diff --git a/api.php b/api.php
index 43eb733..8b30184 100755
--- a/api.php
+++ b/api.php
@@ -791,8 +791,8 @@ if ($q == "getAddress") {
 } elseif ($q === "assetBalance"){
 
     $asset = san($data['asset']);
-    $public_key = $data['public_key'];
-    $account = $data['account'];
+    $public_key = san($data['public_key']);
+    $account = san($data['account']);
     if (!empty($public_key) && strlen($public_key) < 32) {
         api_err("Invalid public key");
     }
@@ -803,8 +803,11 @@ if ($q == "getAddress") {
     if(empty($asset)&&empty($account)){
         api_err("An asset or an account are necessary");
     }
-    $account = san($account);
 
+    if(isset($asset)&&isset($account)){
+        api_err("Choose account or asset parameter");
+    }
+    
     $whr="WHERE assets_balance.";
     $bind=[];
     if(!empty($asset)){