diff --git a/include/application.php b/include/application.php
index 7348c24..28e98d4 100644
--- a/include/application.php
+++ b/include/application.php
@@ -31,7 +31,7 @@ class Application {
     function Application($iAppId = null)
     {
         // we are working on an existing application
-        if($iAppId)
+        if(is_numeric($iAppId))
         {
             /*
              * We fetch application data and versionsIds. 
diff --git a/include/comment.php b/include/comment.php
index 4887c93..3a9d0dc 100644
--- a/include/comment.php
+++ b/include/comment.php
@@ -25,7 +25,7 @@ class Comment {
      */
     function Comment($iCommentId="")
     {
-        if($iCommentId)
+        if(is_numeric($iCommentId))
         {
 
             $sQuery = "SELECT appComments.*, appVersion.appId AS appId
diff --git a/include/screenshot.php b/include/screenshot.php
index 1d61d93..2727437 100644
--- a/include/screenshot.php
+++ b/include/screenshot.php
@@ -28,7 +28,7 @@ class Screenshot {
     function Screenshot($iScreenshotId = null)
     {
         // we are working on an existing screenshot
-        if($iScreenshotId)
+        if(is_numeric($iScreenshotId))
         {
             $sQuery = "SELECT appData.*, appVersion.appId AS appId
                        FROM appData, appVersion 
diff --git a/include/user.php b/include/user.php
index 6279536..d2d6392 100644
--- a/include/user.php
+++ b/include/user.php
@@ -22,7 +22,7 @@ class User {
     function User($iUserId="")
     {
         $this->sRealname = "an anonymous user";
-        if($iUserId)
+        if(is_numeric($iUserId))
         {
             $sQuery = "SELECT *
                        FROM user_list
@@ -47,8 +47,8 @@ class User {
     {
         $sQuery = "SELECT *
                    FROM user_list
-                   WHERE email = '".$sEmail."'
-                   AND password = password('".$sPassword."')";
+                   WHERE email = '".addslashes($sEmail)."'
+                   AND password = password('".addslashes($sPassword)."')";
         $hResult = query_appdb($sQuery);
         $oRow = mysql_fetch_object($hResult);
         $this->iUserId = $oRow->userid;
diff --git a/include/vendor.php b/include/vendor.php
index 7fec994..6bc03c6 100644
--- a/include/vendor.php
+++ b/include/vendor.php
@@ -18,7 +18,7 @@ class Vendor {
     function Vendor($iVendorId = null)
     {
         // we are working on an existing vendor
-        if($iVendorId)
+        if(is_numeric($iVendorId))
         {
             /*
              * We fetch the data related to this vendor.
diff --git a/include/version.php b/include/version.php
index f0c9301..6b26bcc 100644
--- a/include/version.php
+++ b/include/version.php
@@ -32,7 +32,7 @@ class Version {
     function Version($iVersionId = null)
     {
         // we are working on an existing version
-        if($iVersionId)
+        if(is_numeric($iVersionId))
         {
             /*
              * We fetch the data related to this version.