diff --git a/VIRTUAL_VACATION/vacation.pl b/VIRTUAL_VACATION/vacation.pl
index 705759f..4b55333 100755
--- a/VIRTUAL_VACATION/vacation.pl
+++ b/VIRTUAL_VACATION/vacation.pl
@@ -96,16 +96,16 @@ while (my $line = <>) {
 		}
 		if ($line =~ m/data-line/ && $data eq '.' && $ooo{$sid} == 1) {
 			dolog($fh, "$sid to: $email, from: $from", $opt_l);
-			my $sth = doquery(qq{SELECT subject,body FROM vacation WHERE email='$email' and active=1});
+			my $sth = doquery(qq{SELECT subject,body FROM vacation WHERE email=} . $dbh->quote($email) . qq{ and active=1});
 			my $rv = $sth->rows;
 			if ($rv == 1) {
 				dolog($fh, "$sid found OOO for $email", $opt_l);
 				my @vacation_msg = $sth->fetchrow_array;
-				$sth = doquery(qq{SELECT cache FROM vacation WHERE email='$email' AND FIND_IN_SET('$from',cache)});
+				$sth = doquery(qq{SELECT cache FROM vacation WHERE email=} . $dbh->quote($email) . qq{AND FIND_IN_SET(} . $dbh->quote($from) . qq{,cache)});
 				$rv = $sth->rows;
 				if ($rv == 0) {
 					dolog($fh, "$sid sending OOO to $from", $opt_l);
-					$sth = doquery(qq{UPDATE vacation SET cache=CONCAT(cache,',','$from') WHERE email='$email'});
+					$sth = doquery(qq{UPDATE vacation SET cache=CONCAT(cache,',',} . $dbh->quote($from) . qq{) WHERE email=} . $dbh->quote($email));
 					open my $fh_email, "|-", "/usr/sbin/sendmail -t";
 					print $fh_email "From: $email\n";
 					print $fh_email "To: $from\n";;