diff --git a/src/backend/postgres/checkpoint.c b/src/backend/postgres/checkpoint.c
index 8c45db0e21..c0971ead51 100644
--- a/src/backend/postgres/checkpoint.c
+++ b/src/backend/postgres/checkpoint.c
@@ -54,6 +54,7 @@
 
 #include "builder.h"
 #include "checkpoint.h"
+#include "escape.h"
 
 #include "putil.h"
 
@@ -327,12 +328,15 @@ get_checkpoint_date_cb (PGBackend *be, PGresult *result, int j, gpointer data)
 static void
 pgendAccountGetCheckpoint (PGBackend *be, Checkpoint *chk)
 {
+   sqlEscape *escape;
    char guid_str[80], end_str[80];
    char * p;
 
    if (!be || !chk) return;
    ENTER("be=%p", be);
 
+   escape = sqlEscape_new ();
+
    guid_to_string_buff (chk->account_guid, guid_str);
    gnc_timespec_to_iso8601_buff (chk->date_end, end_str);
 
@@ -345,12 +349,15 @@ pgendAccountGetCheckpoint (PGBackend *be, Checkpoint *chk)
                   "    WHERE accountGuid='");
    p = stpcpy (p, guid_str);
    p = stpcpy (p, "'   AND commodity='");
-   p = stpcpy (p, chk->commodity);
+   p = stpcpy (p, sqlEscapeString (escape, chk->commodity));
    p = stpcpy (p, "'   AND date_end <'");
    p = stpcpy (p, end_str);
    p = stpcpy (p, "';");
    SEND_QUERY (be,be->buff, );
 
+   sqlEscape_destroy (escape);
+   escape = NULL;
+
    pgendGetResults (be, get_checkpoint_cb, chk);
 
    /* now get the ending date of the last checkpoint,
@@ -363,7 +370,7 @@ pgendAccountGetCheckpoint (PGBackend *be, Checkpoint *chk)
    p = stpcpy (p, end_str);
    p = stpcpy (p, "'   ORDER BY date_start DESC LIMIT 1;");
    SEND_QUERY (be,be->buff, );
-   
+
    /* provide default value, in case there are no checkpoints */
    chk->date_start = gnc_iso8601_to_timespec_local (CK_EARLIEST_DATE);
    pgendGetResults (be, get_checkpoint_date_cb, chk);
diff --git a/src/backend/postgres/price.c b/src/backend/postgres/price.c
index f740456aab..d7ab365700 100644
--- a/src/backend/postgres/price.c
+++ b/src/backend/postgres/price.c
@@ -39,6 +39,8 @@
 #include "guid.h"
 
 #include "PostgresBackend.h"
+#include "escape.h"
+#include "price.h"
 #include "putil.h"
 
 static short module = MOD_BACKEND; 
@@ -319,6 +321,9 @@ void
 pgendPriceLookup (Backend *bend, GNCPriceLookup *look)
 {
    PGBackend *be = (PGBackend *)bend;
+   const char * commodity_str;
+   const char * currency_str;
+   sqlEscape *escape;
    char * p;
 
    ENTER ("be=%p, lookup=%p", be, look);
@@ -334,6 +339,11 @@ pgendPriceLookup (Backend *bend, GNCPriceLookup *look)
       return;
    }
 
+   escape = sqlEscape_new ();
+
+   commodity_str = gnc_commodity_get_unique_name(look->commodity);
+   currency_str  = gnc_commodity_get_unique_name(look->currency);
+
    /* don't send events  to GUI, don't accept callbacks to backend */
    gnc_engine_suspend_events();
    pgendDisable(be);
@@ -342,11 +352,14 @@ pgendPriceLookup (Backend *bend, GNCPriceLookup *look)
    p = be->buff; *p = 0;
    p = stpcpy (p, "SELECT * FROM gncPrice"
                   "  WHERE commodity='");
-   p = stpcpy (p, gnc_commodity_get_unique_name(look->commodity));
+   p = stpcpy (p, sqlEscapeString (escape, commodity_str));
    p = stpcpy (p, "'  AND currency='");
-   p = stpcpy (p, gnc_commodity_get_unique_name(look->currency));
+   p = stpcpy (p, sqlEscapeString (escape, currency_str));
    p = stpcpy (p, "' ");
 
+   sqlEscape_destroy (escape);
+   escape = NULL;
+
    switch (look->type)
    {
       case LOOKUP_LATEST:
@@ -393,7 +406,6 @@ pgendPriceLookup (Backend *bend, GNCPriceLookup *look)
    /* re-enable events */
    pgendEnable(be);
    gnc_engine_resume_events();
-
 }
 
 /* ============================================================= */