diff --git a/express/server.js b/express/server.js
index 236ebba..6e3dad2 100644
--- a/express/server.js
+++ b/express/server.js
@@ -51,12 +51,12 @@ try {
     var jsondata = JSON.parse(data);
     animals = jsondata.animals;
     for (const animal of animals) {
-      db.run(
-        `
-      INSERT INTO animals(name)
-      SELECT '${animal}'
-      WHERE NOT EXISTS(SELECT 1 FROM animals WHERE name = '${animal}');
+      db.run(`
+              INSERT INTO animals(name)
+                SELECT ?
+                WHERE NOT EXISTS(SELECT 1 FROM animals WHERE name = ?);
       `,
+        [animal, animal],
         (err) => {
           if (err) {
             console.error(`Error inserting animal ${animal}: `, err.message);
@@ -208,3 +208,5 @@ app.get("/results", async (req, res) => {
 app.listen(port, () => {
   console.log(`Server is running on port ${port}`);
 });
+
+// vim:set sts=2 sw=2 et: