diff --git a/files/helpers/alerts.py b/files/helpers/alerts.py
index e4426de18..2905a840a 100644
--- a/files/helpers/alerts.py
+++ b/files/helpers/alerts.py
@@ -52,6 +52,20 @@ def notif_comment(text, autojanny=False):
 	else: return create_comment(text_html, autojanny)
 
 
+def notif_comment2(p):
+
+	search_html = f'%</a> has mentioned you: <a href="/post/{p.id}" rel="nofollow">%'
+
+	existing = g.db.query(Comment.id).filter(Comment.author_id == NOTIFICATIONS_ID, Comment.parent_submission == None, Comment.body_html.like(search_html)).first()
+	
+	if existing: return existing[0]
+	else:
+		text = f"@{p.author.username} has mentioned you: [{p.title}](/post/{p.id})"
+		if p.sub: text += f" in <a href='/s/{p.sub}'>/s/{p.sub}"
+		text_html = sanitize(text, alert=True)
+		return create_comment(text_html)
+
+
 def add_notif(cid, uid):
 	existing = g.db.query(Notification.user_id).filter_by(comment_id=cid, user_id=uid).one_or_none()
 	if not existing:
diff --git a/files/helpers/get.py b/files/helpers/get.py
index 7a7255391..7705adadf 100644
--- a/files/helpers/get.py
+++ b/files/helpers/get.py
@@ -4,9 +4,7 @@ from flask import g
 
 def get_id(username, v=None, graceful=False):
 	
-	username = username.replace('\\', '')
-	username = username.replace('_', '\_')
-	username = username.replace('%', '')
+	username = username.replace('\\', '').replace('_', '\_').replace('%', '').strip()
 
 	user = g.db.query(
 		User.id
diff --git a/files/routes/front.py b/files/routes/front.py
index c4a103037..f9c0605de 100644
--- a/files/routes/front.py
+++ b/files/routes/front.py
@@ -324,6 +324,7 @@ def frontlist(v=None, sort="hot", page=1, t="all", ids_only=True, ccmode="false"
 
 	if v and filter_words:
 		for word in filter_words:
+			word  = word.replace('\\', '').replace('_', '\_').replace('%', '\%').strip()
 			posts=posts.filter(not_(Submission.title.ilike(f'%{word}%')))
 
 	if not (v and v.shadowbanned):
diff --git a/files/routes/login.py b/files/routes/login.py
index 90786f878..d3a738313 100644
--- a/files/routes/login.py
+++ b/files/routes/login.py
@@ -85,6 +85,7 @@ def login_post():
 	template = ''
 
 	username = request.values.get("username")
+	username  = username.replace('\\', '').replace('_', '\_').replace('%', '').strip()
 
 	if not username: abort(400)
 	if username.startswith('@'): username = username[1:]
@@ -185,6 +186,9 @@ def sign_up_get(v):
 	if not agent: abort(403)
 
 	ref = request.values.get("ref", None)
+
+	ref  = ref.replace('\\', '').replace('_', '\_').replace('%', '').strip()
+
 	if ref:
 		ref_user = g.db.query(User).filter(User.username.ilike(ref)).one_or_none()
 
@@ -372,7 +376,8 @@ def post_forgot():
 		return render_template("forgot_password.html", error="Invalid email.")
 
 
-	email = email.replace("_","\_")
+	username  = username.replace('\\', '').replace('_', '\_').replace('%', '').strip()
+	email  = email.replace('\\', '').replace('_', '\_').replace('%', '').strip()
 
 	user = g.db.query(User).filter(
 		User.username.ilike(username),
diff --git a/files/routes/posts.py b/files/routes/posts.py
index d59a6b9dc..f5313cf09 100644
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@@ -98,10 +98,7 @@ def publish(pid, v):
 		notify_users = NOTIFY_USERS(f'{post.title} {post.body}', v)
 
 		if notify_users:
-			text = f"@{v.username} has mentioned you: [{SITE_FULL}/post/{post.id}](/post/{post.id})"
-			if post.sub: text += f" in <a href='/s/{post.sub}'>/s/{post.sub}"
-
-			cid = notif_comment(text)
+			cid = notif_comment2(post)
 			for x in notify_users:
 				add_notif(cid, x)
 
@@ -577,19 +574,17 @@ def edit_post(pid, v):
 
 
 
