diff --git a/server/routes.py b/server/routes.py
index bab7594..40b0b0d 100644
--- a/server/routes.py
+++ b/server/routes.py
@@ -19,7 +19,7 @@ def index():
 
     elif author:
         cursor.execute(
-            "SELECT * FROM books WHERE author LIKE '%" + author + "%'"
+            "SELECT * FROM books WHERE author LIKE %s", ('%' + author + '%',)
         )
         books = [Book(*row) for row in cursor]