diff --git a/account.php b/account.php
index eada1b5..26de23e 100644
--- a/account.php
+++ b/account.php
@@ -169,7 +169,7 @@ function cmd_send_passwd()
     }
     else
     {
-        addmsg("Sorry, that username (".$_POST['ext_username'].") does not exist.", "red");
+        addmsg("Sorry, that username (". urlencode($_POST['ext_username']) .") does not exist.", "red");
     }
     
     redirect(apidb_fullurl("account.php?cmd=login"));
diff --git a/search.php b/search.php
index fdc2600..873cc83 100644
--- a/search.php
+++ b/search.php
@@ -16,7 +16,7 @@ if(mysql_num_rows($result) == 0)
 {
 	// do something
 	echo html_frame_start("","98%");
-	echo "No matches found for ".$_REQUEST['q']."\n";
+	echo "No matches found for ". urlencode($_REQUEST['q']) .  "\n";
 	echo html_frame_end();
 }
 else