diff --git a/modules/poll.module b/modules/poll.module
index 5869a0e4d44487c9b52c12f921a4104e85c66118..0073e281cdd5946f641d1c0693f2d6c82868ebc8 100644
--- a/modules/poll.module
+++ b/modules/poll.module
@@ -136,7 +136,7 @@ function poll_insert($node) {
     $node->active = 1;
   }
 
-  db_query("INSERT INTO poll (nid, runtime, voters, active) VALUES ('$node->nid', '$node->runtime', '', '$node->active')");
+  db_query("INSERT INTO poll (nid, runtime, voters, active) VALUES ('". check_input($node->nid) ."', '". check_input($node->runtime) ."', '', '". check_input($node->active) ."')");
 
   for ($i = 0; $i < $node->choices; $i++) {
     $choice->chtext = filter($node->choice[$i]);
@@ -144,7 +144,7 @@ function poll_insert($node) {
     $choice->chorder = $i;
 
     if ($choice->chtext != "") {
-      db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('$node->nid', '$choice->chtext', '$choice->chvotes', '$choice->chorder')");
+      db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_input($node->nid) ."', '". check_input($choice->chtext) ."', '". check_input($choice->chvotes) ."', '". check_input($choice->chorder) ."')");
     }
   }
 }
@@ -404,7 +404,7 @@ function poll_update($node) {
     $choice->chorder = $i;
 
     if ($choice->chtext != "") {
-      db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('$node->nid', '$choice->chtext', '$choice->chvotes', '$choice->chorder')");
+      db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_input($node->nid) ."', '". check_input($choice->chtext) ."', '". check_input($choice->chvotes) ."', '". check_input($choice->chorder) ."')");
     }
   }
 }
diff --git a/modules/poll/poll.module b/modules/poll/poll.module
index 5869a0e4d44487c9b52c12f921a4104e85c66118..0073e281cdd5946f641d1c0693f2d6c82868ebc8 100644
--- a/modules/poll/poll.module
+++ b/modules/poll/poll.module
@@ -136,7 +136,7 @@ function poll_insert($node) {
     $node->active = 1;
   }
 
-  db_query("INSERT INTO poll (nid, runtime, voters, active) VALUES ('$node->nid', '$node->runtime', '', '$node->active')");
+  db_query("INSERT INTO poll (nid, runtime, voters, active) VALUES ('". check_input($node->nid) ."', '". check_input($node->runtime) ."', '', '". check_input($node->active) ."')");
 
   for ($i = 0; $i < $node->choices; $i++) {
     $choice->chtext = filter($node->choice[$i]);
@@ -144,7 +144,7 @@ function poll_insert($node) {
     $choice->chorder = $i;
 
     if ($choice->chtext != "") {
-      db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('$node->nid', '$choice->chtext', '$choice->chvotes', '$choice->chorder')");
+      db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_input($node->nid) ."', '". check_input($choice->chtext) ."', '". check_input($choice->chvotes) ."', '". check_input($choice->chorder) ."')");
     }
   }
 }
@@ -404,7 +404,7 @@ function poll_update($node) {
     $choice->chorder = $i;
 
     if ($choice->chtext != "") {
-      db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('$node->nid', '$choice->chtext', '$choice->chvotes', '$choice->chorder')");
+      db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_input($node->nid) ."', '". check_input($choice->chtext) ."', '". check_input($choice->chvotes) ."', '". check_input($choice->chorder) ."')");
     }
   }
 }