diff --git a/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs b/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs
index 4dfc32403a..b2bd5f60c8 100644
--- a/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs
+++ b/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs
@@ -205,7 +205,8 @@ namespace OpenSim.Data.MySQL
             foreach (FieldInfo fi in m_Fields.Values)
             {
                 names.Add(fi.Name);
-                values.Add(fi.GetValue(row).ToString());
+                values.Add("?" + fi.Name);
+                cmd.Parameters.AddWithValue(fi.Name, fi.GetValue(row).ToString());
             }
 
             if (m_DataField != null)
@@ -216,11 +217,12 @@ namespace OpenSim.Data.MySQL
                 foreach (KeyValuePair<string, string> kvp in data)
                 {
                     names.Add(kvp.Key);
-                    values.Add(kvp.Value);
+                    values.Add("?" + kvp.Key);
+                    cmd.Parameters.AddWithValue("?" + kvp.Key, kvp.Value);
                 }
             }
 
-            query = String.Format("replace into {0} (`", m_Realm) + String.Join("`,`", names.ToArray()) + "`) values ('" + String.Join("','", values.ToArray()) + "')";
+            query = String.Format("replace into {0} (`", m_Realm) + String.Join("`,`", names.ToArray()) + "`) values (" + String.Join(",", values.ToArray()) + ")";
 
             cmd.CommandText = query;