diff --git a/account_update.php b/account_update.php
index aa6397b89e..bdd6f7afd7 100644
--- a/account_update.php
+++ b/account_update.php
@@ -25,6 +25,10 @@
 	# This is useful for shared accounts or for demo purposes
 	$result = 0;
 	if ( OFF == $f_protected ) {
+    
+    $f_username = addslashes($f_username);
+    $f_email = addslashes($f_email);
+    $f_id = (integer)$f_id;
 
 		# Update everything except password
 	    $query = "UPDATE $g_mantis_user_table
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 48a459b084..b1167ce298 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -23,6 +23,7 @@ Mantis
  * Added check for empty bugnotes.
  * Removed view_csv_export_inc.php (unused).
  * Removed print_user_option_list() (unused).
+ * Closed a security problem in account_update.php.
 
 05.12.2002  -   0.17.2
 
@@ -734,3 +735,4 @@ Mantis
  * Access levels
  * News system
  * Basic functionality
+