diff --git a/results/stats.php b/results/stats.php
index be35a6eac..b8fbee89d 100755
--- a/results/stats.php
+++ b/results/stats.php
@@ -86,9 +86,9 @@
$speedtest = getSpeedtestUserById($_GET['id']);
$speedtests = [];
if (false === $speedtest) {
- echo 'There was an error trying to fetch the speedtest result for ID "'.$_GET['id'].'".
';
+ echo 'There was an error trying to fetch the speedtest result for ID "'.htmlspecialchars($_GET['id'], ENT_HTML5, 'UTF-8').'".
';
} elseif (null === $speedtest) {
- echo 'Could not find a speedtest result for ID "'.$_GET['id'].'".
';
+ echo 'Could not find a speedtest result for ID "'.htmlspecialchars($_GET['id'], ENT_HTML5, 'UTF-8').'".
';
} else {
$speedtests = [$speedtest];
}