diff --git a/src/main/java/fr/xephi/authme/datasource/MySQL.java b/src/main/java/fr/xephi/authme/datasource/MySQL.java
index 713901bf..881747c2 100644
--- a/src/main/java/fr/xephi/authme/datasource/MySQL.java
+++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java
@@ -919,18 +919,18 @@ public class MySQL implements DataSource {
     public synchronized List<String> getAllAuthsByName(PlayerAuth auth) {
         List<String> result = new ArrayList<>();
         try (Connection con = getConnection()) {
-            PreparedStatement pst = con.prepareStatement(new Query(this)
+            PreparedStatement pst = getConnection().prepareStatement(new Query(this)
             		.select(columnName)
             		.from(tableName)
-            		.addWhere(columnIp + "='" + auth.getIp() + "'", null)
+            		.addWhere(columnIp + "=?", null)
             		.build()
             		.getQuery());
+            pst.setString(1, auth.getIp());
             ResultSet rs = pst.executeQuery();
             while (rs.next()) {
                 result.add(rs.getString(columnName));
             }
             rs.close();
-            pst.close();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
             ConsoleLogger.writeStackTrace(ex);
@@ -950,19 +950,19 @@ public class MySQL implements DataSource {
     @Override
     public synchronized List<String> getAllAuthsByIp(String ip) {
         List<String> result = new ArrayList<>();
-        try (Connection con = getConnection()) {
-            PreparedStatement pst = con.prepareStatement(new Query(this)
+        try {
+            PreparedStatement pst = getConnection().prepareStatement(new Query(this)
             		.select(columnName)
             		.from(tableName)
-            		.addWhere(columnIp + "='" + ip + "'", null)
+            		.addWhere(columnIp + "=?", null)
             		.build()
             		.getQuery());
+            pst.setString(1, ip);
             ResultSet rs = pst.executeQuery();
             while (rs.next()) {
                 result.add(rs.getString(columnName));
             }
             rs.close();
-            pst.close();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
             ConsoleLogger.writeStackTrace(ex);
@@ -982,19 +982,19 @@ public class MySQL implements DataSource {
     @Override
     public synchronized List<String> getAllAuthsByEmail(String email){
         List<String> countEmail = new ArrayList<>();
-        try (Connection con = getConnection()) {
-            PreparedStatement pst = con.prepareStatement(new Query(this)
+        try {
+            PreparedStatement pst = getConnection().prepareStatement(new Query(this)
             		.select(columnName)
             		.from(tableName)
-            		.addWhere(columnEmail + "='" + email + "'", null)
+            		.addWhere(columnEmail + "=?", null)
             		.build()
             		.getQuery());
+            pst.setString(1, email);
             ResultSet rs = pst.executeQuery();
             while (rs.next()) {
                 countEmail.add(rs.getString(columnName));
             }
             rs.close();
-            pst.close();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
             ConsoleLogger.writeStackTrace(ex);
@@ -1049,13 +1049,14 @@ public class MySQL implements DataSource {
     @Override
     public boolean isLogged(String user) {
         boolean isLogged = false;
-        try (Connection con = getConnection()) {
-        	PreparedStatement pst = con.prepareStatement(new Query(this)
+        try {
+        	PreparedStatement pst = getConnection().prepareStatement(new Query(this)
         			.select(columnLogged)
         			.from(tableName)
-        			.addWhere(columnName + "='" + user + "'", null)
+        			.addWhere(columnName + "=?", null)
         			.build()
         			.getQuery());
+        	pst.setString(1, user);
             ResultSet rs = pst.executeQuery();
             isLogged = rs.next() && (rs.getInt(columnLogged) == 1);
         } catch (SQLException ex) {
@@ -1074,16 +1075,16 @@ public class MySQL implements DataSource {
      */
     @Override
     public void setLogged(String user) {
-        try (Connection con = getConnection()) {
-            PreparedStatement pst = con.prepareStatement(new Query(this)
+        try {
+            PreparedStatement pst = getConnection().prepareStatement(new Query(this)
             		.update()
             		.from(tableName)
-            		.addUpdateSet(columnLogged + "=" + 1)
-            		.addWhere(columnName + "='" + user.toLowerCase() + "'", null)
+            		.addUpdateSet(columnLogged + "='1'")
+            		.addWhere(columnName + "=?", null)
             		.build()
             		.getQuery());
+            pst.setString(1, user.toLowerCase());
             pst.executeUpdate();
-            pst.close();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
             ConsoleLogger.writeStackTrace(ex);
@@ -1099,16 +1100,16 @@ public class MySQL implements DataSource {
      */
     @Override
     public void setUnlogged(String user) {
-        try (Connection con = getConnection()) {
-            PreparedStatement pst = con.prepareStatement(new Query(this)
+        try {
+            PreparedStatement pst = getConnection().prepareStatement(new Query(this)
             		.update()
             		.from(tableName)
-            		.addUpdateSet(columnLogged + "=" + 0)
-            		.addWhere(columnName + "='" + user.toLowerCase() + "'", null)
+            		.addUpdateSet(columnLogged + "='0'")
+            		.addWhere(columnName + "=?", null)
             		.build()
             		.getQuery());
+            pst.setString(1, user.toLowerCase());
             pst.executeUpdate();
-            pst.close();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
             ConsoleLogger.writeStackTrace(ex);
@@ -1182,10 +1183,12 @@ public class MySQL implements DataSource {
             		con.prepareStatement(new Query(this)
             		.update()
             		.from(tableName)
-            		.addUpdateSet(columnName + "='" + newOne + "'")
-            		.addWhere(columnName + "='" + oldOne + "'", null)
+            		.addUpdateSet(columnName + "=?")
