diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index 68616e3e..53b86d6f 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -442,6 +442,10 @@ class User {
    **/
   public function register($username, $password1, $password2, $pin, $email1='', $email2='') {
     $this->debug->append("STA " . __METHOD__, 4);
+    if (strlen($username > 40)) {
+      $this->setErrorMessage('Username exceeding character limit');
+      return false;
+    }
     if ($this->getEmail($email1)) {
       $this->setErrorMessage( 'This e-mail address is already taken' );
       return false;
@@ -482,8 +486,9 @@ class User {
     $password_hash = $this->getHash($password1);
     $pin_hash = $this->getHash($pin);
     $apikey_hash = $this->getHash($username);
+    $username_clean = strip_tags($username);
 
-    if ($this->checkStmt($stmt) && $stmt->bind_param('sssss', $username, $password_hash, $email1, $pin_hash, $apikey_hash)) {
+    if ($this->checkStmt($stmt) && $stmt->bind_param('sssss', $username_clean, $password_hash, $email1, $pin_hash, $apikey_hash)) {
       if (!$stmt->execute()) {
         $this->setErrorMessage( 'Unable to register' );
         if ($stmt->sqlstate == '23000') $this->setErrorMessage( 'Username or email already registered' );
diff --git a/public/templates/mmcFE/admin/user/default.tpl b/public/templates/mmcFE/admin/user/default.tpl
index 8c65c49f..fef10bfa 100644
--- a/public/templates/mmcFE/admin/user/default.tpl
+++ b/public/templates/mmcFE/admin/user/default.tpl
@@ -48,8 +48,8 @@
 {section name=user loop=$USERS|default}
     <tr>
       <td class="center">{$USERS[user].id}</td>
-      <td>{$USERS[user].username}</td>
-      <td>{$USERS[user].email}</td>
+      <td>{$USERS[user].username|escape}</td>
+      <td>{$USERS[user].email|escape}</td>
       <td class="right">{$USERS[user].shares}</td>
       <td class="right">{$USERS[user].hashrate}</td>
       <td class="right">{$USERS[user].payout.est_donation|number_format:"8"}</td>
diff --git a/public/templates/mmcFE/global/userinfo.tpl b/public/templates/mmcFE/global/userinfo.tpl
index 92105bdc..d9745394 100644
--- a/public/templates/mmcFE/global/userinfo.tpl
+++ b/public/templates/mmcFE/global/userinfo.tpl
@@ -1,5 +1,5 @@
 {if $GLOBAL.userdata.username|default}
-            <h2>Welcome, {$smarty.session.USERDATA.username} <font size='1px'><b>Active Account</b>: <b>{$GLOBAL.fees}%</b> Pool Fee</font> <font size='1px'><i>(You are <a href='{$smarty.server.PHP_SELF}?page=account&action=edit'>donating</a> <b></i>{$GLOBAL.userdata.donate_percent}%</b> <i>of your earnings)</i></font></h2>
+            <h2>Welcome, {$smarty.session.USERDATA.username|escape} <font size='1px'><b>Active Account</b>: <b>{$GLOBAL.fees|escape}%</b> Pool Fee</font> <font size='1px'><i>(You are <a href='{$smarty.server.PHP_SELF}?page=account&action=edit'>donating</a> <b></i>{$GLOBAL.userdata.donate_percent|escape}%</b> <i>of your earnings)</i></font></h2>
 {else}
             <h2>Welcome guest, <font size="1px"> please <a href="{$smarty.server.PHP_SELF}?page=register">register</a> to user this pool.</font></h2>
 {/if}