diff --git a/src/auth/login.py b/src/auth/login.py
index 0c156f8..47cfdd4 100644
--- a/src/auth/login.py
+++ b/src/auth/login.py
@@ -1,10 +1,2 @@
-# Authentication module
-
-def authenticate_user(username, password):
-    """Authenticate user credentials"""
-    # Line 45 - vulnerable SQL query
-    query = f"SELECT * FROM users WHERE username = '{username}'"
-    result = db.execute(query)
-    if result and check_password(password, result.password_hash):
-        return create_session(result)
-    return None
+    query = "SELECT * FROM users WHERE username = ?"
+    result = db.execute(query, (username,))
\ No newline at end of file