diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java
index b8237b8df..e54834121 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java
@@ -33,7 +33,7 @@ public class SqlInjectionLesson12a extends AssignmentEndpoint {
     @SneakyThrows
     public AttackResult completed(@RequestParam String ip) {
         Connection connection = DatabaseUtilities.getConnection(webSession);
-        PreparedStatement preparedStatement = connection.prepareStatement("select ip from servers where ip = ?");
+        PreparedStatement preparedStatement = connection.prepareStatement("select ip from servers where hostname = 'webgoat-prd' and ip = ?");
         preparedStatement.setString(1, ip);
         ResultSet resultSet = preparedStatement.executeQuery();
         if (resultSet.next()) {