diff --git a/src/main/java/org/qortal/repository/hsqldb/HSQLDBBlockRepository.java b/src/main/java/org/qortal/repository/hsqldb/HSQLDBBlockRepository.java
index c9d9de50..563148fd 100644
--- a/src/main/java/org/qortal/repository/hsqldb/HSQLDBBlockRepository.java
+++ b/src/main/java/org/qortal/repository/hsqldb/HSQLDBBlockRepository.java
@@ -382,6 +382,8 @@ public class HSQLDBBlockRepository implements BlockRepository {
 	@Override
 	public List<BlockInfo> getBlockInfos(Integer startHeight, Integer endHeight, Integer count) throws DataException {
 		StringBuilder sql = new StringBuilder(512);
+		List<Object> bindParams = new ArrayList<>();
+
 		sql.append("SELECT signature, height, minted_when, transaction_count, RewardShares.minter ");
 
 		/*
@@ -400,10 +402,9 @@ public class HSQLDBBlockRepository implements BlockRepository {
 		if (startHeight != null && endHeight != null) {
 			sql.append("FROM Blocks ");
 			sql.append("JOIN RewardShares ON RewardShares.reward_share_public_key = Blocks.minter ");
-			sql.append("WHERE height BETWEEN ");
-			sql.append(startHeight);
-			sql.append(" AND ");
-			sql.append(endHeight - 1);
+			sql.append("WHERE height BETWEEN ? AND ?");
+			bindParams.add(startHeight);
+			bindParams.add(Integer.valueOf(endHeight - 1));
 		} else if (endHeight != null || (startHeight == null && count != null)) {
 			// we are going to return blocks from the end of the chain
 			if (count == null)
@@ -411,17 +412,15 @@ public class HSQLDBBlockRepository implements BlockRepository {
 
 			if (endHeight == null) {
 				sql.append("FROM (SELECT height FROM Blocks ORDER BY height DESC LIMIT 1) AS MaxHeights (max_height) ");
-				sql.append("JOIN Blocks ON height BETWEEN (max_height - ");
-				sql.append(count);
-				sql.append(" + 1) AND max_height ");
+				sql.append("JOIN Blocks ON height BETWEEN (max_height - ? + 1) AND max_height ");
 				sql.append("JOIN RewardShares ON RewardShares.reward_share_public_key = Blocks.minter");
+				bindParams.add(count);
 			} else {
 				sql.append("FROM Blocks ");
 				sql.append("JOIN RewardShares ON RewardShares.reward_share_public_key = Blocks.minter ");
-				sql.append("WHERE height BETWEEN ");
-				sql.append(endHeight - count);
-				sql.append(" AND ");
-				sql.append(endHeight - 1);
+				sql.append("WHERE height BETWEEN ? AND ?");
+				bindParams.add(Integer.valueOf(endHeight - count));
+				bindParams.add(Integer.valueOf(endHeight - 1));
 			}
 
 		} else {
@@ -434,15 +433,14 @@ public class HSQLDBBlockRepository implements BlockRepository {
 
 			sql.append("FROM Blocks ");
 			sql.append("JOIN RewardShares ON RewardShares.reward_share_public_key = Blocks.minter ");
-			sql.append("WHERE height BETWEEN ");
-			sql.append(startHeight);
-			sql.append(" AND ");
-			sql.append(startHeight + count - 1);
+			sql.append("WHERE height BETWEEN ? AND ?");
+			bindParams.add(startHeight);
+			bindParams.add(Integer.valueOf(startHeight + count - 1));
 		}
 
 		List<BlockInfo> blockInfos = new ArrayList<>();
 
-		try (ResultSet resultSet = this.repository.checkedExecute(sql.toString())) {
+		try (ResultSet resultSet = this.repository.checkedExecute(sql.toString(), bindParams.toArray())) {
 			if (resultSet == null)
 				return blockInfos;
 
diff --git a/src/test/java/org/qortal/test/api/BlockApiTests.java b/src/test/java/org/qortal/test/api/BlockApiTests.java
index 384c9858..a664fa8b 100644
--- a/src/test/java/org/qortal/test/api/BlockApiTests.java
+++ b/src/test/java/org/qortal/test/api/BlockApiTests.java
@@ -9,6 +9,7 @@ import java.util.List;
 import org.junit.Before;
 import org.junit.Test;
 import org.qortal.account.PrivateKeyAccount;
+import org.qortal.api.ApiError;
 import org.qortal.api.resource.BlocksResource;
 import org.qortal.block.GenesisBlock;
 import org.qortal.repository.DataException;
@@ -82,6 +83,19 @@ public class BlockApiTests extends ApiCommon {
 	@Test
 	public void testGetBlockRange() {
 		assertNotNull(this.blocksResource.getBlockRange(1, 1));
+
+		List<Integer> testValues = Arrays.asList(null, Integer.valueOf(1));
+
+		for (Integer startHeight : testValues)
+			for (Integer endHeight : testValues)
+				for (Integer count : testValues) {
+					if (startHeight != null && endHeight != null && count != null) {
+						assertApiError(ApiError.INVALID_CRITERIA, () -> this.blocksResource.getBlockRange(startHeight, endHeight, count));
+						continue;
+					}
+
+					assertNotNull(this.blocksResource.getBlockRange(startHeight, endHeight, count));
+				}
 	}
 
 	@Test