diff --git a/storage/postgresql/query.go b/storage/postgresql/query.go
index 8ead377..c7f173e 100644
--- a/storage/postgresql/query.go
+++ b/storage/postgresql/query.go
@@ -32,7 +32,7 @@ func (b PostgresBackend) QueryEvents(filter *nostr.Filter) (events []nostr.Event
 			// to prevent sql attack here we will check if
 			// these ids are valid 32byte hex
 			parsed, err := hex.DecodeString(id)
-			if err != nil || len(parsed) <= 32 {
+			if err != nil || len(parsed) != 32 {
 				continue
 			}
 			likeids = append(likeids, fmt.Sprintf("id LIKE '%x%%'", parsed))