diff --git a/src/core/util/Database.cc b/src/core/util/Database.cc
index d4e987d6..41f8eed6 100644
--- a/src/core/util/Database.cc
+++ b/src/core/util/Database.cc
@@ -218,6 +218,19 @@ int Database::get_fspmethod_id(const std::string &method)
 	return id;
 }
 
+std::string Database::escape_string(const std::string unescaped_string) {
+
+	char *temp = new char[(unescaped_string.size() * 2) + 1];
+
+	mysql_real_escape_string(handle, temp, unescaped_string.c_str(), unescaped_string.size());
+
+	std::string result = temp;
+
+	delete temp;
+
+	return result;
+}
+
 static CommandLine::option_handle DATABASE, HOSTNAME, USERNAME;
 
 void Database::cmdline_setup() {
diff --git a/src/core/util/Database.hpp b/src/core/util/Database.hpp
index 66c0710b..626b9eaa 100644
--- a/src/core/util/Database.hpp
+++ b/src/core/util/Database.hpp
@@ -99,6 +99,11 @@ namespace fail {
 		 */
 		my_ulonglong insert_id();
 
+		/**
+		 * Escapes illegal characters in a string.
+		 */
+		std::string escape_string(const std::string unescaped_string);
+
 		/**
 		 * Interface to the util/CommandLine.hpp interface. In you
 		 * application you first call cmdline_setup(), which adds