diff --git a/backup.py b/backup.py
index 50ad099..d7c2430 100644
--- a/backup.py
+++ b/backup.py
@@ -339,10 +339,8 @@ class DataBase:
         params = {'id': id,
                   'name': ', '.join([f"'{file['name']}'" for file in list_file]),
                   'path': ', '.join([f"'{file['path']}'" for file in list_file])}
-        cursor.execute("""SELECT 1 FROM files 
-            WHERE crypt_id={id}
-            AND name NOT IN ({name})
-            AND path NOT IN ({path})""".format(**params))
+        cursor.execute("""SELECT 1 FROM files WHERE crypt_id=? AND name NOT IN (?) AND path NOT IN (?)""",
+                       (params['id'], params['name'], params['path']))
         neighbour = cursor.fetchall()
         # if they have a neighbour don't overwrite it
         if len(neighbour) > 0:
@@ -351,22 +349,21 @@ class DataBase:
         else:
             # if they are different, define the same id for the files of this archive
             if len(set(crypt_id_list)) > 1:
-                cursor.execute("""UPDATE files SET crypt_id={id}
-                    WHERE name IN ({name})
-                    AND path IN ({path})""".format(**params))
+                cursor.execute("""UPDATE files SET crypt_id=? WHERE name IN (?) AND path IN (?)""",
+                               (params['id'], params['name'], params['path']))
             return id
 
     def get_files(self, path):
         cursor = self.conn.cursor()
-        cursor.execute("""SELECT id, name, path FROM files WHERE path LIKE '{path}%'"""
-                       .format(path=path))
+        cursor.execute("""SELECT id, name, path FROM files WHERE path LIKE ?""",
+                       (path + "%", ))
         list_file = cursor.fetchall()
         return list_file
 
     def delete_file(self, file):
         cursor = self.conn.cursor()
-        cursor.execute("""DELETE FROM files WHERE id='{id}' AND name='{name}' AND path='{path}'"""
-                       .format(**file))
+        cursor.execute("""DELETE FROM files WHERE id=? AND name=? AND path=?""",
+                               (file['id'], file['name'], file['path']))
         self.conn.commit()
 
     def get_orphan_crypt(self):
@@ -402,8 +399,8 @@ class DataBase:
 
     def set_crypt_attr(self, crypt_id, compress_mode=None, sha1sum=None):
         cursor = self.conn.cursor()
-        cursor.execute("""UPDATE crypt SET compress_mode='{mode}', sha1sum='{sum}' WHERE id='{id}'"""
-                       .format(id=crypt_id, mode=compress_mode, sum=sha1sum))
+        cursor.execute("""UPDATE crypt SET compress_mode=?, sha1sum=? WHERE id=?""",
+                       (compress_mode, sha1sum, crypt_id))
         self.conn.commit()
 
     def add(self, list_file):
@@ -419,8 +416,8 @@ class DataBase:
                                    (file['size'], file['m_date'], file['c_date'], crypt_id, file['name'], file['path']))
                     proceed = True
             else:
-                cursor.execute("""INSERT INTO files VALUES({id}, '{name}', '{path}', '{size}', '{m_date}', '{c_date}', {crypt_id})""".format(
-                    id=file_id, crypt_id=crypt_id, **file))
+                cursor.execute("""INSERT INTO files VALUES(?, ?, ?, ?, ?, ?, ?)""",
+                               (file_id, file['name'], file['path'], file['size'], file['m_date'], file['c_date'], crypt_id))
                 file_id += 1
                 proceed = True
         if proceed: