diff --git a/classes/Profile.php b/classes/Profile.php
index cefcaf90b5..540699eb3a 100644
--- a/classes/Profile.php
+++ b/classes/Profile.php
@@ -682,7 +682,7 @@ class Profile extends Managed_DataObject
         $profile = new Profile();
         $tagged = array();
 
-        $cnt = $profile->query(sprintf($qry, $this->id, $this->id, $tag));
+        $cnt = $profile->query(sprintf($qry, $this->id, $this->id, $profile->escape($tag)));
 
         while ($profile->fetch()) {
             $tagged[] = clone($profile);