diff --git a/html/inc/bolt_db.inc b/html/inc/bolt_db.inc
index cbfeaa79c8..7ef291de4d 100644
--- a/html/inc/bolt_db.inc
+++ b/html/inc/bolt_db.inc
@@ -139,6 +139,7 @@ class BoltCourse {
     }
     static function lookup_name($name) {
         $db = BoltDb::get();
+        $name = BoincDb::escape_string($name);
         return $db->lookup('bolt_course', 'BoltCourse', "short_name='$name'");
     }
     static function enum() {
diff --git a/html/inc/db_conn.inc b/html/inc/db_conn.inc
index 9cd864e550..671cc8ab07 100644
--- a/html/inc/db_conn.inc
+++ b/html/inc/db_conn.inc
@@ -107,6 +107,7 @@ class DbConn {
     }
 
     function lookup_id($id, $table, $classname) {
+        $id = (int)$id;
         return $this->lookup($table, $classname, "id=$id");
     }
 
diff --git a/html/inc/submit_db.inc b/html/inc/submit_db.inc
index c890a58736..11824c39b4 100644
--- a/html/inc/submit_db.inc
+++ b/html/inc/submit_db.inc
@@ -27,6 +27,7 @@ class BoincBatch {
     }
     static function lookup_name($name) {
         $db = BoincDb::get();
+        $name = BoincDb::escape_string($name);
         return $db->lookup('batch', 'BoincBatch', "name='$name'");
     }
     static function enum($clause) {