From 0c5ba4573aecc9eaed669e9431a70a5d9f184b8d Mon Sep 17 00:00:00 2001
From: Unknwon <joe2010xtmf@163.com>
Date: Tue, 4 Nov 2014 11:37:15 -0500
Subject: fix session API broken and SQL pretection

---
 models/user.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'models/user.go')

diff --git a/models/user.go b/models/user.go
index ce85008b..e7e6ed40 100644
--- a/models/user.go
+++ b/models/user.go
@@ -581,7 +581,7 @@ func SearchUserByName(opt SearchOption) (us []*User, err error) {
 	opt.Keyword = strings.ToLower(opt.Keyword)
 
 	us = make([]*User, 0, opt.Limit)
-	err = x.Limit(opt.Limit).Where("type=0").And("lower_name like '%" + opt.Keyword + "%'").Find(&us)
+	err = x.Limit(opt.Limit).Where("type=0").And("lower_name like ?", "%"+opt.Keyword+"%").Find(&us)
 	return us, err
 }
 
-- 
cgit v1.2.3