diff --git a/src/fetchCard.php b/src/fetchCard.php
index 29a30ec..1c96c7f 100644
--- a/src/fetchCard.php
+++ b/src/fetchCard.php
@@ -3,8 +3,8 @@ header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
 header("Cache-Control: post-check=0, pre-check=0", false);
 header("Pragma: no-cache");
 if($_GET["pass"]!="737373737361113273") exit;
-$file = 'gdImg/archive/'.$_GET["id"].'.fi.jpeg'; 
+$file = 'gdImg/archive/'.preg_replace("/[^A-Za-z0-9 ]/", '', $_GET["id"]).'.fi.jpeg'; 
 $type = 'image/jpeg'; header('Content-Type:'.$type); header('Content-Length: ' . filesize($file));
 readfile($file);
 unlink($file);
-unlink('gdImg/archive/'.$_GET["id"].'.pp.jpeg');
\ No newline at end of file
+unlink('gdImg/archive/'.$_GET["id"].'.pp.jpeg');