diff --git a/edit_profile.php b/edit_profile.php
index 1481f8e4831811150862583b869befd05793f586..22939de38c062ee2f9cda59d0e0ce748f6d9cf97 100644
--- a/edit_profile.php
+++ b/edit_profile.php
@@ -14,7 +14,7 @@ $user = NULL;
 // if logged user is admin 
 if (isset($_POST["profile_email"])) {
 
-    $logged_user = $_POST["profile_email"];
+    $logged_user = htmlspecialchars($_POST["profile_email"]);
     $user = $obj->getUserByEmail($obj, $logged_user);
 
 } else {
@@ -39,7 +39,7 @@ $fileSize = null;
 $fileError = null;
 
 if (isset($_POST['user_name'])) {
-    $provided_user_name = $_POST['user_name'];
+    $provided_user_name = htmlspecialchars($_POST['user_name']);
 }
 
 
@@ -51,15 +51,15 @@ if (isset($_FILES["profile_image"]["name"])) {
 }
 
 if (isset($_POST['password'])) {
-    $provided_password = $_POST['password'];
+    $provided_password = htmlspecialchars($_POST['password']);
 }
 
 if (isset($_POST['age'])) {
-    $provided_age = $_POST['age'];
+    $provided_age = htmlspecialchars($_POST['age']);
 }
 
 if (isset($_POST['bio'])) {
-    $provided_bio = $_POST['bio'];
+    $provided_bio = htmlspecialchars($_POST['bio']);
 }