diff --git a/www/include/common/javascript/commandGetArgs/cmdGetExample.php b/www/include/common/javascript/commandGetArgs/cmdGetExample.php
index ce4a7d9722f..787f949d34a 100644
--- a/www/include/common/javascript/commandGetArgs/cmdGetExample.php
+++ b/www/include/common/javascript/commandGetArgs/cmdGetExample.php
@@ -58,13 +58,14 @@ function myDecodeService($arg)
         exit();
     }
 
-    $DBRESULT = $pearDB->query(
-        "SELECT `command_example` FROM `command` WHERE `command_id` = '". $pearDB->escape($_POST["index"]) ."'"
+    $statement = $pearDB->prepare(
+        "SELECT `command_example` FROM `command` WHERE `command_id` = :command_id"
     );
-    while ($arg = $DBRESULT->fetchRow()) {
+    $statement->bindValue(':command_id', (int) $_POST["index"], \PDO::PARAM_INT);
+    $statement->execute();
+    while ($arg = $statement->fetch(\PDO::FETCH_ASSOC)) {
         echo myDecodeService($arg["command_example"]);
     }
-    unset($arg);
-    unset($DBRESULT);
+    unset($arg, $statement);
     $pearDB = null;
 }