diff --git a/resources/install/scripts/disa.callback.loopback.lua b/resources/install/scripts/disa.callback.loopback.lua
index 6692c130be..2cd2181f61 100644
--- a/resources/install/scripts/disa.callback.loopback.lua
+++ b/resources/install/scripts/disa.callback.loopback.lua
@@ -23,15 +23,18 @@
 --	Mark J Crane <markjcrane@fusionpbx.com>
 --	Luis Daniel Lucio Quiroz <dlucio@okay.com.mx>
 
---debug
-	debug["sql"] = true;
-
 --include config.lua
 	require "resources.functions.config";
 
 --connect to the database
-	require "resources.functions.database_handle";
-	dbh = database_handle('system');
+	local Database = require "resources.functions.database";
+	dbh = Database.new('system');
+
+--include json library
+	local json
+	if (debug["sql"]) then
+		json = require "resources.functions.lunajson"
+	end
 
 	api = freeswitch.API();
 
@@ -41,14 +44,14 @@ context = argv[3];
 accountcode = argv[4];
 t_started = os.time();
 
-sql = "SELECT domain_uuid FROM v_domains WHERE domain_name='"..context.."'";
+local sql = "SELECT domain_uuid FROM v_domains WHERE domain_name=:context";
+local params = {context = context};
 if (debug["sql"]) then
-	freeswitch.consoleLog("debug", "[disa.callback] "..sql.."\n");
+	freeswitch.consoleLog("debug", "[disa.callback] SQL: "..sql.."; params: " .. json.encode(params) .. "\n");
 end
-
-status = dbh:query(sql, function(row)
+dbh:query(sql, params, function(row)
 	domain_uuid = row.domain_uuid;
-	end);
+end);
 
 a_dialstring = "{direction=outbound,origination_caller_id_number=*3472,outbound_caller_id_number=*3472,call_timeout=30,context="..context..",domain_name="..context..",domain="..context..",accountcode="..accountcode..",domain_uuid="..domain_uuid.."}loopback/"..aleg_number.."/"..context;
 freeswitch.consoleLog("info", "[disa.callback] a_dialstring " .. a_dialstring .. "\n");
diff --git a/resources/install/scripts/disa.callback.lua b/resources/install/scripts/disa.callback.lua
index 336e7a8da7..c215ca2059 100644
--- a/resources/install/scripts/disa.callback.lua
+++ b/resources/install/scripts/disa.callback.lua
@@ -23,15 +23,18 @@
 --	Mark J Crane <markjcrane@fusionpbx.com>
 --	Luis Daniel Lucio Quiroz <dlucio@okay.com.mx>
 
---debug
-	debug["sql"] = false;
-
 --include config.lua
 	require "resources.functions.config";
 
 --connect to the database
-	require "resources.functions.database_handle";
-	dbh = database_handle('system');
+	local Database = require "resources.functions.database";
+	dbh = Database.new('system');
+
+--include json library
+	local json
+	if (debug["sql"]) then
+		json = require "resources.functions.lunajson"
+	end
 
 	api = freeswitch.API();
 
@@ -44,14 +47,14 @@ context = argv[3];
 accountcode = argv[4];
 t_started = os.time();
 
-sql = "SELECT domain_uuid FROM v_domains WHERE domain_name='"..context.."'";
+local sql = "SELECT domain_uuid FROM v_domains WHERE domain_name=:context";
+local params = {context = context};
 if (debug["sql"]) then
-	freeswitch.consoleLog("debug", "[disa.callback] "..sql.."\n");
+	freeswitch.consoleLog("debug", "[disa.callback] SQL: "..sql.."; params: " .. json.encode(params) .. "\n");
 end
-
-status = dbh:query(sql, function(row)
+dbh:query(sql, params, function(row)
 	domain_uuid = row.domain_uuid;
-	end);
+end);
 
