diff --git a/select.inc.php b/select.inc.php
index bee8b9eb..32dddc61 100644
--- a/select.inc.php
+++ b/select.inc.php
@@ -32,7 +32,7 @@ if (!$columns) {
if (strlen($_GET["fulltext"][$i])) {
$where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST ('" . $mysql->escape_string($_GET["fulltext"][$i]) . "'" . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")";
}
- echo "(" . implode(", ", $index["columns"]) . ") AGAINST";
+ echo "(" . implode(", ", array_map('htmlspecialchars', $index["columns"])) . ") AGAINST";
echo ' ';
echo "";
echo "
\n";