diff --git a/upnphttp.c b/upnphttp.c
index 6c5f7d3..dc11eda 100644
--- a/upnphttp.c
+++ b/upnphttp.c
@@ -1428,12 +1428,11 @@ SendResp_albumArt(struct upnphttp * h, char * object)
 {
 	char header[512];
 	char *path;
-	char *dash;
 	char date[30];
 	time_t curtime = time(NULL);
 	off_t size;
-	int fd;
-	int ret;
+	long long id;
+	int fd, ret;
 
 	if( h->reqflags & (FLAG_XFERSTREAMING|FLAG_RANGE) )
 	{
@@ -1442,18 +1441,16 @@ SendResp_albumArt(struct upnphttp * h, char * object)
 		return;
 	}
 
-	dash = strchr(object, '-');
-	if( dash )
-		*dash = '\0';
+	id = strtoll(object, NULL, 10);
 
-	path = sql_get_text_field(db, "SELECT PATH from ALBUM_ART where ID = '%s'", object);
+	path = sql_get_text_field(db, "SELECT PATH from ALBUM_ART where ID = '%lld'", id);
 	if( !path )
 	{
 		DPRINTF(E_WARN, L_HTTP, "ALBUM_ART ID %s not found, responding ERROR 404\n", object);
 		Send404(h);
 		return;
 	}
-	DPRINTF(E_INFO, L_HTTP, "Serving album art ID: %s [%s]\n", object, path);
+	DPRINTF(E_INFO, L_HTTP, "Serving album art ID: %lld [%s]\n", id, path);
 
 	fd = open(path, O_RDONLY);
 	if( fd < 0 ) {
@@ -1496,17 +1493,19 @@ SendResp_caption(struct upnphttp * h, char * object)
 	char date[30];
 	time_t curtime = time(NULL);
 	off_t size;
+	long long id;
 	int fd, ret;
 
-	strip_ext(object);
-	path = sql_get_text_field(db, "SELECT PATH from CAPTIONS where ID = %s", object);
+	id = strtoll(object, NULL, 10);
+
+	path = sql_get_text_field(db, "SELECT PATH from CAPTIONS where ID = %lld", id);
 	if( !path )
 	{
 		DPRINTF(E_WARN, L_HTTP, "CAPTION ID %s not found, responding ERROR 404\n", object);
 		Send404(h);
 		return;
 	}
-	DPRINTF(E_INFO, L_HTTP, "Serving caption ID: %s [%s]\n", object, path);
+	DPRINTF(E_INFO, L_HTTP, "Serving caption ID: %lld [%s]\n", id, path);
 
 	fd = open(path, O_RDONLY);
 	if( fd < 0 ) {
@@ -1545,6 +1544,7 @@ SendResp_thumbnail(struct upnphttp * h, char * object)
 	char *path;
 	char date[30];
 	time_t curtime = time(NULL);
+	long long id;
 	int ret;
 	ExifData *ed;
 	ExifLoader *l;
@@ -1556,15 +1556,15 @@ SendResp_thumbnail(struct upnphttp * h, char * object)
 		return;
 	}
 
-	strip_ext(object);
-	path = sql_get_text_field(db, "SELECT PATH from DETAILS where ID = '%s'", object);
+	id = strtoll(object, NULL, 10);
+	path = sql_get_text_field(db, "SELECT PATH from DETAILS where ID = '%lld'", id);
 	if( !path )
 	{
 		DPRINTF(E_WARN, L_HTTP, "DETAIL ID %s not found, responding ERROR 404\n", object);
 		Send404(h);
 		return;
 	}
-	DPRINTF(E_INFO, L_HTTP, "Serving thumbnail for ObjectId: %s [%s]\n", object, path);
+	DPRINTF(E_INFO, L_HTTP, "Serving thumbnail for ObjectId: %lld [%s]\n", id, path);
 
 	if( access(path, F_OK) != 0 )
 	{
diff --git a/upnpsoap.c b/upnpsoap.c
index 395d206..c2acbe0 100644
--- a/upnpsoap.c
+++ b/upnpsoap.c
@@ -1205,7 +1205,7 @@ BrowseContentDirectory(struct upnphttp * h, const char * action)
 		{
 			ptr = sql_get_text_field(db, "SELECT OBJECT_ID from OBJECTS"
 			                             " where OBJECT_ID in "
-			                             "('"MUSIC_ID"$%s', '"VIDEO_ID"$%s', '"IMAGE_ID"$%s')",
+			                             "('"MUSIC_ID"$%q', '"VIDEO_ID"$%q', '"IMAGE_ID"$%q')",
 			                             ObjectID, ObjectID, ObjectID);
 			if( ptr )
 			{
@@ -1246,7 +1246,7 @@ BrowseContentDirectory(struct upnphttp * h, const char * action)
 		args.requested = 1;
 		sql = sqlite3_mprintf("SELECT %s, " COLUMNS
 		                      "from OBJECTS o left join DETAILS d on (d.ID = o.DETAIL_ID)"
-	        	              " where OBJECT_ID = '%s';",
+	        	              " where OBJECT_ID = '%q';",
 		                      (args.flags & FLAG_ROOT_CONTAINER) ? "0, -1" : "o.OBJECT_ID, o.PARENT_ID",
 		                      ObjectID);
 		ret = sqlite3_exec(db, sql, callback, (void *) &args, &zErrMsg);
@@ -1254,7 +1254,7 @@ BrowseContentDirectory(struct upnphttp * h, const char * action)
 	}
 	else
 	{
-		ret = sql_get_int_field(db, "SELECT count(*) from OBJECTS where PARENT_ID = '%s'", ObjectID);
+		ret = sql_get_int_field(db, "SELECT count(*) from OBJECTS where PARENT_ID = '%q'", ObjectID);
 		totalMatches = (ret > 0) ? ret : 0;
 		ret = 0;
 		if( SortCriteria )
@@ -1295,7 +1295,7 @@ BrowseContentDirectory(struct upnphttp * h, const char * action)
 