 cmd = "user_exists id ".. aleg_number .." "..context;
 a_user_exists = trim(api:executeString(cmd));
@@ -63,8 +66,8 @@ if (a_user_exists == "true") then
 	extension_uuid = trim(api:executeString(cmd));
 	a_dialstring = "[origination_caller_id_number=*3472,outbound_caller_id_number=*3472,call_timeout=30,context="..context..",sip_invite_domain="..context..",domain_name="..context..",domain="..context..",accountcode="..accountcode..",domain_uuid="..domain_uuid.."]user/"..aleg_number.."@"..context;
 else
-	sql = [[select * from v_dialplans as d, v_dialplan_details as s
-			where (d.domain_uuid = ']] .. domain_uuid .. [[' or d.domain_uuid is null)
+	local sql = [[select * from v_dialplans as d, v_dialplan_details as s
+			where (d.domain_uuid = :domain_uuid or d.domain_uuid is null)
 				and d.app_uuid = '8c914ec3-9fc0-8ab5-4cda-6c9288bdc9a3'
 				and d.dialplan_enabled = 'true'
 				and d.dialplan_uuid = s.dialplan_uuid
@@ -79,15 +82,16 @@ else
 				WHEN 'anti-action' THEN 3
 				ELSE 100 END,
 				s.dialplan_detail_order asc ]]
+	local params = {domain_uuid = domain_uuid};
 	if (debug["sql"]) then
-		freeswitch.consoleLog("notice", "[disa ] sql for dialplans:" .. sql .. "\n");
+		freeswitch.consoleLog("notice", "[disa ] sql for dialplans:" .. sql .. "; params: " .. json.encode(params) .. "\n");
 	end
 	dialplans = {};
 	x = 1;
-	assert(dbh:query(sql, function(row)
+	assert(dbh:query(sql, params, function(row)
 		dialplans[x] = row;
 		x = x + 1;
-		end));
+	end));
 
 	y = 0;
 	previous_dialplan_uuid = '';
@@ -176,8 +180,8 @@ if session1:ready() and session1:answered() then
 		extension_uuid = trim(api:executeString(cmd));
 		b_dialstring = "[origination_caller_id_number=*3472,outbound_caller_id_number=*3472,call_timeout=30,context="..context..",sip_invite_domain="..context..",domain_name="..context..",domain="..context..",accountcode="..accountcode..",domain_uuid="..domain_uuid.."]user/"..bleg_number.."@"..context;
 	else
-		sql = [[select * from v_dialplans as d, v_dialplan_details as s
-			where (d.domain_uuid = ']] .. domain_uuid .. [[' or d.domain_uuid is null)
+		local sql = [[select * from v_dialplans as d, v_dialplan_details as s
+			where (d.domain_uuid = :domain_uuid or d.domain_uuid is null)
 				and d.app_uuid = '8c914ec3-9fc0-8ab5-4cda-6c9288bdc9a3'
 				and d.dialplan_enabled = 'true'
 				and d.dialplan_uuid = s.dialplan_uuid
@@ -192,12 +196,13 @@ if session1:ready() and session1:answered() then
 				WHEN 'anti-action' THEN 3
 				ELSE 100 END,
 				s.dialplan_detail_order asc ]]
+		local params = {domain_uuid = domain_uuid};
 		if (debug["sql"]) then
-			freeswitch.consoleLog("notice", "[disa ] sql for dialplans:" .. sql .. "\n");
+			freeswitch.consoleLog("notice", "[disa ] sql for dialplans:" .. sql .. "; params: " .. json.encode(params) .. "\n");
 		end
 		dialplans = {};
 		x = 1;
-		assert(dbh:query(sql, function(row)
+		assert(dbh:query(sql, params, function(row)
 			dialplans[x] = row;
 			x = x + 1;
 			end));
diff --git a/resources/install/scripts/disa.plus.lua b/resources/install/scripts/disa.plus.lua
index 4f92687686..7da02b87ee 100644
--- a/resources/install/scripts/disa.plus.lua
+++ b/resources/install/scripts/disa.plus.lua
@@ -34,8 +34,14 @@ digit_timeout = "5000";
 	require "resources.functions.config";
 
 --connect to the database
-	require "resources.functions.database_handle";
-	dbh = database_handle('system');
+	local Database = require "resources.functions.database";
+	dbh = Database.new('system');
+
+--include json library
+	local json
+	if (debug["sql"]) then
+		json = require "resources.functions.lunajson"
+	end
 
 	api = freeswitch.API();
 
