diff --git a/public/include/classes/worker.class.php b/public/include/classes/worker.class.php
index 0caa9f4b..9f66e6b3 100644
--- a/public/include/classes/worker.class.php
+++ b/public/include/classes/worker.class.php
@@ -21,14 +21,24 @@ class Worker extends Base {
     $username = $this->user->getUserName($account_id);
     $iFailed = 0;
     foreach ($data as $key => $value) {
+      $validWorker = 1;
       if ('' === $value['username'] || '' === $value['password']) {
         $iFailed++;
       } else {
         // Prefix the WebUser to Worker name
         $value['username'] = "$username." . $value['username'];
-        $stmt = $this->mysqli->prepare("UPDATE $this->table SET password = ?, username = ?, monitor = ? WHERE account_id = ? AND id = ?");
-        if ( ! ( $this->checkStmt($stmt) && $stmt->bind_param('ssiii', $value['password'], $value['username'], $value['monitor'], $account_id, $key) && $stmt->execute()) )
+        // Ensure we have a sane worker name
+        $wData = explode('.', $value['username']);
+        if (!preg_match('/[a-z_\-0-9]/i', $wData[1]) || strlen($value['username']) > 50) {
+          $validWorker = 0;
+        }
+        if ($validWorker) {
+          $stmt = $this->mysqli->prepare("UPDATE $this->table SET password = ?, username = ?, monitor = ? WHERE account_id = ? AND id = ?");
+          if ( ! ( $this->checkStmt($stmt) && $stmt->bind_param('ssiii', $value['password'], $value['username'], $value['monitor'], $account_id, $key) && $stmt->execute()) )
+            $iFailed++;
+        } else {
           $iFailed++;
+        }
       }
     }
     if ($iFailed == 0)
@@ -225,8 +235,16 @@ class Worker extends Base {
       $this->setErrorMessage($this->getErrorMsg('E0058'));
       return false;
     }
+    if (!preg_match('/[a-z_\-0-9]i/', $workerName)) {
+      $this->setErrorMessage($this->getErrorMsg('E0072'));
+      return false;
+    }
     $username = $this->user->getUserName($account_id);
     $workerName = "$username.$workerName";
+    if (strlen($workerName) > 50) {
+      $this->setErrorMessage($this->getErrorMessage('E0073'));
+      return false;
+    }
     $stmt = $this->mysqli->prepare("INSERT INTO $this->table (account_id, username, password) VALUES(?, ?, ?)");
     if ($this->checkStmt($stmt) && $stmt->bind_param('iss', $account_id, $workerName, $workerPassword)) {
       if (!$stmt->execute()) {