diff --git a/committee_auth.php b/committee_auth.php
index c1520704..c016dced 100644
--- a/committee_auth.php
+++ b/committee_auth.php
@@ -13,7 +13,7 @@ function auth_has_access($access="")
 	}
 	else
 	{
-		$q=mysql_query("SELECT access_admin, access_config, access_super FROM committees_members WHERE email='".$_SESSION['email']."' AND id='".$_SESSION['committee_member_id']."' AND deleted='N'"); 
+		$q=mysql_query("SELECT access_admin, access_config, access_super FROM committees_members WHERE email='".mysql_escape_string($_SESSION['email'])."' AND id='".$_SESSION['committee_member_id']."' AND deleted='N'"); 
 
 		$r=mysql_fetch_object($q);
 		$accesscache['admin']=$r->access_admin;
diff --git a/register_participants.php b/register_participants.php
index 9b986c1d..b86b9589 100644
--- a/register_participants.php
+++ b/register_participants.php
@@ -138,7 +138,7 @@
  if($_POST['action']=="login" && ( $_POST['email'] || $_SESSION['email']) )
  {
  	if($_POST['email'])
-	 	$_SESSION['email']=$_POST['email'];
+	 	$_SESSION['email']=stripslashes(mysql_escape_string($_POST['email']));
 
  	echo "<form method=\"post\" action=\"register_participants.php\">";