From 85e2eab8c3fdba04bc9436834b39b06f2844509c Mon Sep 17 00:00:00 2001
From: lizanle <491823689@qq.com>
Date: Mon, 14 Dec 2015 10:57:17 +0800
Subject: [PATCH] =?UTF-8?q?=E5=8F=91=E9=80=81=E8=B5=84=E6=BA=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/users_controller.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index c20282a45..d20fbc05c 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1423,7 +1423,8 @@ class UsersController < ApplicationController
   def search_user_course
     @user = User.current
     if !params[:search].nil?
-      @course = @user.courses.where(" #{Course.table_name}.id = #{params[:search].to_i } or #{Course.table_name}.name like '%#{params[:search.to_s]}%'")
+      search = "%#{params[:search].to_s.strip.downcase}%"
+      @course = @user.courses.where(" #{Course.table_name}.id = #{params[:search].to_i } or #{Course.table_name}.name like :p",:p=>search)
       .select { |course|  @user.allowed_to?(:as_teacher,course)}
     else
       @course = @user.courses
@@ -1442,7 +1443,8 @@ class UsersController < ApplicationController
   def search_user_project
     @user = User.current
     if !params[:search].nil?
-      @projects = @user.projects.where(" #{Project.table_name}.id = #{params[:search].to_i } or #{Project.table_name}.name like '%#{params[:search.to_s]}%'")
+      search = "%#{params[:search].to_s.strip.downcase}%"
+      @projects = @user.projects.where(" #{Project.table_name}.id = #{params[:search].to_i } or #{Project.table_name}.name like :p",:p=>search)
     else
       @projects = @user.projects
     end