diff --git a/server/routes.py b/server/routes.py
index bab7594..22315a0 100644
--- a/server/routes.py
+++ b/server/routes.py
@@ -1,5 +1,4 @@
-
-from flask import request, render_template, make_response
+from flask import request, render_template
 
 from server.webapp import flaskapp, cursor
 from server.models import Book
@@ -13,13 +12,15 @@ def index():
 
     if name:
         cursor.execute(
-            "SELECT * FROM books WHERE name LIKE '%" + name + "%'"
+            "SELECT * FROM books WHERE name LIKE %(name)s",
+            {'name': f'%{name}%'}
         )
         books = [Book(*row) for row in cursor]
 
     elif author:
         cursor.execute(
-            "SELECT * FROM books WHERE author LIKE '%" + author + "%'"
+            "SELECT * FROM books WHERE author LIKE %(author)s",
+            {'author': f'%{author}%'}
         )
         books = [Book(*row) for row in cursor]