-		if not p.private and not p.ghost:
-			notify_users = NOTIFY_USERS(f'{title} {body}', v)
-			if notify_users:
-				cid = notif_comment(f"@{v.username} has mentioned you: [{SITE_FULL}/post/{p.id}](/post/{p.id})")
-				for x in notify_users:
-					add_notif(cid, x)
-
-
-
 	if (title != p.title or body != p.body) and v.id == p.author_id:
 		if int(time.time()) - p.created_utc > 60 * 3: p.edited_utc = int(time.time())
 		g.db.add(p)
 
+	if not p.private and not p.ghost:
+		notify_users = NOTIFY_USERS(f'{title} {body}', v)
+		if notify_users:
+			cid = notif_comment2(p)
+			for x in notify_users:
+				add_notif(cid, x)
+
 	g.db.commit()
 
 	return redirect(p.permalink)
@@ -896,6 +891,8 @@ def submit_post(v, sub=None):
 		
 		url = urlunparse(new_url)
 
+		url  = url.replace('\\', '').replace('_', '\_').replace('%', '').strip()
+
 		repost = g.db.query(Submission).filter(
 			Submission.url.ilike(url),
 			Submission.deleted_utc == 0,
@@ -1186,10 +1183,7 @@ def submit_post(v, sub=None):
 		notify_users = NOTIFY_USERS(f'{title} {body}', v)
 
 		if notify_users:
-			text = f"@{v.username} has mentioned you: [{SITE_FULL}/post/{post.id}](/post/{post.id})"
-			if post.sub: text += f" in <a href='/s/{post.sub}'>/s/{post.sub}"
-
-			cid = notif_comment(text)
+			cid = notif_comment2(post)
 			for x in notify_users:
 				add_notif(cid, x)
 
diff --git a/files/routes/search.py b/files/routes/search.py
index 8916bbd5f..f508a1575 100644
--- a/files/routes/search.py
+++ b/files/routes/search.py
@@ -86,6 +86,7 @@ def searchposts(v):
 
 	if 'q' in criteria:
 		words=criteria['q'].split()
+		words = criteria['q'].replace('\\', '').replace('_', '\_').replace('%', '\%').strip().split()
 		words=[Submission.title.ilike('%'+x+'%') for x in words]
 		posts=posts.filter(*words)
 		
@@ -93,6 +94,9 @@ def searchposts(v):
 
 	if 'domain' in criteria:
 		domain=criteria['domain']
+
+		domain = domain.replace('\\', '').replace('_', '\_').replace('%', '').strip()
+
 		posts=posts.filter(
 			or_(
 				Submission.url.ilike("https://"+domain+'/%'),
@@ -221,7 +225,8 @@ def searchcomments(v):
 		else: comments = comments.filter(Comment.author_id == author.id)
 
 	if 'q' in criteria:
-		words = criteria['q'].split()
+		words = criteria['q'].replace('\\', '').replace('_', '\_').replace('%', '\%').strip().split()
+
 		words = [Comment.body.ilike('%'+x+'%') for x in words]
 		comments = comments.filter(*words)
 
@@ -283,8 +288,7 @@ def searchusers(v):
 	sort = request.values.get("sort", "new").lower()
 	t = request.values.get('t', 'all').lower()
 	term=query.lstrip('@')
-	term=term.replace('\\','')
-	term=term.replace('_','\_')
+	term = term.replace('\\','').replace('_','\_').replace('%','')
 	
 	users=g.db.query(User).filter(User.username.ilike(f'%{term}%'))
 	
diff --git a/files/routes/settings.py b/files/routes/settings.py
index 4585126a4..2528c93a0 100644
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@@ -859,7 +859,7 @@ def settings_name_change(v):
 						   v=v,
 						   error="This isn't a valid username.")
 
-	name=new_name.replace('_','\_')
+	name = new_name.replace('\\', '').replace('_','\_').replace('%','')
 
 	x= g.db.query(User).filter(
 		or_(
diff --git a/files/routes/users.py b/files/routes/users.py
index 037a1057b..f435c1020 100644
--- a/files/routes/users.py
+++ b/files/routes/users.py
@@ -634,7 +634,7 @@ def api_is_available(name, v):
 	if len(name)<3 or len(name)>25:
 		return {name:False}
 		
-	name2 = name.replace('_','\_')
+	name2 = name.replace('\\', '').replace('_','\_').replace('%','')
 
 	x= g.db.query(User).filter(
 		or_(