diff --git a/routes/user.py b/routes/user.py
index bbc9917a..6c1f4d69 100644
--- a/routes/user.py
+++ b/routes/user.py
@@ -20,21 +20,31 @@ def user(userName):
     match str(userName).lower() in str(users).lower():
         case True:
             message("2", f'USER: "{userName}" FOUND')
-            cursor.execute(f'select * from users where lower(userName) = "{userName}"')
+            cursor.execute(
+                """select * from users where lower(userName) = ?""",
+                [(userName)],
+            )
             user = cursor.fetchone()
             connection = sqlite3.connect(DB_POSTS_ROOT)
             cursor = connection.cursor()
-            cursor.execute(f'select views from posts where author = "{user[1]}"')
+            cursor.execute(
+                """select views from posts where author = ?""",
+                [(user[1])],
+            )
             viewsData = cursor.fetchall()
             views = 0
             for view in viewsData:
                 views += int(view[0])
-            cursor.execute(f'select * from posts where author = "{user[1]}"')
+            cursor.execute(
+                """select * from posts where author = ?""",
+                [(user[1])],
+            )
             posts = cursor.fetchall()
             connection = sqlite3.connect(DB_COMMENTS_ROOT)
             cursor = connection.cursor()
             cursor.execute(
-                f'select * from comments where lower(user) = "{userName.lower()}"'
+                """select * from comments where lower(user) = ?""",
+                [(userName.lower())],
             )
             comments = cursor.fetchall()
             if posts: