diff --git a/library/includes/functions.php b/library/includes/functions.php
index 3f7d499e..2d0e5d5c 100644
--- a/library/includes/functions.php
+++ b/library/includes/functions.php
@@ -1183,7 +1183,7 @@ function get_username ($user_id)
 	}
 	else
 	{
-		$row = DB()->fetch_row("SELECT username FROM ". BB_USERS ." WHERE user_id = $user_id LIMIT 1");
+		$row = DB()->fetch_row("SELECT username FROM ". BB_USERS ." WHERE user_id = '". DB()->escape($user_id) ."' LIMIT 1");
 		return $row['username'];
 	}
 }
diff --git a/library/includes/ucp/topic_watch.php b/library/includes/ucp/topic_watch.php
index 997754df..05613e7e 100644
--- a/library/includes/ucp/topic_watch.php
+++ b/library/includes/ucp/topic_watch.php
@@ -18,14 +18,16 @@ $page_cfg['include_bbcode_js'] = true;
 $tracking_topics = get_tracks('topic');
 
 $user_id = $userdata['user_id'];
-if (isset($_GET['uid']) && get_username($_GET['uid'])) {
-	if ($_GET['uid'] == $userdata['user_id'] || IS_ADMIN) {
-		$user_id = DB()->escape($_GET['uid']);
+if (isset($_GET['uid'])) {
+	if (get_username($_GET['uid'])) {
+		if ($_GET['uid'] == $userdata['user_id'] || IS_ADMIN) {
+			$user_id = DB()->escape($_GET['uid']);
+		} else {
+			bb_die($lang['NOT_AUTHORISED']);
+		}
 	} else {
-		bb_die($lang['NOT_AUTHORISED']);
+		bb_die($lang['USER_NOT_EXIST']);
 	}
-} else {
-	bb_die($lang['USER_NOT_EXIST']);
 }
 $start = isset($_GET['start']) ? abs(intval($_GET['start'])) : 0;
 $per_page = $bb_cfg['topics_per_page'];