diff --git a/function.php b/function.php
index fdf109dd5..31b1beace 100644
--- a/function.php
+++ b/function.php
@@ -604,6 +604,10 @@ function preveriTipHierarhije()
         return false;
     }
 
+    // User id mora biti številka in ne sme bit 0, anketa ne sme vsebovati presledkov, ker gre za sql injection drugače
+    if(!is_numeric($global_user_id) || $global_user_id < 1 || preg_match('/(\s)/', $anketa)){
+        return false;
+    }
 
     $sql = sisplet_query("SELECT type FROM srv_hierarhija_users WHERE user_id='" . $global_user_id . "' AND anketa_id='" . $anketa . "'");
 
@@ -698,6 +702,11 @@ function getSurveyIdFromHash($hash){
     
     $ank_id = null;
 
+    // hash ne sme vsebovati presledkov
+    if(preg_match('/(\s)/', $hash)){
+        return false;
+    }
+
     $sql = sisplet_query("SELECT id FROM srv_anketa WHERE hash='".$hash."'");
     if (mysqli_num_rows($sql) > 0) {
         $row = mysqli_fetch_array($sql);