diff --git a/src/org/openbravo/retail/posterminal/master/LoadedCustomer.java b/src/org/openbravo/retail/posterminal/master/LoadedCustomer.java
--- a/src/org/openbravo/retail/posterminal/master/LoadedCustomer.java
+++ b/src/org/openbravo/retail/posterminal/master/LoadedCustomer.java
@@ -10,7 +10,9 @@
 package org.openbravo.retail.posterminal.master;
 
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import javax.enterprise.inject.Any;
 import javax.enterprise.inject.Instance;
@@ -50,19 +52,27 @@
         + bpartnerHQLProperties.getHqlSelect() //
         + "FROM BusinessPartnerLocation AS bpl left outer join bpl.businessPartner.aDUserList AS ulist "
         + "left outer join bpl.businessPartner.priceList AS plist "
-        + "Where bpl.businessPartner.id='"
-        + jsonsent.getJSONObject("parameters").getJSONObject("bpartnerId").get("value")
-        + "'"
+        + "Where bpl.businessPartner.id=:businessPartnerId and :bpLocId=:bpLocId"
         + " and bpl.id in (select max(bpls.id) as bpLocId from BusinessPartnerLocation AS bpls where bpls.businessPartner.id=bpl.businessPartner.id and bpls.invoiceToAddress = true and bpls.$readableSimpleClientCriteria AND "
         + " bpls.$naturalOrgCriteria group by bpls.businessPartner.id)"
         + " and (ulist.id in (select max(ulist2.id) from ADUser as ulist2 where ulist2.businessPartner=bpl.businessPartner  group by ulist2.businessPartner))"
         + " ORDER BY bpl.businessPartner.name";
     customers.add(hql);
     hql = "select" + bpartnerLocHQLProperties.getHqlSelect()
-        + "from BusinessPartnerLocation AS bploc " + "Where bploc.id='"
-        + jsonsent.getJSONObject("parameters").getJSONObject("bpLocationId").get("value") + "'"
-        + "ORDER BY bploc.locationAddress.addressLine1";
+        + "from BusinessPartnerLocation AS bploc "
+        + "Where bploc.id=:bpLocId and :businessPartnerId=:businessPartnerId"
+        + " ORDER BY bploc.locationAddress.addressLine1";
     customers.add(hql);
     return customers;
   }
+
+  @Override
+  protected Map<String, Object> getParameterValues(JSONObject jsonsent) throws JSONException {
+    Map<String, Object> paramValues = new HashMap<String, Object>();
+    paramValues.put("businessPartnerId",
+        jsonsent.getJSONObject("parameters").getJSONObject("bpartnerId").get("value"));
+    paramValues.put("bpLocId", jsonsent.getJSONObject("parameters").getJSONObject("bpLocationId")
+        .get("value"));
+    return paramValues;
+  }
 }