diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php
index 19258f085..c59505fa9 100644
--- a/wp-includes/comment-template.php
+++ b/wp-includes/comment-template.php
@@ -824,7 +824,7 @@ function comments_template( $file = '/comments.php', $separate_comments = false
 	} else if ( empty($comment_author) ) {
 		$comments = get_comments( array('post_id' => $post->ID, 'status' => 'approve', 'order' => 'ASC') );
 	} else {
-		$comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND ( comment_approved = '1' OR ( comment_author = %s AND comment_author_email = %s AND comment_approved = '0' ) ) ORDER BY comment_date_gmt", $post->ID, $comment_author, $comment_author_email));
+		$comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND ( comment_approved = '1' OR ( comment_author = %s AND comment_author_email = %s AND comment_approved = '0' ) ) ORDER BY comment_date_gmt", $post->ID, wp_specialchars_decode($comment_author,ENT_QUOTES), $comment_author_email));
 	}
 
 	// keep $comments for legacy's sake