+            		.addWhere(columnName + "=?", null)
             		.build()
             		.getQuery());
+            pst.setString(1, newOne);
+            pst.setString(2, oldOne);
             pst.executeUpdate();
             pst.close();
         } catch (Exception ex) {
diff --git a/src/main/java/fr/xephi/authme/datasource/SQLite.java b/src/main/java/fr/xephi/authme/datasource/SQLite.java
index b753ba24..e541baf5 100644
--- a/src/main/java/fr/xephi/authme/datasource/SQLite.java
+++ b/src/main/java/fr/xephi/authme/datasource/SQLite.java
@@ -612,9 +612,10 @@ public class SQLite implements DataSource {
             PreparedStatement pst = getConnection().prepareStatement(new Query(this)
             		.select(columnName)
             		.from(tableName)
-            		.addWhere(columnIp + "='" + auth.getIp() + "'", null)
+            		.addWhere(columnIp + "=?", null)
             		.build()
             		.getQuery());
+            pst.setString(1, auth.getIp());
             ResultSet rs = pst.executeQuery();
             while (rs.next()) {
                 result.add(rs.getString(columnName));
@@ -643,9 +644,10 @@ public class SQLite implements DataSource {
             PreparedStatement pst = getConnection().prepareStatement(new Query(this)
             		.select(columnName)
             		.from(tableName)
-            		.addWhere(columnIp + "='" + ip + "'", null)
+            		.addWhere(columnIp + "=?", null)
             		.build()
             		.getQuery());
+            pst.setString(1, ip);
             ResultSet rs = pst.executeQuery();
             while (rs.next()) {
                 result.add(rs.getString(columnName));
@@ -674,9 +676,10 @@ public class SQLite implements DataSource {
             PreparedStatement pst = getConnection().prepareStatement(new Query(this)
             		.select(columnName)
             		.from(tableName)
-            		.addWhere(columnEmail + "='" + email + "'", null)
+            		.addWhere(columnEmail + "=?", null)
             		.build()
             		.getQuery());
+            pst.setString(1, email);
             ResultSet rs = pst.executeQuery();
             while (rs.next()) {
                 countEmail.add(rs.getString(columnName));
@@ -739,9 +742,10 @@ public class SQLite implements DataSource {
         	PreparedStatement pst = getConnection().prepareStatement(new Query(this)
         			.select(columnLogged)
         			.from(tableName)
-        			.addWhere(columnName + "='" + user + "'", null)
+        			.addWhere(columnName + "=?", null)
         			.build()
         			.getQuery());
+        	pst.setString(1, user);
             ResultSet rs = pst.executeQuery();
             isLogged = rs.next() && (rs.getInt(columnLogged) == 1);
         } catch (SQLException ex) {
@@ -765,9 +769,10 @@ public class SQLite implements DataSource {
             		.update()
             		.from(tableName)
             		.addUpdateSet(columnLogged + "='1'")
-            		.addWhere(columnName + "='" + user.toLowerCase() + "'", null)
+            		.addWhere(columnName + "=?", null)
             		.build()
             		.getQuery());
+            pst.setString(1, user.toLowerCase());
             pst.executeUpdate();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
@@ -789,9 +794,10 @@ public class SQLite implements DataSource {
             		.update()
             		.from(tableName)
             		.addUpdateSet(columnLogged + "='0'")
-            		.addWhere(columnName + "='" + user.toLowerCase() + "'", null)
+            		.addWhere(columnName + "=?", null)
             		.build()
             		.getQuery());
+            pst.setString(1, user.toLowerCase());
             pst.executeUpdate();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
@@ -859,15 +865,17 @@ public class SQLite implements DataSource {
      */
     @Override
     public void updateName(String oldOne, String newOne) {
-        try {
+        try (Connection con = getConnection()) {
             PreparedStatement pst =
-            		getConnection().prepareStatement(new Query(this)
+            		con.prepareStatement(new Query(this)
             		.update()
             		.from(tableName)
-            		.addUpdateSet(columnName + "='" + newOne + "'")
-            		.addWhere(columnName + "='" + oldOne + "'", null)
+            		.addUpdateSet(columnName + "=?")
+            		.addWhere(columnName + "=?", null)
             		.build()
             		.getQuery());
+            pst.setString(1, newOne);
+            pst.setString(2, oldOne);
             pst.executeUpdate();
         } catch (Exception ex) {
             ConsoleLogger.showError(ex.getMessage());