diff --git a/src/applications/diffusion/conduit/DiffusionBrowseQueryConduitAPIMethod.php b/src/applications/diffusion/conduit/DiffusionBrowseQueryConduitAPIMethod.php
--- a/src/applications/diffusion/conduit/DiffusionBrowseQueryConduitAPIMethod.php
+++ b/src/applications/diffusion/conduit/DiffusionBrowseQueryConduitAPIMethod.php
@@ -368,9 +368,9 @@
     }
 
     if ($commit) {
-      $slice_clause = 'AND svnCommit <= '.(int)$commit;
+      $slice_clause = qsprintf($conn_r, 'AND svnCommit <= %d', $commit);
     } else {
-      $slice_clause = '';
+      $slice_clause = qsprintf($conn_r, '');
     }
 
     $index = queryfx_all(
@@ -439,9 +439,11 @@
 
     $sql = array();
     foreach ($index as $row) {
-      $sql[] =
-        '(pathID = '.(int)$row['pathID'].' AND '.
-        'svnCommit = '.(int)$row['maxCommit'].')';
+      $sql[] = qsprintf(
+        $conn_r,
+        '(pathID = %d AND svnCommit = %d)',
+        $row['pathID'],
+        $row['maxCommit']);
     }
 
     $browse = queryfx_all(
diff --git a/src/applications/diffusion/conduit/DiffusionHistoryQueryConduitAPIMethod.php b/src/applications/diffusion/conduit/DiffusionHistoryQueryConduitAPIMethod.php
--- a/src/applications/diffusion/conduit/DiffusionHistoryQueryConduitAPIMethod.php
+++ b/src/applications/diffusion/conduit/DiffusionHistoryQueryConduitAPIMethod.php
@@ -215,13 +215,17 @@
       return array();
     }
 
-    $filter_query = '';
+    $filter_query = qsprintf($conn_r, '');
     if ($need_direct_changes) {
       if ($need_child_changes) {
-        $type = DifferentialChangeType::TYPE_CHILD;
-        $filter_query = 'AND (isDirect = 1 OR changeType = '.$type.')';
+        $filter_query = qsprintf(
+          $conn_r,
+          'AND (isDirect = 1 OR changeType = %s)',
+          DifferentialChangeType::TYPE_CHILD);
       } else {
-        $filter_query = 'AND (isDirect = 1)';
+        $filter_query = qsprintf(
+          $conn_r,
+          'AND (isDirect = 1)');
       }
     }