diff --git a/hive/server/condenser_api/cursor.py b/hive/server/condenser_api/cursor.py
index f93c46d9401f83bd3bbab324651efd37a508de53..eb15fb644a90d19868e97d65d1ff9bd8631e23e8 100644
--- a/hive/server/condenser_api/cursor.py
+++ b/hive/server/condenser_api/cursor.py
@@ -28,11 +28,9 @@ async def get_reblogged_by(db, author: str, permlink: str):
         names.remove(author)
     return names
 
-async def get_data(db, sql:str, truncate_body: int = 0):
-    result = await db.query_all(sql); 
-
+async def process_posts(db, sql_result, truncate_body: int = 0):
     posts = []
-    for row in result:
+    for row in sql_result:
         row = dict(row)
         post = _condenser_post_object(row, truncate_body=truncate_body)
 
@@ -43,20 +41,24 @@ async def get_data(db, sql:str, truncate_body: int = 0):
 
 async def get_by_blog_without_reblog(db, account: str, start_permlink: str = '', limit: int = 20, truncate_body: int = 0):
   """Get a list of posts for an author's blog without reblogs."""
-  sql = " SELECT * FROM condenser_get_by_blog_without_reblog( '{}', '{}', {} ) ".format( account, start_permlink, limit )
-  return await get_data(db, sql, truncate_body )
+  sql = "SELECT * FROM condenser_get_by_blog_without_reblog( (:author)::VARCHAR, (:permlink)::VARCHAR, :limit )"
+  result = await db.query_all(sql, author=account, permlink=start_permlink, limit=limit);
+  return await process_posts(db, result, truncate_body)
 
 async def get_by_account_comments(db, account: str, start_permlink: str = '', limit: int = 20, truncate_body: int = 0):
   """Get a list of posts representing comments by an author."""
-  sql = " SELECT * FROM condenser_get_by_account_comments( '{}', '{}', {} ) ".format( account, start_permlink, limit )
-  return await get_data(db, sql, truncate_body )
+  sql = "SELECT * FROM condenser_get_by_account_comments( (:author)::VARCHAR, (:permlink)::VARCHAR, :limit )"
+  result = await db.query_all(sql, author=account, permlink=start_permlink, limit=limit);
+  return await process_posts(db, result, truncate_body)
 
 async def get_by_replies_to_account(db, start_author: str, start_permlink: str = '', limit: int = 20, truncate_body: int = 0):
   """Get a list of posts representing replies to an author."""
-  sql = " SELECT * FROM condenser_get_by_replies_to_account( '{}', '{}', {} ) ".format( start_author, start_permlink, limit )
-  return await get_data(db, sql, truncate_body )
+  sql = "SELECT * FROM condenser_get_by_replies_to_account( (:author)::VARCHAR, (:permlink)::VARCHAR, :limit )"
+  result = await db.query_all(sql, author=start_author, permlink=start_permlink, limit=limit);
+  return await process_posts(db, result, truncate_body)
 
 async def get_by_blog(db, account: str = '', start_author: str = '', start_permlink: str = '', limit: int = 20):
   """Get a list of posts for an author's blog."""
-  sql = " SELECT * FROM condenser_get_by_blog( '{}', '{}', '{}', {} ) ".format( account, start_author, start_permlink, limit )
-  return await get_data(db, sql )
+  sql = "SELECT * FROM condenser_get_by_blog( (:account)::VARCHAR, (:author)::VARCHAR, (:permlink)::VARCHAR, :limit )"
+  result = await db.query_all(sql, account=account, author=start_author, permlink=start_permlink, limit=limit);
+  return await process_posts(db, result)
diff --git a/hive/server/condenser_api/methods.py b/hive/server/condenser_api/methods.py
index fedd8c81f19f11fbaf16404d9c925f84132b5c0d..f94b8d066400978132179c9aca969a13c4537ce9 100644
--- a/hive/server/condenser_api/methods.py
+++ b/hive/server/condenser_api/methods.py
@@ -378,8 +378,11 @@ async def get_discussions_by_comments(context, start_author: str = None, start_p
 async def get_replies_by_last_update(context, start_author: str = None, start_permlink: str = '',
                                      limit: int = 20, truncate_body: int = 0):
     """Get all replies made to any of author's posts."""
-    assert start_author, '`start_author` cannot be blank'
-
+    # note that in this call start_author has dual meaning:
+    # - when there is only start_author it means account that authored posts that we seek replies to
+    # - when there is also start_permlink it points to one of replies (last post of previous page) and
+    #   we'll be getting account like above in form of author of parent post to the post pointed by
+    #   given start_author+start_permlink
     return await cursor.get_by_replies_to_account(
         context['db'],
         valid_account(start_author),