From 458c9b104284c89c583283277b0f962a9dc34512 Mon Sep 17 00:00:00 2001
From: harid <harid_pr61@live.rmutl.com>
Date: Tue, 19 May 2026 16:23:29 +0700
Subject: [PATCH] =?UTF-8?q?fix=20=E0=B9=80=E0=B8=A1=E0=B8=99=E0=B8=B9?=
 =?UTF-8?q?=E0=B8=88=E0=B8=B1=E0=B8=94=E0=B8=81=E0=B8=B2=E0=B8=A3=E0=B8=9C?=
 =?UTF-8?q?=E0=B8=B9=E0=B9=89=E0=B9=83=E0=B8=8A=E0=B9=89=E0=B8=87=E0=B8=B2?=
 =?UTF-8?q?=E0=B8=99=20#2471?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/controllers/UserController.ts | 30 ++++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/src/controllers/UserController.ts b/src/controllers/UserController.ts
index 2120dcff..4902ce0f 100644
--- a/src/controllers/UserController.ts
+++ b/src/controllers/UserController.ts
@@ -580,18 +580,27 @@ export class KeycloakController extends Controller {
           new Brackets((qb) => {
             qb.orWhere(
               body.keyword != null && body.keyword != ""
-                ? `profile.citizenId like '%${body.keyword}%'`
+                ? `profile.citizenId LIKE :keyword`
                 : "1=1",
+                {
+                  keyword: `%${body.keyword}%`,
+                }
             )
               .orWhere(
                 body.keyword != null && body.keyword != ""
-                  ? `profile.email like '%${body.keyword}%'`
+                  ? `profile.email LIKE :keyword`
                   : "1=1",
+                  {
+                    keyword: `%${body.keyword}%`,
+                  }
               )
               .orWhere(
                 body.keyword != null && body.keyword != ""
-                  ? `CONCAT(profile.prefix, profile.firstName," ",profile.lastName)  like '%${body.keyword}%'`
+                  ? `CONCAT(profile.prefix, profile.firstName," ",profile.lastName) LIKE :keyword`
                   : "1=1",
+                  {
+                    keyword: `%${body.keyword}%`,
+                  }
               );
           }),
         )
@@ -625,18 +634,27 @@ export class KeycloakController extends Controller {
           new Brackets((qb) => {
             qb.orWhere(
               body.keyword != null && body.keyword != ""
-                ? `profileEmployee.citizenId like '%${body.keyword}%'`
+                ? `profileEmployee.citizenId LIKE :keyword`
                 : "1=1",
+                {
+                  keyword: `%${body.keyword}%`,
+                }
             )
               .orWhere(
                 body.keyword != null && body.keyword != ""
-                  ? `profileEmployee.email like '%${body.keyword}%'`
+                  ? `profileEmployee.email LIKE :keyword`
                   : "1=1",
+                  {
+                    keyword: `%${body.keyword}%`,
+                  }
               )
               .orWhere(
                 body.keyword != null && body.keyword != ""
-                  ? `CONCAT(profileEmployee.prefix, profileEmployee.firstName," ",profileEmployee.lastName)  like '%${body.keyword}%'`
+                  ? `CONCAT(profileEmployee.prefix, profileEmployee.firstName," ",profileEmployee.lastName) LIKE :keyword`
                   : "1=1",
+                  {
+                    keyword: `%${body.keyword}%`,
+                  }
               );
           }),
         )