diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0f1e7f2..aa19ffb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 --- develop ---
 
+* issue#261: Parameterize domain stripping update query in syslog incoming processing
 * issue: Making changes to support Cacti 1.3
 * issue: Don't use MyISAM for non-analytical tables
 * issue: The install advisor for Syslog was broken in current Cacti releases
diff --git a/functions.php b/functions.php
index 9bd3223..24666b0 100644
--- a/functions.php
+++ b/functions.php
@@ -1757,10 +1757,17 @@ function syslog_strip_incoming_domains($uniqueID) {
 		$domains = explode(',', trim($syslog_domains));
 
 		foreach($domains as $domain) {
-			syslog_db_execute('UPDATE `' . $syslogdb_default . "`.`syslog_incoming`
+			$domain = trim($domain);
+
+			if ($domain == '') {
+				continue;
+			}
+
+			syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . '`.`syslog_incoming`
 				SET host = SUBSTRING_INDEX(host, '.', 1)
-				WHERE host LIKE '%$domain'
-				AND `status` = $uniqueID");
+				WHERE host LIKE ?
+				AND `status` = ?',
+				array('%' . $domain, $uniqueID));
 		}
 	}
 }
@@ -2421,4 +2428,3 @@ function alert_replace_variables($alert, $results, $hostname = '') {
 
 	return $command;
 }
-
diff --git a/tests/regression/issue261_domain_strip_parameterized_test.php b/tests/regression/issue261_domain_strip_parameterized_test.php
new file mode 100644
index 0000000..ec3d8fd
--- /dev/null
+++ b/tests/regression/issue261_domain_strip_parameterized_test.php
@@ -0,0 +1,27 @@
+<?php
+
+$functions = file_get_contents(dirname(__DIR__, 2) . '/functions.php');
+
+if ($functions === false) {
+	fwrite(STDERR, "Failed to load functions.php\n");
+	exit(1);
+}
+
+if (strpos($functions, "WHERE host LIKE '%\$domain'") !== false) {
+	fwrite(STDERR, "Legacy interpolated domain LIKE clause is still present.\n");
+	exit(1);
+}
+
+if (strpos($functions, 'AND `status` = $uniqueID') !== false) {
+	fwrite(STDERR, "Legacy interpolated status filter is still present.\n");
+	exit(1);
+}
+
+if (strpos($functions, "WHERE host LIKE ?") === false ||
+	strpos($functions, "AND `status` = ?") === false ||
+	strpos($functions, "array('%' . \$domain, \$uniqueID)") === false) {
+	fwrite(STDERR, "Expected parameterized domain strip query is missing.\n");
+	exit(1);
+}
+
+echo "issue261_domain_strip_parameterized_test passed\n";