diff --git a/src/database.rs b/src/database.rs
index 0e14a77..dcbdbd0 100644
--- a/src/database.rs
+++ b/src/database.rs
@@ -32,12 +32,12 @@ impl Database {
 
     pub fn get_comments(&self, content_id: &str) -> Result<Vec<Comment>> {
         self.conn
-            .prepare(&format!("SELECT id, author, email, text, timestamp FROM comment WHERE content_id='{content_id}' AND parent IS NULL ORDER BY timestamp DESC"))?
-            .query_map([], |row| {
+            .prepare("SELECT id, author, email, text, timestamp FROM comment WHERE content_id=?1 AND parent IS NULL ORDER BY timestamp DESC")?
+            .query_map(params![content_id], |row| {
                 let id = row.get::<usize, Option<i64>>(0)?.unwrap();
                 let replies = self.conn
-                    .prepare(&format!("SELECT id, author, email, text, timestamp FROM comment WHERE parent={id}"))?
-                    .query_map([], |row| {
+                    .prepare("SELECT id, author, email, text, timestamp FROM comment WHERE parent=?1")?
+                    .query_map(params![id], |row| {
                         Ok(Comment {
                             id: row.get(0)?,
                             author: row.get(1)?,