diff --git a/main/gradebook/lib/scoredisplay.class.php b/main/gradebook/lib/scoredisplay.class.php
index 409ac9a802..d8d1fcde78 100644
--- a/main/gradebook/lib/scoredisplay.class.php
+++ b/main/gradebook/lib/scoredisplay.class.php
@@ -199,7 +199,7 @@ class ScoreDisplay
 			if ($count > 0) {
 				$sql .= ',';				
 			}
-			$sql .= "(NULL, '".$display['score']."', '".$display['display']."')";
+			$sql .= "(NULL, '".$display['score']."', '".Database::escape_string($display['display'])."')";
 			$count++;
 		}
 		api_sql_query($sql, __FILE__, __LINE__);