diff --git a/src/applications/maniphest/query/ManiphestTaskQuery.php b/src/applications/maniphest/query/ManiphestTaskQuery.php
--- a/src/applications/maniphest/query/ManiphestTaskQuery.php
+++ b/src/applications/maniphest/query/ManiphestTaskQuery.php
@@ -358,6 +358,10 @@
     $where[] = $this->buildOwnerWhereClause($conn);
 
     if ($this->taskIDs !== null) {
+      if (!ctype_digit(implode('', $this->taskIDs))) {
+        throw new PhutilSearchQueryCompilerSyntaxException(
+          pht('Task IDs must be integer numbers.'));
+      }
       $where[] = qsprintf(
         $conn,
         'task.id in (%Ld)',