diff --git a/server/routes.py b/server/routes.py
index bab7594..193477e 100644
--- a/server/routes.py
+++ b/server/routes.py
@@ -13,13 +13,13 @@ def index():
 
     if name:
         cursor.execute(
-            "SELECT * FROM books WHERE name LIKE '%" + name + "%'"
+            "SELECT * FROM books WHERE name LIKE :name", {'name': f"%{name}%"}
         )
         books = [Book(*row) for row in cursor]
 
     elif author:
         cursor.execute(
-            "SELECT * FROM books WHERE author LIKE '%" + author + "%'"
+            "SELECT * FROM books WHERE author LIKE :author", {'author': f"%{author}%"}
         )
         books = [Book(*row) for row in cursor]