diff --git a/src/db/roomstore.ts b/src/db/roomstore.ts
index 5d61937135217419ae2010e8d30406f534b56d41..804dd4f804ab71b0cc05ab30d9c4af7f52b6e724 100644
--- a/src/db/roomstore.ts
+++ b/src/db/roomstore.ts
@@ -19,7 +19,6 @@ import { IDatabaseConnector } from "./connector";
 import * as uuid from "uuid/v4";
 
 const log = new Log("DbRoomStore");
-const ROOM_ID_REGEX = /!([A-z]|_)+:(\d|[A-z]|-|\.|\:)+/;
 
 /**
  * A RoomStore compatible with
@@ -188,17 +187,10 @@ export class DbRoomStore {
     }
 
     public async getEntriesByMatrixIds(matrixIds: string[]): Promise<IRoomStoreEntry[]> {
-        // Validate matrixIds to prevent injections.
-        matrixIds = matrixIds.filter((id) => {
-            if (!ROOM_ID_REGEX.exec(id)) {
-                log.warn(`${id} was excluded for not looking like a real roomID`);
-                return false;
-            }
-            return true;
-        });
-        const entries = await this.db.All(
-            `SELECT * FROM room_entries WHERE matrix_id IN ('${matrixIds.join("','")}')`,
-        );
+        const mxIdMap = { };
+        matrixIds.forEach((mxId, i) => mxIdMap[i] = mxId);
+        const sql = `SELECT * FROM room_entries WHERE matrix_id IN (${matrixIds.map((_, id) => `\$${id}`).join(", ")})`;
+        const entries = await this.db.All(sql, mxIdMap);
         const res: IRoomStoreEntry[] = [];
         for (const entry of entries) {
             let remote: RemoteStoreRoom|null = null;