diff --git a/admin/profile.php b/admin/profile.php
index 5249f3453..82514082e 100644
--- a/admin/profile.php
+++ b/admin/profile.php
@@ -8,6 +8,8 @@
 
 if( !defined("PHPWG_ROOT_PATH") ) die ("Hacking attempt!");
 
+check_input_parameter('user_id', $_GET, false, PATTERN_ID);
+
 $edit_user = build_user( $_GET['user_id'], false );
 
 if (!empty($_POST))