diff --git a/plugins/entityreference_selection/ProjectIssue_SelectionHandler_Issues.class.php b/plugins/entityreference_selection/ProjectIssue_SelectionHandler_Issues.class.php
index a1bb65c..76db10a 100644
--- a/plugins/entityreference_selection/ProjectIssue_SelectionHandler_Issues.class.php
+++ b/plugins/entityreference_selection/ProjectIssue_SelectionHandler_Issues.class.php
@@ -42,7 +42,7 @@ class ProjectIssue_SelectionHandler_Issues extends EntityReference_SelectionHand
   /**
    * Implements EntityReferenceHandler::getReferencableEntities().
    */
-  public function getReferencableEntities($match = NULL, $match_operator = 'CONTAINS', $limit = 0) {
+  public function getReferencableEntities($match = NULL, $match_operator = 'CONTAINS', $limit = 100) {
     $options = array();
     $target_node_types = $this->field['settings']['handler_settings']['target_bundles'];
     // No target node types means all issue types may be selected.
@@ -52,6 +52,13 @@ class ProjectIssue_SelectionHandler_Issues extends EntityReference_SelectionHand
 
     global $base_url;
 
+    // Early return if the short match string would generate too many results.
+    // @todo: Make this configurable? Return even if user has ebereted #nid.
+    // It's unlikely they're trying to reference a two digit nid issue.
+    if (strlen($match) < 4) {
+      return $options;
+    }
+
     // If the given string begins with the site domain, try to match it to the
     // URL of an issue node.
     if (substr($match, 0, strlen($base_url)) == $base_url) {
@@ -78,7 +85,7 @@ class ProjectIssue_SelectionHandler_Issues extends EntityReference_SelectionHand
 
     // If the given string is of the form '#1234' then try to match that as a
     // nid.
-    if (substr($match, 0, 1) == '#') {
+    if (strpos($match, '#') === 0) {
       if (preg_match("@^#(\d+)\$@", $match)) {
         $nid = substr($match, 1);
         $node = node_load($nid);
@@ -103,7 +110,7 @@ class ProjectIssue_SelectionHandler_Issues extends EntityReference_SelectionHand
     if (isset($match)) {
       // Try to match on the title or nid.
       $query->condition(db_or()
-        ->condition('n.title', "%$match%", 'LIKE')
+        ->condition('n.title', '%' . db_like($match) . '%', 'LIKE')
         ->condition('n.nid', $match)
       );
     }
@@ -116,6 +123,15 @@ class ProjectIssue_SelectionHandler_Issues extends EntityReference_SelectionHand
       $query->condition('n.status', NODE_PUBLISHED);
     }
 
+    // Limit the number of returned results.
+    if (!empty($limit) {
+      $query->range(0, $limit);
+    }
+
+    // Order most recently changed nodes on top.
+    // @todo: Order by string match length?
+    $query->orderBy('n.changed', 'DESC')
+
     $node_data = $query
       ->fields('n', array('nid', 'title', 'type'))
       ->addTag('node_access')