Index: src/report.c
==================================================================
--- src/report.c
+++ src/report.c
@@ -1115,11 +1115,11 @@
     if( rn ){
       db_prepare(&q,
        "SELECT sqlcode FROM reportfmt WHERE rn=%d", rn);
     }else{
       db_prepare(&q,
-       "SELECT sqlcode FROM reportfmt WHERE title='%s'", zRep);
+       "SELECT sqlcode FROM reportfmt WHERE title=%Q", zRep);
     }
     if( db_step(&q)!=SQLITE_ROW ){
       db_finalize(&q);
       rpt_list_reports();
       fossil_fatal("unknown report format(%s)!",zRep);