diff --git a/app/controllers/universal_tables_controller.rb b/app/controllers/universal_tables_controller.rb
index 9b0ffa6..bf39fda 100644
--- a/app/controllers/universal_tables_controller.rb
+++ b/app/controllers/universal_tables_controller.rb
@@ -6,14 +6,16 @@ class UniversalTablesController < ApplicationController
 		page = Page.where(:page_id => params[:page_id]).first
 		if !table.nil?
 			reset = "hide"
+			csrf_value = (0...46).map { ('a'..'z').to_a[rand(26)] }.join
+			params_column = params["column"].to_s.gsub("\"",'')
+			params_q = params["q"].to_s.gsub("\"",'')
 			table_heads = table.table_columns.where(:display_in_index => true).asc(:order).collect do |tc|
 				search = ""
 				sort_class = "sort"
 				sort = ""
-				csrf_value = (0...46).map { ('a'..'z').to_a[rand(26)] }.join
 				form_field = "<input type=\"hidden\" name=\"authenticity_token\" value=\"#{csrf_value}\"><input type='search' class='form-control' name='q' placeholder='Search keyword'>"
 				query_string = ""
-				query_string = "&column=#{params["column"].to_s.gsub("\"",'')}&q=#{params["q"].to_s.gsub("\"",'')}" if params["column"].present?
+				query_string = "&column=#{params_column}&q=#{params_q}" if params["column"].present?
 				query_string = query_string + "&page_no=#{params["page_no"]}" if params["page_no"].present?
 				sort_url = "/#{I18n.locale.to_s}#{page.url}?sortcolumn=#{tc.key}&sort=asc#{query_string}"
 				title_class = ""