diff --git a/src/app/Http/Controllers/WaterLevelController.php b/src/app/Http/Controllers/WaterLevelController.php
index 674043dc..1e03f75c 100644
--- a/src/app/Http/Controllers/WaterLevelController.php
+++ b/src/app/Http/Controllers/WaterLevelController.php
@@ -23,20 +23,19 @@ class WaterLevelController extends Controller
         $sqlDate = \Carbon\Carbon::parse($displayDate)->format('Y-m-d H:i:s');
 
 
+        $bindings = [];
         $stationCondition = '';
         $dateCondition = '';
         if($stationFilter)
         {
-            $stationCondition = " WHERE s.stationid = '{$stationFilter}' ";
+            $stationCondition = " WHERE s.stationid = ? ";
+            $bindings[] = $stationFilter;
         }
         
-        
         if ($dateFilter) {
-          
-
-            $dateCondition = " AND w.datetime = '{$sqlDate}' ";
+            $dateCondition = " AND w.datetime = ? ";
+            $bindings[] = $sqlDate;
         } else {
-         
             $dateCondition = "
                 AND w.datetime = (
                     SELECT MAX(datetime)
@@ -44,7 +43,6 @@ class WaterLevelController extends Controller
                     WHERE w2.stationid = s.stationid
                 )
             ";
-
         }
         $wldata =collect(DB::select("
             SELECT s.*, w.*
@@ -54,7 +52,7 @@ class WaterLevelController extends Controller
             $stationCondition
             $dateCondition
             ORDER BY s.name ASC
-        "));
+        ", $bindings));
 
         
         $stations = DB::table('station')->select('stationid', 'name')