diff --git a/api/api.php b/api/api.php
index 0043df3..ef7bc6a 100644
--- a/api/api.php
+++ b/api/api.php
@@ -12,7 +12,7 @@ function get_mysql() {
     }
 
     function add($uuid, $reason) {
-        get_mysql()->query("insert into bans (uuid, date, reason) values ('$uuid', '" . date("Y-m-d H:i:s") . "', '$reason')");
+        get_mysql()->query("insert into bans (uuid, date, reason) values ('$uuid', '" . date("Y-m-d H:i:s") . "', '".get_mysql()->real_escape_string($reason)."')");
     }
 
     function remove($uuid) {
@@ -22,4 +22,4 @@ function remove($uuid) {
     function get($uuid) {
         return get_mysql()->query("select * from bans where uuid = '$uuid'")->fetch_assoc();
     }
-?>
\ No newline at end of file
+?>