diff --git a/constraints/constraint_delay.inc b/constraints/constraint_delay.inc
index c6612c5..aefb2af 100644
--- a/constraints/constraint_delay.inc
+++ b/constraints/constraint_delay.inc
@@ -29,7 +29,8 @@ function password_policy_constraint_delay_error($constraint) {
  * Password validation.
  */
 function password_policy_constraint_delay_validate($password, $constraint, $uid) {
-  $last_change = db_result(db_query_range("SELECT MAX(created) FROM {password_policy_history} WHERE uid = %d", $uid, 0, 1));
+  $result = db_query_range("SELECT MAX(created) as created FROM {password_policy_history} WHERE uid = :uid", 0, 1, array(':uid' => $uid));
+  $last_change = $result->fetchField();
   if (!empty($last_change)) {
     // Constraint is set in hours, so it gets converted to seconds with *60*60.
     return time() - ($constraint*60*60) > $last_change;