--- a/view.php
+++ b/view.php
@@ -1,6 +1,12 @@
 <?php
 include("config.php");
-$data = $db->query("Select * from dcaas_services where acnabn = '31010545267' and service_name = 'Software as a Service (SaaS) - Microsoft Exchange e-mail';")->fetchAll(PDO::FETCH_ASSOC);
+$acnabn = filter_input(INPUT_GET,'acnabn', FILTER_SANITIZE_STRING);
+$service_name = filter_input(INPUT_GET,'service_name', FILTER_SANITIZE_STRING);
+$sth =  $db->prepare("Select * from dcaas_services where acnabn = :acnabn and service_name = :service_name");
+$sth->bindValue(':acnabn',$acnabn);
+$sth->bindValue(':service_name',$service_name);
+$sth->execute();
+$data = $sth->fetchAll(PDO::FETCH_ASSOC);
 if (count($data) == 0) {
     header('HTTP/1.0 404 Not Found');
     includeHeader('Not Found');