diff --git a/src/main/java/org/owasp/benchmark/testcode/Benchmark00603.java b/src/main/java/org/owasp/benchmark/testcode/Benchmark00603.java
index e935a24..3d47646 100644
--- a/src/main/java/org/owasp/benchmark/testcode/Benchmark00603.java
+++ b/src/main/java/org/owasp/benchmark/testcode/Benchmark00603.java
@@ -61,12 +61,15 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                 org.owasp.benchmark.helpers.ThingFactory.createThing();
         String bar = thing.doSomething(param);
 
-        String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+        String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD=?";
 
         try {
-            java.sql.Statement statement =
-                    org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
-            statement.execute(sql, java.sql.Statement.RETURN_GENERATED_KEYS);
+            java.sql.Connection connection =
+                    org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
+            java.sql.PreparedStatement statement =
+                    connection.prepareStatement(sql, java.sql.Statement.RETURN_GENERATED_KEYS);
+            statement.setString(1, bar);
+            statement.execute();
             org.owasp.benchmark.helpers.DatabaseHelper.printResults(statement, sql, response);
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {