diff --git a/db_sql.php b/db_sql.php
index 2ac198bda..420561e81 100644
--- a/db_sql.php
+++ b/db_sql.php
@@ -37,7 +37,7 @@ if ($num_tables == 0 && empty($db_query_force)) {
 /**
  * Query box, bookmark, insert data from textfile
  */
-PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? $_REQUEST['delimiter'] : ';');
+PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? htmlspecialchars($_REQUEST['delimiter']) : ';');
 
 /**
  * Displays the footer