diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index d8835fb..1fb5d4a 100755
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -31,8 +31,7 @@ class UsersController < ApplicationController
     # Still an Insecure DoR vulnerability
     #user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])
 
-    #user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
-    user = User.where("user_id == '#{params[:user][:user_id]}'").first
+    user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
     if user
       user.skip_user_id_assign = true
       user.skip_hash_password = true