diff --git a/app/queries/weapps/subject_query.rb b/app/queries/weapps/subject_query.rb
index 0a3c9beb2..7c7922a2a 100644
--- a/app/queries/weapps/subject_query.rb
+++ b/app/queries/weapps/subject_query.rb
@@ -21,7 +21,7 @@ class Weapps::SubjectQuery < ApplicationQuery
 
     # 搜索
     if params[:keyword].present?
-      subjects = subjects.where("subjects.name like '%#{params[:keyword]}%'")
+      subjects = subjects.where("subjects.name like :keyword", keyword: "%#{params[:keyword]}%")
     end
 
     subjects = subjects.left_joins(:shixuns, :repertoire).select('subjects.id, subjects.name, subjects.excellent, subjects.stages_count, subjects.status, subjects.homepage_show,