diff --git a/app/controllers/question_banks_controller.rb b/app/controllers/question_banks_controller.rb
index af6305a64..2ad815fc9 100644
--- a/app/controllers/question_banks_controller.rb
+++ b/app/controllers/question_banks_controller.rb
@@ -18,19 +18,17 @@ class QuestionBanksController < ApplicationController
             # 已认证才能获取题库
             if @certification_teacher
               sql = %Q{
-              #{@objects.table_name}.is_public = 1 and concat(#{@objects.table_name}.name, course_lists.name) like
-                    '%#{params[:search]}%'
-                  }
-              @objects.joins(:course_list).where(sql)
+                #{@objects.table_name}.is_public = 1 and concat(#{@objects.table_name}.name, course_lists.name) like :keyword
+              }
+              @objects.joins(:course_list).where(sql, keyword: "%#{params[:search]}%")
             else
               @objects.none
             end
           else
             sql = %Q{
-            #{@objects.table_name}.user_id = #{current_user.id} and concat(#{@objects.table_name}.name, course_lists.name) like
-                    '%#{params[:search]}%'
-                  }
-            @objects.joins(:course_list).where(sql)
+                #{@objects.table_name}.user_id = #{current_user.id} and concat(#{@objects.table_name}.name, course_lists.name) like :keyword
+            }
+            @objects.joins(:course_list).where(sql, keyword: "%#{params[:search]}%")
           end
         else
           if params[:filter] == 'public'