diff --git a/app/UseSqlite.py b/app/UseSqlite.py
index d9b3f22..67133ce 100644
--- a/app/UseSqlite.py
+++ b/app/UseSqlite.py
@@ -31,6 +31,20 @@ class Sqlite3Template:
         self.connect(self.db_fname)
         self.instructions(self.query)
         self.operate()
+        
+    def instructions_with_parameters(self, query_statement, parameters):
+        self.query = query_statement
+        self.parameters = parameters
+
+    def do_with_parameters(self):
+        self.connect(self.db_fname)
+        self.instructions_with_parameters(self.query, self.parameters)
+        self.operate_with_parameters()
+
+    def operate_with_parameters(self):
+        self.conn.row_factory = sqlite3.Row
+        self.results = self.conn.execute(self.query, self.parameters) # self.query is to be given in the child classes
+        self.conn.commit()
 
         
 class InsertQuery(Sqlite3Template):
diff --git a/app/main.py b/app/main.py
index 1356f12..72f7b79 100644
--- a/app/main.py
+++ b/app/main.py
@@ -38,8 +38,8 @@ def load_freq_history(path):
 
 def verify_user(username, password):
     rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
-    rq.instructions("SELECT * FROM user WHERE name='%s' AND password='%s'" % (username, password))
-    rq.do()
+    rq.instructions_with_parameters("SELECT * FROM user WHERE name=? AND password=?", (username, password))
+    rq.do_with_parameters()
     result = rq.get_results()
     return result != []