Index: /locker/sql/bin/create-database
===================================================================
--- /locker/sql/bin/create-database	(revision 325)
+++ /locker/sql/bin/create-database	(revision 326)
@@ -4,5 +4,5 @@
 list($h,$u,$p) = explode("\t",`/mit/scripts/sql/bin/get-password`);
 $d = $argv[1];
-$create_r = explode(',',file_get_contents("http://sql.mit.edu/~sql/main/do/batch/create_db?d=$d&u=$u&p=$p"));
+$create_r = explode(',',file_get_contents('http://sql.mit.edu/~sql/main/do/batch/create_db?d=' . urlencode($d) . '&u=' . urlencode($u) . '&p=' . urlencode($p)));
 $return_r = array_shift($create_r);
 $created = implode(',',$create_r);
Index: /locker/sql/bin/get-next-database
===================================================================
--- /locker/sql/bin/get-next-database	(revision 325)
+++ /locker/sql/bin/get-next-database	(revision 326)
@@ -5,5 +5,5 @@
 $newdb = str_replace($u.'+','',$argv[1]);
 $testdb = str_replace('.','',$u).'+'.$newdb;
-$dbs = explode("\n",file_get_contents("http://sql.mit.edu/~sql/tools/list_dbs.php?h=$h&u=$u&p=$p"));
+$dbs = explode("\n",file_get_contents('http://sql.mit.edu/~sql/tools/list_dbs.php?h=' . urlencode($h) . '&u=' . urlencode($u) . '&p=' . urlencode($p)));
 if (in_array($testdb,$dbs)) {
 	$i = 1;
Index: /locker/sql/bin/get-password
===================================================================
--- /locker/sql/bin/get-password	(revision 325)
+++ /locker/sql/bin/get-password	(revision 326)
@@ -32,5 +32,5 @@
 }
 
-$sql_status = file_get_contents('http://sql.mit.edu/~sql/main/do/batch/status?u='.$env_user);
+$sql_status = file_get_contents('http://sql.mit.edu/~sql/main/do/batch/status?u=' . urlencode($env_user));
 switch($sql_status) {
 	case 1: