diff --git a/src/main/java/com/topcoder/dal/DBAccessor.java b/src/main/java/com/topcoder/dal/DBAccessor.java
index 240bf52..a6ca450 100644
--- a/src/main/java/com/topcoder/dal/DBAccessor.java
+++ b/src/main/java/com/topcoder/dal/DBAccessor.java
@@ -126,7 +126,7 @@ private Row rawQueryMapper(ResultSet rs, int rowNum) throws SQLException {
                 case java.sql.Types.BIGINT -> valueBuilder.setLongValue(rs.getLong(i + 1));
                 case java.sql.Types.FLOAT -> valueBuilder.setFloatValue(rs.getFloat(i + 1));
                 case java.sql.Types.DOUBLE -> valueBuilder.setDoubleValue(rs.getDouble(i + 1));
-                case java.sql.Types.VARCHAR ->
+                case java.sql.Types.VARCHAR, java.sql.Types.CHAR ->
                     valueBuilder.setStringValue(Objects.requireNonNullElse(rs.getString(i + 1), ""));
                 case java.sql.Types.BOOLEAN -> valueBuilder.setBooleanValue(rs.getBoolean(i + 1));
                 case java.sql.Types.DATE, java.sql.Types.TIMESTAMP -> valueBuilder
diff --git a/src/main/java/com/topcoder/dal/util/QueryHelper.java b/src/main/java/com/topcoder/dal/util/QueryHelper.java
index 74a2456..99cee51 100644
--- a/src/main/java/com/topcoder/dal/util/QueryHelper.java
+++ b/src/main/java/com/topcoder/dal/util/QueryHelper.java
@@ -192,7 +192,7 @@ public static String sanitizeSQLStatement(String sql) {
         }
 
         // Limit the length of the SQL statement to prevent very long strings
-        if (sql.length() > 1000) {
+        if (sql.length() > 2000) {
             throw new IllegalArgumentException("SQL statement length exceeds the allowed limit");
         }
 
@@ -200,7 +200,8 @@ public static String sanitizeSQLStatement(String sql) {
         StringBuilder safeSQL = new StringBuilder();
         for (char c : sql.toCharArray()) {
             if (Character.isLetterOrDigit(c) || c == ' ' || c == ',' || c == '(' || c == ')' || c == '=' || c == '<'
-                    || c == '>' || c == '_' || c == ':' || c == '.' || c == '-' || c == '+' || c == '*' || c == '\'') {
+                    || c == '>' || c == '_' || c == ':' || c == '.' || c == '-' || c == '+' || c == '*' || c == '\''
+                    || c == '!') {
                 safeSQL.append(c);
             }
         }
@@ -208,7 +209,7 @@ public static String sanitizeSQLStatement(String sql) {
 
         // replace single quotes with two single quotes to prevent SQL injection through
         // strings
-        sql = sql.replace("'", "''");
+        // sql = sql.replace("'", "''");
 
         return sql;
     }