diff --git a/api/blueweather.php b/api/blueweather.php
index 66a49d4..b7623e8 100644
--- a/api/blueweather.php
+++ b/api/blueweather.php
@@ -120,6 +120,12 @@ class BlueWeather
      */
     function getLocationData($locId, $range, $maxVals)
     {
+
+        $locId = $this->_con->real_escape_string($locId);
+        $range["from"] = $this->_con->real_escape_string($range["from"]);
+        $range["to"] = $this->_con->real_escape_string($range["to"]);
+        $maxVals = $this->_con->real_escape_string($maxVals);
+
         $sql = "SELECT * FROM `locations`
         WHERE`id`=$locId";
         $result = $this->_con->query($sql);
diff --git a/api/json.php b/api/json.php
index 45ab14b..f58c536 100644
--- a/api/json.php
+++ b/api/json.php
@@ -26,12 +26,7 @@ $blueweather = new BlueWeather($config);
 
 if (isset($_GET['locId'])) {
     // get data of given location
-    $locId = $con->real_escape_string($_GET['locId']);
-    $range['from'] = $con->real_escape_string($_GET['range']['from']);
-    $range['to'] = $con->real_escape_string($_GET['range']['to']);
-    $maxVals = $con->real_escape_string($_GET['maxVals']);
-
-    $data = getLocationData($locId, $range, $maxVals);
+    $data = getLocationData($_GET['locId'], $_GET['range'], $_GET['maxVals']);
 } else {
     $data = $blueweather->getAllLocations();
 }