diff --git a/sections/api/index.php b/sections/api/index.php
index 264bcc8f..831817d7 100644
--- a/sections/api/index.php
+++ b/sections/api/index.php
@@ -32,7 +32,7 @@
 	$DB->query("
 		SELECT Token, Name
 		FROM api_applications
-		WHERE ID = '$AppID'
+		WHERE ID = '"+db_string($AppID)+"'
 		LIMIT 1");
 	$App = $DB->to_array(false, MYSQLI_ASSOC);
 	$Cache->cache_value("api_apps_$AppID", $App, 0);
@@ -54,7 +54,7 @@
 		$DB->query("
 			SELECT AppID, Token, State, Time, Access
 			FROM api_users
-			WHERE UserID = '$UserID'
+			WHERE UserID = '"+db_string($UserID)+"'
 			LIMIT 1"); //int, no db_string
 		$User = $DB->to_array('AppID', MYSQLI_ASSOC);
 		$Cache->cache_value("api_users_$UserID", $User, 0);