diff --git a/backend/ride/promo/getPromoBytody.php b/backend/ride/promo/getPromoBytody.php
index af6b86d..c753e30 100644
--- a/backend/ride/promo/getPromoBytody.php
+++ b/backend/ride/promo/getPromoBytody.php
@@ -2,7 +2,7 @@
 require_once __DIR__ . '/../../connect.php';
 
 
- $passengerID = filterRequest("passengerID"); 
+ $passengerID = filterRequest("passengerID");
 
 $sql = "SELECT
    `id`, `promo_code`, `amount`, `description`, `passengerID`, `validity_start_date`,
@@ -10,12 +10,12 @@ $sql = "SELECT
 FROM
     `promos`
 WHERE
-    (passengerID = '$passengerID' OR passengerID LIKE '%all%')
+    (passengerID = :passengerID OR passengerID IN ('', 'none', 'all'))
     AND promos.validity_start_date <= CURDATE()
     AND promos.validity_end_date >= CURDATE();";
 
 $stmt = $con->prepare($sql);
-$stmt->execute();
+$stmt->execute([':passengerID' => $passengerID]);
 $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
 
 if ($result) {