RaedAffes · RaedAffes · Mar 3, 2025
diff --git a/server/routes.py b/server/routes.py
@@ -13,7 +13,7 @@
 
     if name:
         cursor.execute(
-            "SELECT * FROM books WHERE name LIKE '%" + name + "%'"
+            "SELECT * FROM books WHERE name LIKE '%" + name + "%' "
@@ -15,3 +15,3 @@
        cursor.execute(
-            "SELECT * FROM books WHERE name LIKE '%" + name + "%' "
+            "SELECT * FROM books WHERE name LIKE %s", ('%' + name + '%',)
        )
@@ -15,3 +15,3 @@
        cursor.execute(
-            "SELECT * FROM books WHERE name LIKE '%" + name + "%' "
+            "SELECT * FROM books WHERE name LIKE %s", ('%' + name + '%',)
        )
         )
         books = [Book(*row) for row in cursor]