diff --git a/data/static/codefixes/unionSqlInjectionChallenge_1.ts b/data/static/codefixes/unionSqlInjectionChallenge_1.ts
index 8ef9f5af173..607af417644 100644
--- a/data/static/codefixes/unionSqlInjectionChallenge_1.ts
+++ b/data/static/codefixes/unionSqlInjectionChallenge_1.ts
@@ -2,8 +2,10 @@ module.exports = function searchProducts () {
   return (req: Request, res: Response, next: NextFunction) => {
     let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
     criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
-    criteria.replace(/"|'|;|and|or/i, "")
-    models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`)
+    models.sequelize.query(
+      "SELECT * FROM Products WHERE ((name LIKE :criteria OR description LIKE :criteria) AND deletedAt IS NULL) ORDER BY name",
+      { replacements: { criteria: `%${criteria}%` } }
+    )
       .then(([products]: any) => {
         const dataString = JSON.stringify(products)
         for (let i = 0; i < products.length; i++) {
@@ -15,4 +17,4 @@ module.exports = function searchProducts () {
         next(error.parent)
       })
   }
-}
\ No newline at end of file
+}