diff --git a/app/admin/pageEditMember.php b/app/admin/pageEditMember.php
index c29d45f..eea3951 100644
--- a/app/admin/pageEditMember.php
+++ b/app/admin/pageEditMember.php
@@ -139,7 +139,7 @@
 	} elseif($_GET['groupID'] != '') {
 		// show the form for adding a new member, and pre-select the provided group
 		$groupID = intval($_GET['groupID']);
-		$group_name = sqlValue("select name from membership_groups where groupID='$groupID'");
+		$group_name = strip_tags(sqlValue("select name from membership_groups where groupID='$groupID'"));
 		if($group_name)
 			$addend = " to '{$group_name}'";
 	}
diff --git a/app/admin/pageEditMemberPermissions.php b/app/admin/pageEditMemberPermissions.php
index f8b0125..316796c 100644
--- a/app/admin/pageEditMemberPermissions.php
+++ b/app/admin/pageEditMemberPermissions.php
@@ -19,7 +19,7 @@
 	$anonGroupID = sqlValue("select groupID from membership_groups where lcase(name)='" . strtolower(makeSafe($anonymousGroup)) . "'");
 	$adminGroupID = sqlValue("select groupID from membership_groups where name='Admins'");
 	$groupID = sqlValue("select groupID from membership_users where lcase(memberID)='{$memberID->sql}'");
-	$group = sqlValue("select name from membership_groups where groupID='{$groupID}'");
+	$group = strip_tags(sqlValue("select name from membership_groups where groupID='{$groupID}'"));
 	if($groupID == $anonGroupID || $memberID->raw == $anonymousMember || !$groupID || $groupID == $adminGroupID || $memberID->raw == $adminConfig['adminUsername']) {
 		// error in request. redirect to members page.
 		redirect('admin/pageViewMembers.php');