diff --git a/WebGoat/App_Code/DB/SqliteDbProvider.cs b/WebGoat/App_Code/DB/SqliteDbProvider.cs
index 0e88a6d..d7dd990 100644
--- a/WebGoat/App_Code/DB/SqliteDbProvider.cs
+++ b/WebGoat/App_Code/DB/SqliteDbProvider.cs
@@ -76,14 +76,15 @@ public bool IsValidCustomerLogin(string email, string password)
             string encoded_password = Encoder.Encode(password);
             
             //check email/password
-            string sql = "select * from CustomerLogin where email = '" + email + "' and password = '" + 
-                         encoded_password + "';";
+            string sql = "select * from CustomerLogin where email = @Email and password = @Password;";
                         
             using (SqliteConnection connection = new SqliteConnection(_connectionString))
             {
                 connection.Open();
 
                 SqliteDataAdapter da = new SqliteDataAdapter(sql, connection);
+                da.SelectCommand.Parameters.AddWithValue("@Email", email);
+                da.SelectCommand.Parameters.AddWithValue("@Password", encoded_password);
             
                 //TODO: User reader instead (for all calls)
                 DataSet ds = new DataSet();
@@ -105,23 +106,23 @@ public bool IsValidCustomerLogin(string email, string password)
         }
 
         public bool RecreateGoatDb()
-        {
-            try
-            {
-                log.Info("Running recreate");
-                string args = string.Format("\"{0}\"", _dbFileName);
-                string script = Path.Combine(Settings.RootDir, DbConstants.DB_CREATE_SQLITE_SCRIPT);
-                int retVal1 = Math.Abs(Util.RunProcessWithInput(_clientExec, args, script));
-
-                script = Path.Combine(Settings.RootDir, DbConstants.DB_LOAD_SQLITE_SCRIPT);
-                int retVal2 = Math.Abs(Util.RunProcessWithInput(_clientExec, args, script));
-
-                return Math.Abs(retVal1) + Math.Abs(retVal2) == 0;
-            }
-            catch (Exception ex)
-            {
-                log.Error("Error rebulding DB", ex);
-                return false;
+        {
+            try
+            {
+                log.Info("Running recreate");
+                string args = string.Format("\"{0}\"", _dbFileName);
+                string script = Path.Combine(Settings.RootDir, DbConstants.DB_CREATE_SQLITE_SCRIPT);
+                int retVal1 = Math.Abs(Util.RunProcessWithInput(_clientExec, args, script));
+
+                script = Path.Combine(Settings.RootDir, DbConstants.DB_LOAD_SQLITE_SCRIPT);
+                int retVal2 = Math.Abs(Util.RunProcessWithInput(_clientExec, args, script));
+
+                return Math.Abs(retVal1) + Math.Abs(retVal2) == 0;
+            }
+            catch (Exception ex)
+            {
+                log.Error("Error rebulding DB", ex);
+                return false;
             }
         }
 
@@ -587,4 +588,4 @@ public DataSet GetCustomerEmails(string email)
         }
 
     }
-}
\ No newline at end of file
+}