diff --git a/www/api/edu.php b/www/api/edu.php
index d31fbb5..27b7b1b 100644
--- a/www/api/edu.php
+++ b/www/api/edu.php
@@ -27,12 +27,12 @@
     $query= mysql_query($sql); 
     if(mysql_num_rows($query) != 1)
     {
-      echo "NOT FOUND: $sql";
+      echo "NOT FOUND: ".sanitizeHTML($sql);
     }
     else
     {
       $memid = mysql_fetch_assoc($query);
-      echo $memid['memid'];
+      echo sanitizeHTML($memid['memid']);
     }
   }
   else