diff --git a/phpBB/admin/admin_users.php b/phpBB/admin/admin_users.php
index dbbb5e04f0..ee53ddd3d5 100644
--- a/phpBB/admin/admin_users.php
+++ b/phpBB/admin/admin_users.php
@@ -716,7 +716,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
 		}
 		else
 		{
-			$this_userdata = get_userdata(htmlspecialchars($HTTP_POST_VARS['username']));
+			$this_userdata = get_userdata($HTTP_POST_VARS['username']);
 			if( !$this_userdata )
 			{
 				message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index b93017a98f..5367d0e429 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -78,10 +78,12 @@ function get_userdata($user)
 {
 	global $db;
 
+	$user = ( intval($user) == 0) ? str_replace("\'", "''", htmlspecialchars(trim($user))) : intval($user);
+
 	$sql = "SELECT *
 		FROM " . USERS_TABLE . " 
 		WHERE ";
-	$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" .  str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS;
+	$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" .  $user . "'" ) . " AND user_id <> " . ANONYMOUS;
 	if ( !($result = $db->sql_query($sql)) )
 	{
 		message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql);
diff --git a/phpBB/includes/usercp_viewprofile.php b/phpBB/includes/usercp_viewprofile.php
index 0b5bd0939b..2abea0a74c 100644
--- a/phpBB/includes/usercp_viewprofile.php
+++ b/phpBB/includes/usercp_viewprofile.php
@@ -31,7 +31,7 @@ if ( empty($HTTP_GET_VARS[POST_USERS_URL]) || $HTTP_GET_VARS[POST_USERS_URL] ==
 {
 	message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']);
 }
-$profiledata = get_userdata(intval($HTTP_GET_VARS[POST_USERS_URL]));
+$profiledata = get_userdata($HTTP_GET_VARS[POST_USERS_URL]);
 
 $sql = "SELECT *
 	FROM " . RANKS_TABLE . "