diff --git a/data/CRMEntity.php b/data/CRMEntity.php
index b24b041d39..ab232e6cea 100644
--- a/data/CRMEntity.php
+++ b/data/CRMEntity.php
@@ -868,6 +868,8 @@ private function insertIntoEntityTable($table_name, $module) {
 							$fldvalue = $adb->query_result($res, 0, 'email1');
 						}
 					}
+				} elseif ($uitype == 13) {
+					$fldvalue = filter_var($this->column_fields[$fieldname], FILTER_SANITIZE_EMAIL);
 				} elseif (($uitype == 72 || $uitype == 7 || $uitype == 9) && !$ajaxSave) {
 					// Some of the currency fields like Unit Price, Total, Sub-total and normal numbers do not need currency conversion during save
 					$fldvalue = CurrencyField::convertToDBFormat($this->column_fields[$fieldname], null, true);
diff --git a/modules/Users/Save.php b/modules/Users/Save.php
index 87d4155eb1..19ef890c75 100644
--- a/modules/Users/Save.php
+++ b/modules/Users/Save.php
@@ -124,6 +124,9 @@
 		coreBOS_Session::set('internal_mailer', $focus->column_fields['internal_mailer']);
 	}
 	setObjectValuesFromRequest($focus);
+	$focus->column_fields['email1'] = filter_var($focus->column_fields['email1'], FILTER_SANITIZE_EMAIL);
+	$focus->column_fields['email2'] = filter_var($focus->column_fields['email2'], FILTER_SANITIZE_EMAIL);
+	$focus->column_fields['secondaryemail'] = filter_var($focus->column_fields['secondaryemail'], FILTER_SANITIZE_EMAIL);
 
 	if (empty($focus->column_fields['roleid']) && !empty($_POST['user_role'])) {
 		$focus->column_fields['roleid'] = $_POST['user_role'];