diff --git a/server.js b/server.js
index 26398b6..cae306f 100644
--- a/server.js
+++ b/server.js
@@ -86,7 +86,7 @@ app.get('/core/:id', function(req, res){
     var d = new Date();
     var coreId = req.params.id;
     console.log("GET /core/" + coreId + ", " + JSON.stringify(d, 4));
-    db.all("SELECT coreId, published_at, status, coreName FROM Alerts WHERE coreId = '" + coreId + "' ORDER BY published_at DESC LIMIT 30;", function(err, rows){
+    db.all("SELECT coreId, published_at, status, coreName FROM Alerts WHERE coreId = ? ORDER BY published_at DESC LIMIT 30;", coreId, function(err, rows){
         if(err !== null) {
             console.log(err);
         } else {