diff --git a/edit.inc.php b/edit.inc.php
index fdf83a12..f918d4e7 100644
--- a/edit.inc.php
+++ b/edit.inc.php
@@ -31,6 +31,7 @@ if ($_POST) {
 		header("Location: " . $SELF . "select=" . urlencode($_GET["edit"]) . (SID ? "&" . SID : ""));
 		exit;
 	}
+	$error = mysql_error();
 }
 page_header(($_GET["where"] ? lang('Edit') : lang('Insert')) . ": " . htmlspecialchars($_GET["edit"]));
 echo "<h2>" . ($_GET["where"] ? lang('Edit') : lang('Insert')) . ": " . htmlspecialchars($_GET["edit"]) . "</h2>\n";
@@ -47,7 +48,7 @@ if (is_array($_GET["null"])) {
 	}
 }
 if ($_POST) {
-	echo "<p class='error'>" . lang('Error during saving') . ": " . htmlspecialchars(mysql_error()) . "</p>\n";
+	echo "<p class='error'>" . lang('Error during saving') . ": " . htmlspecialchars($error) . "</p>\n";
 	$data = $_POST["fields"];
 	foreach ($_POST["fields"] as $key => $val) {
 		$data[$key] = null;
diff --git a/sql.inc.php b/sql.inc.php
index 17ea36fa..77c14e8b 100644
--- a/sql.inc.php
+++ b/sql.inc.php
@@ -13,7 +13,7 @@ echo "<h2>" . lang('SQL command') . "</h2>\n";
 
 if ($_POST) {
 	if (!$result) {
-		echo "<p class='error'>" . lang('Error in query') . ": $error</p>\n";
+		echo "<p class='error'>" . lang('Error in query') . ": " . htmlspecialchars($error) . "</p>\n";
 	} else {
 		if (!mysql_num_rows($result)) {
 			echo "<p class='message'>" . lang('No rows.') . "</p>\n";