diff --git a/src/infi/clickhouse_orm/database.py b/src/infi/clickhouse_orm/database.py
index c52540a..cb47d02 100644
--- a/src/infi/clickhouse_orm/database.py
+++ b/src/infi/clickhouse_orm/database.py
@@ -274,7 +274,7 @@ class Database(object):
             mapping = dict(db="`%s`" % self.db_name)
             if model_class:
                 mapping['table'] = "`%s`.`%s`" % (self.db_name, model_class.table_name())
-            query = Template(query).substitute(mapping)
+            query = Template(query).safe_substitute(mapping)
         return query
 
     def _get_server_timezone(self):
diff --git a/tests/test_database.py b/tests/test_database.py
index 2eed732..0214f36 100644
--- a/tests/test_database.py
+++ b/tests/test_database.py
@@ -39,6 +39,10 @@ class DatabaseTestCase(TestCaseWithData):
         self.assertEqual(results[0].get_database(), self.database)
         self.assertEqual(results[1].get_database(), self.database)
 
+    def test_dollar_in_select(self):
+        query = "SELECT * FROM $table WHERE first_name = '$utm_source'"
+        list(self.database.select(query, Person))
+
     def test_select_partial_fields(self):
         self._insert_and_check(self._sample_data(), len(data))
         query = "SELECT first_name, last_name FROM `test-db`.person WHERE first_name = 'Whitney' ORDER BY last_name"