diff --git a/src/cloud/cron_script/controllers/server.go b/src/cloud/cron_script/controllers/server.go
index cc7448fb7a3..bc8062b9905 100644
--- a/src/cloud/cron_script/controllers/server.go
+++ b/src/cloud/cron_script/controllers/server.go
@@ -346,17 +346,22 @@ func (s *Server) GetScripts(ctx context.Context, req *cronscriptpb.GetScriptsReq
 		ids[i] = utils.UUIDFromProtoOrNil(id)
 	}
 
-	strQuery := `SELECT id, org_id, script, cluster_ids, PGP_SYM_DECRYPT(configs, '%s'::text) as configs, enabled, frequency_s FROM cron_scripts WHERE org_id='%s' AND id IN (?)`
-	strQuery = fmt.Sprintf(strQuery, s.dbKey, orgID)
+	strQuery := "SELECT id, org_id, script, cluster_ids, PGP_SYM_DECRYPT(configs, ? ::text) as configs, enabled, frequency_s FROM cron_scripts WHERE org_id=? AND id IN (?)"
+	cronErr := status.Error(codes.Internal, "Failed to get cron scripts")
+
+	query, args, err := sqlx.In(strQuery, s.dbKey, orgID, ids)
 
-	query, args, err := sqlx.In(strQuery, ids)
 	if err != nil {
-		return nil, status.Error(codes.Internal, "Failed to get cron scripts")
+		log.WithError(err).Error("Failed to bind parameters for cron scripts query")
+		return nil, cronErr
 	}
+
 	query = s.db.Rebind(query)
 	rows, err := s.db.Queryx(query, args...)
+
 	if err != nil {
-		return nil, status.Error(codes.Internal, "Failed to get cron scripts")
+		log.WithError(err).Error(fmt.Sprintf("Failed to run cron scripts query: %s", query))
+		return nil, cronErr
 	}
 
 	defer rows.Close()
diff --git a/src/cloud/vzmgr/controllers/server.go b/src/cloud/vzmgr/controllers/server.go
index d22c5d60a01..de75ee8910c 100644
--- a/src/cloud/vzmgr/controllers/server.go
+++ b/src/cloud/vzmgr/controllers/server.go
@@ -347,10 +347,9 @@ func (s *Server) GetVizierInfos(ctx context.Context, req *vzmgrpb.GetVizierInfos
               i.control_plane_pod_statuses, i.unhealthy_data_plane_pod_statuses,
 							i.num_nodes, i.num_instrumented_nodes, i.status_message, i.prev_status, i.prev_status_time
               FROM vizier_cluster_info as i, vizier_cluster as c
-              WHERE i.vizier_cluster_id=c.id AND i.vizier_cluster_id IN (?) AND c.org_id='%s'`
-	strQuery = fmt.Sprintf(strQuery, orgIDstr)
+              WHERE i.vizier_cluster_id=c.id AND i.vizier_cluster_id IN (?) AND c.org_id=?`
 
-	query, args, err := sqlx.In(strQuery, ids)
+	query, args, err := sqlx.In(strQuery, ids, orgIDstr)
 	if err != nil {
 		return nil, err
 	}