diff -r e2579b63595a -r f24b730cb75e libidav/davqlparser.c
--- a/libidav/davqlparser.c	Tue Feb 07 18:36:28 2017 +0100
+++ b/libidav/davqlparser.c	Sun Jul 02 21:35:01 2017 +0200
@@ -475,6 +475,13 @@
 
     if (isdigit(firstchar)) {
         token->tokenclass = DAVQL_TOKEN_NUMBER;
+        // check, if all characters are digits
+        for (size_t i = 1 ; i < token->value.length ; i++) {
+            if (!isdigit(token->value.ptr[i])) {
+                token->tokenclass = DAVQL_TOKEN_INVALID;
+                break;
+            }
+        }
     } else if (firstchar == '%') {
         token->tokenclass = DAVQL_TOKEN_FMTSPEC;
     } else if (token->value.length == 1) {
@@ -496,6 +503,7 @@
         token->tokenclass = DAVQL_TOKEN_KEYWORD;
     } else {
         token->tokenclass = DAVQL_TOKEN_IDENTIFIER;
+        // TODO: check for illegal characters
     }
     
     // remove quotes (extreme cool feature)