diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php
index a9de7354de..23deef8043 100644
--- a/wp-includes/wp-db.php
+++ b/wp-includes/wp-db.php
@@ -93,12 +93,14 @@ class wpdb {
 		$EZSQL_ERROR[] = 
 		array ('query' => $this->last_query, 'error_str' => $str);
 
+		$str = wp_specialchars($str, 1);
+		$query = wp_specialchars($this->last_query, 1);
 		// Is error output turned on or not..
 		if ( $this->show_errors ) {
 			// If there is an error then take note of it
 			print "<div id='error'>
 			<p class='wpdberror'><strong>WordPress database error:</strong> [$str]<br />
-			<code>$this->last_query</code></p>
+			<code>$query</code></p>
 			</div>";
 		} else {
 			return false;