diff --git a/upload/ajax.php b/upload/ajax.php
index af708642..0d569183 100644
--- a/upload/ajax.php
+++ b/upload/ajax.php
@@ -188,9 +188,9 @@ if(!empty($mode))
 			{
 				case "video":
 				{
-					$rating 	= $_POST['rating']*2;
-					$id 		= $_POST['id'];
-					$result 	= $cbvid->rate_video($id,$rating);
+					$rating = mysql_clean($_POST['rating'])*2;
+					$id = mysql_clean($_POST['id']);
+					$result = $cbvid->rate_video($id,$rating);
 					$result['is_rating'] = true;
 					$cbvid->show_video_rating($result);
 					
@@ -205,8 +205,8 @@ if(!empty($mode))
 				
 				case "photo":
 				{
-					$rating = $_POST['rating']*2;
-					$id = $_POST['id'];
+					$rating = mysql_clean($_POST['rating'])*2;
+					$id = mysql_clean($_POST['id']);
 					$result = $cbphoto->rate_photo($id,$rating);
 					$result['is_rating'] = true;
 					$cbvid->show_video_rating($result);
@@ -221,8 +221,8 @@ if(!empty($mode))
 				break;
 				case "collection":
 				{
-					$rating = $_POST['rating']*2;
-					$id = $_POST['id'];
+					$rating = mysql_clean($_POST['rating'])*2;
+					$id = mysql_clean($_POST['id']);
 					$result = $cbcollection->rate_collection($id,$rating);
 					$result['is_rating'] = true;
 					$cbvid->show_video_rating($result);
@@ -238,8 +238,8 @@ if(!empty($mode))
 				
 				case "user":
 				{
-					$rating = $_POST['rating']*2;
-					$id = $_POST['id'];
+					$rating = mysql_clean($_POST['rating'])*2;
+					$id = mysql_clean($_POST['id']);
 					$result = $userquery->rate_user($id,$rating);
 					$result['is_rating'] = true;
 					$cbvid->show_video_rating($result);