diff --git a/checkin_notes b/checkin_notes
index 30944e1d9a..ba301f7d54 100644
--- a/checkin_notes
+++ b/checkin_notes
@@ -8896,3 +8896,8 @@ David  6 Nov 2009
     db/
         boinc_db.cpp
 
+David  20 Dec 2009
+    - scheduler: fix SQL injection vulnerability
+
+    sched/
+        handle_request.cpp
diff --git a/sched/handle_request.cpp b/sched/handle_request.cpp
index 0764b800c7..48defae383 100644
--- a/sched/handle_request.cpp
+++ b/sched/handle_request.cpp
@@ -599,7 +599,10 @@ int send_result_abort() {
         orp.reason = ABORT_REASON_NOT_FOUND;
         if (i > 0) result_names.append(", ");
         result_names.append("'");
-        result_names.append(orp.name);
+        char buf[1024];
+        strcpy(buf, orp.name);
+        escape_string(buf, 1024);
+        result_names.append(buf);
         result_names.append("'");
     }