diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php
index c07f0c4b6..dfb3b2790 100644
--- a/wp-admin/admin-functions.php
+++ b/wp-admin/admin-functions.php
@@ -490,7 +490,7 @@ function edit_user( $user_id = 0 ) {
 	if ( isset( $_POST['email'] ))
 		$user->user_email = wp_specialchars( trim( $_POST['email'] ));
 	if ( isset( $_POST['url'] ) ) {
-		$user->user_url = wp_specialchars( trim( $_POST['url'] ));
+		$user->user_url = clean_url( trim( $_POST['url'] ));
 		$user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
 	}
 	if ( isset( $_POST['first_name'] ))
diff --git a/wp-includes/bookmark.php b/wp-includes/bookmark.php
index b7cf5f84d..1f85c9cfc 100644
--- a/wp-includes/bookmark.php
+++ b/wp-includes/bookmark.php
@@ -3,6 +3,7 @@
 function get_bookmark($bookmark_id, $output = OBJECT) {
 	global $wpdb;
 
+	$bookmark_id = (int) $bookmark_id;
 	$link = $wpdb->get_row("SELECT * FROM $wpdb->links WHERE link_id = '$bookmark_id'");
 	$link->link_category = wp_get_link_cats($bookmark_id);
 
diff --git a/wp-includes/category.php b/wp-includes/category.php
index d7763741f..a8a24a502 100644
--- a/wp-includes/category.php
+++ b/wp-includes/category.php
@@ -150,6 +150,7 @@ function &get_category(&$category, $output = OBJECT) {
 		wp_cache_add($category->cat_ID, $category, 'category');
 		$_category = $category;
 	} else {
+		$category = (int) $category;
 		if ( ! $_category = wp_cache_get($category, 'category') ) {
 			$_category = $wpdb->get_row("SELECT * FROM $wpdb->categories WHERE cat_ID = '$category' LIMIT 1");
 			wp_cache_set($category, $_category, 'category');
diff --git a/wp-includes/comment.php b/wp-includes/comment.php
index 6137094da..d3297739a 100644
--- a/wp-includes/comment.php
+++ b/wp-includes/comment.php
@@ -81,6 +81,7 @@ function &get_comment(&$comment, $output = OBJECT) {
 			$comment_cache[$comment->comment_ID] = &$comment;
 		$_comment = & $comment_cache[$comment->comment_ID];
 	} else {
+		$comment = (int) $comment;
 		if ( !isset($comment_cache[$comment]) ) {
 			$_comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment' LIMIT 1");
 			$comment_cache[$comment->comment_ID] = & $_comment;