From 4358ac4194efb8c4e92de34edf0c2c7711f7bfdf Mon Sep 17 00:00:00 2001
From: Dan Shanahan <leftrightleft@github.com>
Date: Mon, 21 Aug 2023 15:01:58 -0700
Subject: [PATCH] Update routes.py

---
 server/routes.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/server/routes.py b/server/routes.py
index bab7594..22315a0 100644
--- a/server/routes.py
+++ b/server/routes.py
@@ -1,5 +1,4 @@
-
-from flask import request, render_template, make_response
+from flask import request, render_template
 
 from server.webapp import flaskapp, cursor
 from server.models import Book
@@ -13,13 +12,15 @@ def index():
 
     if name:
         cursor.execute(
-            "SELECT * FROM books WHERE name LIKE '%" + name + "%'"
+            "SELECT * FROM books WHERE name LIKE %(name)s",
+            {'name': f'%{name}%'}
         )
         books = [Book(*row) for row in cursor]
 
     elif author:
         cursor.execute(
-            "SELECT * FROM books WHERE author LIKE '%" + author + "%'"
+            "SELECT * FROM books WHERE author LIKE %(author)s",
+            {'author': f'%{author}%'}
         )
         books = [Book(*row) for row in cursor]