diff --git a/pandora_console/extensions/grafana/query.php b/pandora_console/extensions/grafana/query.php
index 3c7a843542..ac54d98161 100644
--- a/pandora_console/extensions/grafana/query.php
+++ b/pandora_console/extensions/grafana/query.php
@@ -23,6 +23,9 @@ if ($headers['Authorization']) {
 
     list($user, $password) = explode(':', base64_decode($headers['Authorization']));
 
+    // Prevent sql injection.
+    $user = mysqli_real_escape_string($config['dbconnection'], $user);
+
     // Check user login
     $user_in_db = process_user_login($user, $password, true);
 
diff --git a/pandora_console/extensions/grafana/search.php b/pandora_console/extensions/grafana/search.php
index 9193dd290e..82b670398b 100644
--- a/pandora_console/extensions/grafana/search.php
+++ b/pandora_console/extensions/grafana/search.php
@@ -24,6 +24,9 @@ if ($headers['Authorization']) {
 
     list($user, $password) = explode(':', base64_decode($headers['Authorization']));
 
+    // Prevent sql injection.
+    $user = mysqli_real_escape_string($config['dbconnection'], $user);
+
     // Check user login
     $user_in_db = process_user_login($user, $password, true);