diff --git a/cmd/serverFunc.go b/cmd/serverFunc.go
index 8bd96b6..4a0c0c9 100644
--- a/cmd/serverFunc.go
+++ b/cmd/serverFunc.go
@@ -106,7 +106,8 @@ func server() {
 func getUser(c *gin.Context) {
 	id := c.Param("userid")
 	user := user{}
-	err := db.QueryRow("SELECT id_alumno,nombre,apellido1,apellido2,email FROM alumnos WHERE id_alumno = "+id).Scan(&user.Id, &user.Name, &user.Surname1, &user.Surname2, &user.Email)
+	dynStmt := `SELECT id_alumno,nombre,apellido1,apellido2,email FROM alumnos WHERE id_alumno = $1`
+	err := db.QueryRow(dynStmt, id).Scan(&user.Id, &user.Name, &user.Surname1, &user.Surname2, &user.Email)
 	if err != nil {
 		if err == sql.ErrNoRows {
 			c.String(http.StatusNotFound, "User not found")