 		sql = sqlite3_mprintf( SELECT_COLUMNS
 		                      "from OBJECTS o left join DETAILS d on (d.ID = o.DETAIL_ID)"
-				      " where PARENT_ID = '%s' %s limit %d, %d;",
+				      " where PARENT_ID = '%q' %s limit %d, %d;",
 				      ObjectID, orderBy, StartingIndex, RequestedCount);
 		DPRINTF(E_DEBUG, L_HTTP, "Browse SQL: %s\n", sql);
 		ret = sqlite3_exec(db, sql, callback, (void *) &args, &zErrMsg);
@@ -1311,7 +1311,7 @@ BrowseContentDirectory(struct upnphttp * h, const char * action)
 	/* Does the object even exist? */
 	if( !totalMatches )
 	{
-		ret = sql_get_int_field(db, "SELECT count(*) from OBJECTS where OBJECT_ID = '%s'", ObjectID);
+		ret = sql_get_int_field(db, "SELECT count(*) from OBJECTS where OBJECT_ID = '%q'", ObjectID);
 		if( ret <= 0 )
 		{
 			SoapError(h, 701, "No such object error");
@@ -1403,7 +1403,7 @@ SearchContentDirectory(struct upnphttp * h, const char * action)
 		{
 			ptr = sql_get_text_field(db, "SELECT OBJECT_ID from OBJECTS"
 			                             " where OBJECT_ID in "
-			                             "('"MUSIC_ID"$%s', '"VIDEO_ID"$%s', '"IMAGE_ID"$%s')",
+			                             "('"MUSIC_ID"$%q', '"VIDEO_ID"$%q', '"IMAGE_ID"$%q')",
 			                             ContainerID, ContainerID, ContainerID);
 			if( ptr )
 			{
@@ -1473,10 +1473,10 @@ SearchContentDirectory(struct upnphttp * h, const char * action)
 
 	totalMatches = sql_get_int_field(db, "SELECT (select count(distinct DETAIL_ID)"
 	                                     " from OBJECTS o left join DETAILS d on (o.DETAIL_ID = d.ID)"
-	                                     " where (OBJECT_ID glob '%s$*') and (%s))"
+	                                     " where (OBJECT_ID glob '%q$*') and (%s))"
 	                                     " + "
 	                                     "(select count(*) from OBJECTS o left join DETAILS d on (o.DETAIL_ID = d.ID)"
-	                                     " where (OBJECT_ID = '%s') and (%s))",
+	                                     " where (OBJECT_ID = '%q') and (%s))",
 	                                     ContainerID, SearchCriteria, ContainerID, SearchCriteria);
 	if( totalMatches < 0 )
 	{
@@ -1509,14 +1509,14 @@ SearchContentDirectory(struct upnphttp * h, const char * action)
 
 	sql = sqlite3_mprintf( SELECT_COLUMNS
 	                      "from OBJECTS o left join DETAILS d on (d.ID = o.DETAIL_ID)"
-	                      " where OBJECT_ID glob '%s$*' and (%s) %s "
+	                      " where OBJECT_ID glob '%q$*' and (%s) %s "
 	                      "%z %s"
 	                      " limit %d, %d",
 	                      ContainerID, SearchCriteria, groupBy,
 	                      (*ContainerID == '*') ? NULL :
 	                      sqlite3_mprintf("UNION ALL " SELECT_COLUMNS
 	                                      "from OBJECTS o left join DETAILS d on (d.ID = o.DETAIL_ID)"
-	                                      " where OBJECT_ID = '%s' and (%s) ", ContainerID, SearchCriteria),
+	                                      " where OBJECT_ID = '%q' and (%s) ", ContainerID, SearchCriteria),
 	                      orderBy, StartingIndex, RequestedCount);
 	DPRINTF(E_DEBUG, L_HTTP, "Search SQL: %s\n", sql);
 	ret = sqlite3_exec(db, sql, callback, (void *) &args, &zErrMsg);
@@ -1630,7 +1630,7 @@ SamsungSetBookmark(struct upnphttp * h, const char * action)
 		int ret;
 		ret = sql_exec(db, "INSERT OR REPLACE into BOOKMARKS"
 		                   " VALUES "
-		                   "((select DETAIL_ID from OBJECTS where OBJECT_ID = '%s'), %s)", ObjectID, PosSecond);
+		                   "((select DETAIL_ID from OBJECTS where OBJECT_ID = '%q'), %q)", ObjectID, PosSecond);
 		if( ret != SQLITE_OK )
 			DPRINTF(E_WARN, L_METADATA, "Error setting bookmark %s on ObjectID='%s'\n", PosSecond, ObjectID);
 		BuildSendAndCloseSoapResp(h, resp, sizeof(resp)-1);