diff --git a/wire/core/Fieldtype.php b/wire/core/Fieldtype.php
index c0f09a17..4f024c66 100644
--- a/wire/core/Fieldtype.php
+++ b/wire/core/Fieldtype.php
@@ -984,16 +984,18 @@ abstract class Fieldtype extends WireData implements Module {
 
 		if(!$page->id || !$field->id) return null;
 
+		/** @var WireDatabasePDO $database */
 		$database = $this->wire('database');
-		$page_id = (int) $page->id; 
 		$schema = $this->getDatabaseSchema($field);
 		$table = $database->escapeTable($field->table);
 		$value = null;
 		$stmt = null;
-		
+	
+		/** @var DatabaseQuerySelect $query */
 		$query = $this->wire(new DatabaseQuerySelect());
 		$query = $this->getLoadQuery($field, $query); 
-		$query->where("$table.pages_id='$page_id'"); 
+		$bindKey = $query->bindValueGetKey($page->id); 
+		$query->where("$table.pages_id=$bindKey"); 
 		$query->from($table); 
 
 		try {
@@ -1159,12 +1161,14 @@ abstract class Fieldtype extends WireData implements Module {
 		$page_id = (int) $page->id; 
 		$table = $database->escapeTable($field->table); 
 		$schema = array();
+		$bindValues = array(':page_id' => $page_id);
 
 		if(is_array($value)) { 
 
 			$sql1 = "INSERT INTO `$table` (pages_id";
-			$sql2 = "VALUES('$page_id'";
+			$sql2 = "VALUES(:page_id";
 			$sql3 = "ON DUPLICATE KEY UPDATE ";
+			$n = 0;
 
 			foreach($value as $k => $v) {
 				$k = $database->escapeCol($k);
@@ -1175,8 +1179,9 @@ abstract class Fieldtype extends WireData implements Module {
 					if(empty($schema)) $schema = $this->getDatabaseSchema($field); 
 					$sql2 .= isset($schema[$k]) && stripos($schema[$k], ' DEFAULT NULL') ? ",NULL" : ",''";
 				} else {
-					$v = $database->escapeStr($v);
-					$sql2 .= ",'$v'";
+					$bindKey = ':v' . (++$n);
+					$bindValues[$bindKey] = $v;
+					$sql2 .= ",$bindKey";
 				}
 				
 				$sql3 .= "`$k`=VALUES(`$k`), ";
@@ -1189,17 +1194,24 @@ abstract class Fieldtype extends WireData implements Module {
 			if(is_null($value)) {
 				// check if schema explicitly allows NULL
 				$schema = $this->getDatabaseSchema($field); 
-				$value = isset($schema['data']) && stripos($schema['data'], ' DEFAULT NULL') ? "NULL" : "''";
+				$null = isset($schema['data']) && stripos($schema['data'], ' DEFAULT NULL') ? "NULL" : "''";
+				$sql = "INSERT INTO `$table` (pages_id, data) VALUES(:page_id, $null) ";	
 			} else {
-				$value = "'" . $database->escapeStr($value) . "'";
+				$bindValues[":value"] = $value;
+				$sql = "INSERT INTO `$table` (pages_id, data) VALUES(:page_id, :value) ";	
 			}
-
-			$sql = 	"INSERT INTO `$table` (pages_id, data) " . 
-					"VALUES('$page_id', $value) " . 
-					"ON DUPLICATE KEY UPDATE data=VALUES(data)";	
+			
+			$sql .= 'ON DUPLICATE KEY UPDATE data=VALUES(data)';
 		}
 		
 		$query = $database->prepare($sql);
+		foreach($bindValues as $bindKey => $bindValue) {
+			if(is_int($bindValue)) {
+				$query->bindValue($bindKey, $bindValue, \PDO::PARAM_INT);
+			} else {
+				$query->bindValue($bindKey, $bindValue);
+			}
+		}
 		
 		try {
 			$result = $query->execute();
diff --git a/wire/core/FieldtypeMulti.php b/wire/core/FieldtypeMulti.php
index 769be63d..d6e34e76 100644
--- a/wire/core/FieldtypeMulti.php
+++ b/wire/core/FieldtypeMulti.php
@@ -348,15 +348,17 @@ abstract class FieldtypeMulti extends Fieldtype {
 
 		if(!$page->id || !$field->id) return null;
 
+		/** @var WireDatabasePDO $database */
 		$database = $this->wire('database');
-		$page_id = (int) $page->id;
 		$schema = $this->getDatabaseSchema($field);
 		$table = $database->escapeTable($field->table);
 		$stmt = null;
 
+		/** @var DatabaseQuerySelect $query */
 		$query = $this->wire(new DatabaseQuerySelect());
 		$query = $this->getLoadQuery($field, $query);
-		$query->where("$table.pages_id='$page_id'");
+		$bindKey = $query->bindValueGetKey($page->id); 
+		$query->where("$table.pages_id=$bindKey");
 		$query->from($table);
 		
 		try {
@@ -862,20 +864,22 @@ abstract class FieldtypeMulti extends Fieldtype {
 				(in_array($operator, array('>', '>=')) && $value < 0) ||
 				(in_array($operator, array('=', '>=')) && !$value)) {
 				// allow for possible zero values	
-				$query->where("(num_$t{$operator}$value OR num_$t IS NULL)"); // QA
+				$bindKey = $query->bindValueGetKey($value);
+				$query->where("(num_$t{$operator}$bindKey OR num_$t IS NULL)"); // QA
 			} else {
 				// non zero values
-				$query->where("num_$t{$operator}$value"); // QA
+				$bindKey = $query->bindValueGetKey($value);
+				$query->where("num_$t{$operator}$bindKey"); // QA
 			}
 
 			// only allow matches using templates with the requested field
 			$templates = $field->getTemplates();
 			if(count($templates)) {
-				$sql = 'pages.templates_id IN(';
+				$ids = array();
 				foreach($templates as $template) {
-					$sql .= ((int) $template->id) . ',';
+					$ids[] = (int) $template->id;
 				}
-				$sql = rtrim($sql, ',') . ')';
+				$sql = 'pages.templates_id IN(' . implode(',', $ids) . ')'; // QA
 			} else {
 				$sql = 'pages.templates_id=0';
 			}
diff --git a/wire/modules/Fieldtype/FieldtypeFile.module b/wire/modules/Fieldtype/FieldtypeFile.module
index c9d5a716..28b245d4 100644
--- a/wire/modules/Fieldtype/FieldtypeFile.module
+++ b/wire/modules/Fieldtype/FieldtypeFile.module
@@ -1025,7 +1025,7 @@ class FieldtypeFile extends FieldtypeMulti implements ConfigurableModule {
 		$hasTags = $fileSchema & self::fileSchemaTags;
 		$useTags = $field->get('useTags') || $contextField->get('useTags');
 		
-		if(!$hasFilesize || !$hasFiledata || !$hasDate || !$hasTags) {
+		if(!$hasFilesize || !$hasFiledata || !$hasDate) { 
 			if(!$database->tableExists($table)) {
 				// new field being created, getting initial schema to create table
 				return $fileSchema;