diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php
index e341a57943cc65d364cdd7296030fab76dd2c8da..e817fcbd44b3cdcaa7518b6c6f4ed8a8ee697398 100755
--- a/interface/lib/app.inc.php
+++ b/interface/lib/app.inc.php
@@ -356,8 +356,8 @@ class app {
 			$forwarded_host = (isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : null );
 			if($forwarded_host !== null && $forwarded_host !== $cookie_domain) {
 				// Just check for complete domain name and not auto subdomains
-				$sql = "SELECT domain_id from web_domain where domain = '$forwarded_host'";
-				$recs = $this->db->queryOneRecord($sql);
+				$sql = "SELECT domain_id from web_domain where domain = ?";
+				$recs = $this->db->queryOneRecord($sql, $forwarded_host);
 				if($recs !== null) {
 					$cookie_domain = $forwarded_host;
 				}