diff --git a/gamespy/gs_database.py b/gamespy/gs_database.py
index c33dc14..0b6d6d3 100644
--- a/gamespy/gs_database.py
+++ b/gamespy/gs_database.py
@@ -367,12 +367,12 @@ class GamespyDatabase(object):
 
         Start replacing each field one by one.
         TODO: Optimize this so it's done all in one update.
-        FIXME: Possible security issue due to embedding an unsanitized
-        string directly into the statement.
+        TODO: Check if other values than firstname/lastname are set using this
         """
-        with Transaction(self.conn) as tx:
-            q = "UPDATE users SET \"%s\" = ? WHERE profileid = ?"
-            tx.nonquery(q % field[0], (field[1], profileid))
+        if field[0] in ["firstname", "lastname"]:
+            with Transaction(self.conn) as tx:
+                q = "UPDATE users SET \"%s\" = ? WHERE profileid = ?"
+                tx.nonquery(q % field[0], (field[1], profileid))
 
     # Session functions
     # TODO: Cache session keys so we don't have to query the database every