diff --git a/services/git-bridge/src/main/java/uk/ac/ic/wlgitbridge/writelatex/model/db/sql/update/delete/DeleteFilesForProjectSQLUpdate.java b/services/git-bridge/src/main/java/uk/ac/ic/wlgitbridge/writelatex/model/db/sql/update/delete/DeleteFilesForProjectSQLUpdate.java
index 98f26fb88b..4fef0e1431 100644
--- a/services/git-bridge/src/main/java/uk/ac/ic/wlgitbridge/writelatex/model/db/sql/update/delete/DeleteFilesForProjectSQLUpdate.java
+++ b/services/git-bridge/src/main/java/uk/ac/ic/wlgitbridge/writelatex/model/db/sql/update/delete/DeleteFilesForProjectSQLUpdate.java
@@ -25,9 +25,7 @@ public class DeleteFilesForProjectSQLUpdate implements SQLUpdate {
     public String getSQL() {
         StringBuilder sb = new StringBuilder(DELETE_URL_INDEXES_FOR_PROJECT_NAME);
         for (int i = 0; i < paths.length; i++) {
-            sb.append('\'');
-            sb.append(paths[i]);
-            sb.append('\'');
+            sb.append("?");
             if (i < paths.length - 1) {
                 sb.append(", ");
             }
@@ -39,6 +37,9 @@ public class DeleteFilesForProjectSQLUpdate implements SQLUpdate {
     @Override
     public void addParametersToStatement(PreparedStatement statement) throws SQLException {
         statement.setString(1, projectName);
+        for (int i = 0; i < paths.length; i++) {
+            statement.setString(i + 2, paths[i]);
+        }
     }
 
 }
diff --git a/services/git-bridge/src/test/java/uk/ac/ic/wlgitbridge/writelatex/model/db/sql/update/delete/DeleteFilesForProjectSQLUpdateTest.java b/services/git-bridge/src/test/java/uk/ac/ic/wlgitbridge/writelatex/model/db/sql/update/delete/DeleteFilesForProjectSQLUpdateTest.java
index c9e1371147..aad9ab3642 100644
--- a/services/git-bridge/src/test/java/uk/ac/ic/wlgitbridge/writelatex/model/db/sql/update/delete/DeleteFilesForProjectSQLUpdateTest.java
+++ b/services/git-bridge/src/test/java/uk/ac/ic/wlgitbridge/writelatex/model/db/sql/update/delete/DeleteFilesForProjectSQLUpdateTest.java
@@ -8,7 +8,7 @@ public class DeleteFilesForProjectSQLUpdateTest {
     @Test
     public void testGetSQL() {
         DeleteFilesForProjectSQLUpdate update = new DeleteFilesForProjectSQLUpdate("projname", "path1", "path2");
-        assertEquals("DELETE FROM `url_index_store` WHERE `project_name` = ? AND path IN ('path1', 'path2');\n", update.getSQL());
+        assertEquals("DELETE FROM `url_index_store` WHERE `project_name` = ? AND path IN (?, ?);\n", update.getSQL());
     }
 
 }
\ No newline at end of file