diff --git a/src/main/java/org/joychou/controller/SQLI.java b/src/main/java/org/joychou/controller/SQLI.java
index be46f45b..d5b0afba 100644
--- a/src/main/java/org/joychou/controller/SQLI.java
+++ b/src/main/java/org/joychou/controller/SQLI.java
@@ -62,6 +62,7 @@ public String jdbc_sqli_vul(@RequestParam("username") String username) {
 
             // sqli vuln code
             Statement statement = con.createStatement();
+            if(username.length() > 5) return "";
             String sql = "select * from users where username = '" + username + "'";
             logger.info(sql);
             ResultSet rs = statement.executeQuery(sql);