diff --git a/backend/internal/database/query.sql.go b/backend/internal/database/query.sql.go
index 4cc90a6..9b222a4 100644
--- a/backend/internal/database/query.sql.go
+++ b/backend/internal/database/query.sql.go
@@ -231,7 +231,12 @@ func (q *Queries) DeleteUserByUsername(ctx context.Context, username string) err
 
 const getConfirmationCodeByCode = `-- name: GetConfirmationCodeByCode :one
 SELECT id, user_id, code_type, code_hash, expires_at, used, deleted FROM confirmation_codes
-WHERE user_id = $1 AND code_type = $2 AND expires_at > CURRENT_TIMESTAMP AND code_hash = crypt($3::text, code_hash)
+WHERE 
+  user_id = $1 AND
+  code_type = $2 AND
+  expires_at > CURRENT_TIMESTAMP AND
+  used IS FALSE AND
+  code_hash = crypt($3::text, code_hash)
 `
 
 type GetConfirmationCodeByCodeParams struct {
diff --git a/sqlc/query.sql b/sqlc/query.sql
index 3e50d95..5a9df02 100644
--- a/sqlc/query.sql
+++ b/sqlc/query.sql
@@ -117,7 +117,12 @@ VALUES ($1, $2, crypt(@code::text, gen_salt('bf'))) RETURNING *;
 
 ;-- name: GetConfirmationCodeByCode :one
 SELECT * FROM confirmation_codes
-WHERE user_id = $1 AND code_type = $2 AND expires_at > CURRENT_TIMESTAMP AND code_hash = crypt(@code::text, code_hash);
+WHERE 
+  user_id = $1 AND
+  code_type = $2 AND
+  expires_at > CURRENT_TIMESTAMP AND
+  used IS FALSE AND
+  code_hash = crypt(@code::text, code_hash);
 
 ;-- name: UpdateConfirmationCode :exec
 UPDATE confirmation_codes