diff --git a/picture.php b/picture.php
index afdfcbf5f2..8e87400966 100644
--- a/picture.php
+++ b/picture.php
@@ -11,7 +11,7 @@
 include(PHPWG_ROOT_PATH.'include/section_init.inc.php');
 include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
 
-echo $_GET['asdf'];
+echo htmlspecialchars($_GET['asdf'] ?? '', ENT_QUOTES, 'UTF-8');
 
 save_edit_context();