@@ -134,15 +140,14 @@ if ( session:ready() ) then
 	--if pinless then look the caller number in contacts
 		if (pinless) then
 			-- look the caller number
-			sql = "select v_contacts.* from v_contacts inner join v_contact_settings s1 using (contact_uuid)   where s1.contact_setting_category = 'calling card' and s1.contact_setting_subcategory='pinless' and s1.contact_setting_name='phonenumber' and s1.contact_setting_value='"..caller_id_number.."'";
-
-			status = dbh:query(sql, function(row)
-                               	domain_uuid = row.domain_uuid;
+			local sql = "select v_contacts.* from v_contacts inner join v_contact_settings s1 using (contact_uuid)   where s1.contact_setting_category = 'calling card' and s1.contact_setting_subcategory='pinless' and s1.contact_setting_name='phonenumber' and s1.contact_setting_value=:caller_id_number";
+			local params = {caller_id_number = caller_id_number};
+			dbh:query(sql, params, function(row)
+				domain_uuid = row.domain_uuid;
 				contact_uuid = row.contact_uuid;
 				freeswitch.consoleLog("NOTICE", "[disa] domain_uuid "..row.domain_uuid.."\n");
 				freeswitch.consoleLog("NOTICE", "[disa] contact_uuid "..row.contact_uuid.."\n");
 			end);
-
 		else
 			--else if the pin number is provided then require it
 
@@ -156,6 +161,7 @@ if ( session:ready() ) then
 			pin_digits = session:playAndGetDigits(pin_min_length, pin_max_length, max_tries, digit_timeout, "#", sounds_dir.."/"..default_language.."/"..default_dialect.."/"..default_voice.."/"..sound_pin, "", "\\d+");
 			freeswitch.consoleLog("notice", "[disa] pig_digits "..pin_digits.."\n");
 
+			local sql, params;
 			if (pin_number) then
 				--pin number is fixed
 				freeswitch.consoleLog("notice", "[disa] pin_number "..pin_number.."\n");
@@ -168,18 +174,20 @@ if ( session:ready() ) then
 					session:hangup("NORMAL_CLEARING");
 					return;
 				end
-				sql = "select v_contacts.* from v_contacts inner join v_contact_settings s1 using (contact_uuid) where s1.contact_setting_category = 'calling card' and s1.contact_setting_subcategory='authentication' and s1.contact_setting_name='username' and s1.contact_setting_value='"..reference_number.."'";
+				sql = "select v_contacts.* from v_contacts inner join v_contact_settings s1 using (contact_uuid) where s1.contact_setting_category = 'calling card' and s1.contact_setting_subcategory='authentication' and s1.contact_setting_name='username' and s1.contact_setting_value=:reference_number";
+				params = {reference_number = reference_number};
 			else
-				sql = "select v_contacts.* from v_contacts inner join v_contact_settings s1 using (contact_uuid) inner join v_contact_settings s2 using (contact_uuid)   where s1.contact_setting_category = 'calling card' and s1.contact_setting_subcategory='authentication' and s1.contact_setting_name='username' and s1.contact_setting_value='"..reference_number.."' and s2.contact_setting_category='calling card' and s2.contact_setting_subcategory='authentication' and s2.contact_setting_name='password' and s2.contact_setting_value='"..pin_digits.."'";
+				sql = "select v_contacts.* from v_contacts inner join v_contact_settings s1 using (contact_uuid) inner join v_contact_settings s2 using (contact_uuid)   where s1.contact_setting_category = 'calling card' and s1.contact_setting_subcategory='authentication' and s1.contact_setting_name='username' and s1.contact_setting_value=:reference_number and s2.contact_setting_category='calling card' and s2.contact_setting_subcategory='authentication' and s2.contact_setting_name='password' and s2.contact_setting_value=:pin_digits";
+				params = {reference_number = reference_number, pin_digits = pin_digits};
 			end
 
 			-- look in db for correct pin number
 			if (debug["sql"]) then
-				freeswitch.consoleLog("notice", "[disa] "..sql.."\n");
+				freeswitch.consoleLog("notice", "[disa] SQL: "..sql.."; params: " .. json.encode(params) .. "\n");
 			end
 
-			status = dbh:query(sql, function(row)
-       	                       	domain_uuid = row.domain_uuid;
+			dbh:query(sql, params, function(row)
+				domain_uuid = row.domain_uuid;
 				contact_uuid = row.contact_uuid;
 				freeswitch.consoleLog("NOTICE", "[disa] domain_uuid "..row.domain_uuid.."\n");
 				freeswitch.consoleLog("NOTICE", "[disa] contact_uuid "..row.contact_uuid.."\n");