diff --git a/admin/dataentry.php b/admin/dataentry.php
index df6389cd60e..cec451a2d2e 100644
--- a/admin/dataentry.php
+++ b/admin/dataentry.php
@@ -600,7 +600,7 @@
                     case "Q":
                     case "K":
                         $dataentryoutput .= "\t{$fname['subquestion']}&nbsp;<input type='text' name='{$fname['fieldname']}' value='"
-                        .$idrow[$fname['fieldname']] . "' />\n";
+                        .htmlspecialchars($idrow[$fname['fieldname']],ENT_QUOTES) . "' />\n";
                         break;
                     case "id":
                         $dataentryoutput .= "<span style='font-weight:bold;'>&nbsp;{$idrow[$fname['fieldname']]}</span>";