6 +197,11 @@ else if ( $search_keywords != '' || $search_author != '' || $search_id )
 			}
 			else
 			{
+				if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author))))
+				{
+					$search_author = '';
+				}
+
 				$search_author = str_replace('*', '%', trim($search_author));
 				
 				$sql = "SELECT user_id
@@ -264,6 +269,12 @@ else if ( $search_keywords != '' || $search_author != '' || $search_id )
 
 			for($i = 0; $i < count($split_search); $i++)
 			{
+				if (preg_match('#^[\*%]+$#', trim($split_search[$i])) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($split_search[$i]))))
+				{
+					$split_search[$i] = '';
+					continue;
+				}
+
 				switch ( $split_search[$i] )
 				{
 					case 'and':
@@ -407,6 +418,11 @@ else if ( $search_keywords != '' || $search_author != '' || $search_id )
 		//
 		if ( $search_author != '' )
 		{
+			if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author))))
+			{
+				$search_author = '';
+			}
+
 			$search_author = str_replace('*', '%', trim(str_replace("\'", "''", $search_author)));
 		}