diff --git a/include/library/Cockpit/Bounce/Back.php b/include/library/Cockpit/Bounce/Back.php
index c65a48793..52d297968 100644
--- a/include/library/Cockpit/Bounce/Back.php
+++ b/include/library/Cockpit/Bounce/Back.php
@@ -80,7 +80,7 @@ class Cockpit_Bounce_Back extends Cana_Table {
 	}
 
 	public function checkBoundWasSent( $id_user, $id_order, $rule ){
-		$bounce = Cockpit_Bounce_Back::q( 'SELECT * FROM bounce_back WHERE id_user = "' . $id_user . '" AND id_order = "' . $id_order . '" AND rule = "' . $rule . '" ORDER BY id_bounce_back DESC LIMIT 1' );
+		$bounce = Cockpit_Bounce_Back::q( 'SELECT * FROM bounce_back WHERE id_user = ? AND id_order = ? AND rule = ? ORDER BY id_bounce_back DESC LIMIT 1', [$id_user, $id_order, $rule]);
 		if( $bounce->id_bounce_back ){
 			return true;
 		}
diff --git a/include/library/Crunchbutton/User/Payment/Type.php b/include/library/Crunchbutton/User/Payment/Type.php
index f0588b4b0..b43791164 100644
--- a/include/library/Crunchbutton/User/Payment/Type.php
+++ b/include/library/Crunchbutton/User/Payment/Type.php
@@ -10,7 +10,7 @@ class Crunchbutton_User_Payment_Type extends Cana_Table {
 		$id_user = ( $id_user ) ? $id_user : c::user()->id_user;
 		if( $id_user ){
 			$where = ' AND ' . Crunchbutton_User_Payment_Type::processor() . '_id IS NOT NULL';
-			$payment = Crunchbutton_User_Payment_Type::q( 'SELECT * FROM user_payment_type WHERE id_user = "' . $id_user . '" AND active = true ' . $where . ' ORDER BY id_user_payment_type DESC LIMIT 1' );
+			$payment = Crunchbutton_User_Payment_Type::q( 'SELECT * FROM user_payment_type WHERE id_user = ? AND active = true ' . $where . ' ORDER BY id_user_payment_type DESC LIMIT 1', [$id_user]);
 			if( $payment->id_user_payment_type ){
 				return $payment;
 			}
@@ -22,7 +22,7 @@ class Crunchbutton_User_Payment_Type extends Cana_Table {
 		if (!$this->id_user || !$this->id_user_payment_type) {
 			return false;
 		}
-		self::q('select * from user_payment_type where id_user="'.$this->id_user.'" and id_user_payment_type!= "'.$this->id_user_payment_type.'"')->each(function() {
+		self::q('select * from user_payment_type where id_user=? and id_user_payment_type!= ?', [$this->id_user, $this->id_user_payment_type])->each(function() {
 			$this->deactivate();
 		});
 	}