diff --git a/internal/storage/sqlite.go b/internal/storage/sqlite.go
index c6e585e..072ca65 100644
--- a/internal/storage/sqlite.go
+++ b/internal/storage/sqlite.go
@@ -292,6 +292,13 @@ func (s *SQLiteStore) GetTopIPs(ctx context.Context, limit int) ([]TopEntry, err
 }
 
 func (s *SQLiteStore) queryTopN(ctx context.Context, column string, limit int) ([]TopEntry, error) {
+	switch column {
+	case "username", "password", "ip":
+		// valid columns
+	default:
+		return nil, fmt.Errorf("invalid column: %s", column)
+	}
+
 	query := fmt.Sprintf(`
 		SELECT %s, SUM(count) AS total
 		FROM login_attempts