diff --git a/app/controllers/CustomerController.scala b/app/controllers/CustomerController.scala
index c5477dc..ddb1d6f 100644
--- a/app/controllers/CustomerController.scala
+++ b/app/controllers/CustomerController.scala
@@ -105,10 +105,11 @@ class CustomerController @Inject() (ws: WSClient, config: Configuration) extends
   // get /rawcustomers/{customerId}
   def getRawCustomer(customerId: String) = Action {
     if (null == customerId) throw new InvalidCustomerRequestException
-    val sqlQuery = "SELECT first_name, last_name FROM customer WHERE id = " + customerId
+    val sqlQuery = "SELECT first_name, last_name FROM customer WHERE id = :id"
     val rawSql = RawSqlBuilder.parse(sqlQuery).create
     val query = CustomerController.db.find(classOf[Customer])
     query.setRawSql(rawSql)
+    query.setParameter("id", customerId)
     val customer = query.findList.asScala
     if (null == customer || customer.isEmpty) throw new CustomerNotFoundException
     Ok(Json.toJson(customer))