diff --git a/app/controllers/forums_controller.rb b/app/controllers/forums_controller.rb
index f3ebfad88..3b8b4b928 100644
--- a/app/controllers/forums_controller.rb
+++ b/app/controllers/forums_controller.rb
@@ -166,10 +166,10 @@ class ForumsController < ApplicationController
 
   def search_forum
     # @forums = paginateHelper Forum.where("name LIKE '%#{params[:name]}%'")
-    name = params[:name]
-    (redirect_to forums_path, :notice => l(:label_sumbit_empty);return) if name.blank?
+    q = "%#{params[:name].strip}%"
+    (redirect_to forums_path, :notice => l(:label_sumbit_empty);return) if params[:name].blank?
     @offset, @limit = api_offset_and_limit({:limit => 10})
-    @forums_all = Forum.where("name LIKE '%#{params[:name]}%'")
+    @forums_all = Forum.where("name LIKE ?", q)
     @forums_count = @forums_all.count
     @forums_pages = Paginator.new @forums_count, @limit, params['page']
 
@@ -185,11 +185,13 @@ class ForumsController < ApplicationController
   end
 
   def search_memo
+    q = "%#{params[:name].strip}%"
+
     limit = PageLimit
     @memo = Memo.new
     @offset, @limit = api_offset_and_limit({:limit => limit})
     @forum = Forum.find(params[:id])
-    @memos_all = @forum.topics.where("subject LIKE '%#{params[:name]}%'")
+    @memos_all = @forum.topics.where("subject LIKE ?", q)
     @topic_count = @memos_all.count
     @topic_pages = Paginator.new @topic_count, @limit, params['page']
     
diff --git a/app/controllers/school_controller.rb b/app/controllers/school_controller.rb
index c8b495fe2..3fb42b64d 100644
--- a/app/controllers/school_controller.rb
+++ b/app/controllers/school_controller.rb
@@ -98,10 +98,11 @@ class SchoolController < ApplicationController
   end
   
   def search_school
+    q = "%#{params[:key_word].strip}%"
     if params[:province].nil? or params[:province] == "0"
-      @school = School.where("name LIKE '%"+params[:key_word]+"%'");
+      @school = School.where("name LIKE ?", q);
     else  
-      @school = School.where("province = ? AND name LIKE '%"+params[:key_word]+"%'", params[:province]);
+      @school = School.where("province = ? AND name LIKE ?", params[:province], q);
     end
     options = ""
     @school.each do |s|
diff --git a/app/controllers/stores_controller.rb b/app/controllers/stores_controller.rb
index fd0d3cf53..f34e72402 100644
--- a/app/controllers/stores_controller.rb
+++ b/app/controllers/stores_controller.rb
@@ -5,10 +5,10 @@ class StoresController < ApplicationController
   layout 'base_stores'
 
   def search
-    name = params[:name] ||= ''
-    (redirect_to stores_path, :notice => l(:label_sumbit_empty);return) if name.blank?
+    q = "%#{params[:name].strip}%"
+    (redirect_to stores_path, :notice => l(:label_sumbit_empty);return) if params[:name].blank?
 
-    result = find_public_attache name
+    result = find_public_attache q
     @searched_attach = paginateHelper result
     @result_all_count = result.count;
   end
diff --git a/app/views/stores/search.html.erb b/app/views/stores/search.html.erb
index f65f04648..b75656f18 100644
--- a/app/views/stores/search.html.erb
+++ b/app/views/stores/search.html.erb
@@ -79,7 +79,7 @@
     }
   }
   $(document).ready(function($) {
-   $('.cb span').highlight('<%=params[:name]%>');
+   $('.cb span').highlight('<%="#{params[:name].strip}"%>');
 
    $('.a_download_icon').each(function(){
       $(this).mouseenter(function(event) {