diff --git a/bin/SQLInjectionDetection.py b/bin/SQLInjectionDetection.py
index 62c1b0b4..b2d002fe 100755
--- a/bin/SQLInjectionDetection.py
+++ b/bin/SQLInjectionDetection.py
@@ -42,11 +42,11 @@ word_injection.append(word_injection3)
 
 # Suspect char
 word_injection_suspect1 = ["\'", "\"", ";", "<", ">"]
-word_injection_suspect.append(word_injection_suspect1)
+word_injection_suspect += word_injection_suspect1
 
 # Comment
 word_injection_suspect2 = ["--", "#", "/*"]
-word_injection_suspect.append(word_injection_suspect2)
+word_injection_suspect += word_injection_suspect2
 
 def analyse(url, path):
     faup.decode(url)