diff --git a/app.py b/app.py
index abef24f..d51ec3e 100644
--- a/app.py
+++ b/app.py
@@ -19,8 +19,8 @@ def init_db():
 def get_user():
    user_id = request.args.get('id')
    cursor = conn.cursor()
-   # Introducing SQL Injection vulnerability
-   cursor.execute(f"SELECT name FROM user WHERE id = {user_id}")
+   # Use parameterized query to prevent SQL Injection
+   cursor.execute("SELECT name FROM user WHERE id = ?", (user_id,))
    user = cursor.fetchone()
    if user:
        return f"User: {user[0]}"