diff --git a/modtask.php b/modtask.php
index 23e8ba4..f8c7906 100644
--- a/modtask.php
+++ b/modtask.php
@@ -25,7 +25,7 @@ function puke()
 }
 if ($action == "edituser")
 {
-	$userid = $_POST["userid"];
+	$userid = sqlesc($_POST["userid"]);
 	$class = 0 + $_POST["class"];
 	$vip_added = ($_POST["vip_added"] == 'yes' ? 'yes' : 'no');
 	$vip_until = ($_POST["vip_until"] ? $_POST["vip_until"] : '0000-00-00 00:00:00');