diff --git a/lib/WebGUI/User.pm b/lib/WebGUI/User.pm
index 21fdd93a6..b57ffcaef 100644
--- a/lib/WebGUI/User.pm
+++ b/lib/WebGUI/User.pm
@@ -293,6 +293,7 @@ sub profileField {
 	$class = shift;
         $fieldName = shift;
         $value = shift;
+	$value = WebGUI::Macro::negate($value);	# Len Kranendonk - 20030701: fixed security hole
 	if (defined $value) {
 		$class->{_profile}{$fieldName} = $value;
 		WebGUI::SQL->write("delete from userProfileData where userId=$class->{_userId} and fieldName=".quote($fieldName));