diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php
index f774b5dcc3..4732f3c3a6 100644
--- a/phpBB/includes/db/dbal.php
+++ b/phpBB/includes/db/dbal.php
@@ -364,7 +364,7 @@ class dbal
 				// Print out a nice backtrace...
 				$backtrace = get_backtrace();
 
-				$message .= ($sql) ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '';
+				$message .= ($sql) ? '<br /><br /><u>SQL</u><br /><br />' . htmlspecialchars($sql) : '';
 				$message .= ($backtrace) ? '<br /><br /><u>BACKTRACE</u><br />'  . $backtrace : '';
 				$message .= '<br />';
 			}