diff --git a/core/polyfills.php b/core/polyfills.php
index a5aa2812..a4044067 100644
--- a/core/polyfills.php
+++ b/core/polyfills.php
@@ -477,16 +477,6 @@ function url_escape(?string $input): string
     return $input;
 }
 
-/**
- * Make sure some data is safe to be used in SQL context
- */
-function sql_escape(string $input): string
-{
-    global $database;
-    return $database->escape($input);
-}
-
-
 /**
  * Turn all manner of HTML / INI / JS / DB booleans into a PHP one
  */
diff --git a/ext/notes/main.php b/ext/notes/main.php
index e77f19cb..b29e8232 100644
--- a/ext/notes/main.php
+++ b/ext/notes/main.php
@@ -295,7 +295,7 @@ class Notes extends Extension
             "y1"     => int_escape($_POST["note_y1"]),
             "height" => int_escape($_POST["note_height"]),
             "width"  => int_escape($_POST["note_width"]),
-            "note"   => sql_escape(html_escape($_POST["note_text"])),
+            "note"   => $_POST["note_text"],
             "image_id" => int_escape($_POST["image_id"]),
             "id"     => int_escape($_POST["note_id"])
         ];
diff --git a/ext/tagger_xml/main.php b/ext/tagger_xml/main.php
index 13e4192a..8a8165dd 100644
--- a/ext/tagger_xml/main.php
+++ b/ext/tagger_xml/main.php
@@ -45,7 +45,7 @@ class TaggerXML extends Extension
         $p = strlen($s) == 1 ? " " : "\_";
         $values = [
             'p' => $p,
-            'sq' => "%".$p.sql_escape($s)."%"
+            'sq' => "%".$p.$s."%"
         ];
 
         // Match