diff --git a/app/models/room.rb b/app/models/room.rb
index 02d0b7cc..be585763 100644
--- a/app/models/room.rb
+++ b/app/models/room.rb
@@ -40,8 +40,7 @@ class Room < ApplicationRecord
     search_query = "rooms.name LIKE :search OR rooms.uid LIKE :search OR users.email LIKE :search" \
     " OR users.#{created_at_query} LIKE :search"
 
-    search_param = "%#{string}%"
-
+    search_param = "%#{sanitize_sql_like(string)}%"
     where(search_query, search: search_param)
   end
 
diff --git a/app/models/user.rb b/app/models/user.rb
index 16763037..ab5bafa4 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -85,7 +85,7 @@ class User < ApplicationRecord
       search_query = "users.name LIKE :search OR email LIKE :search OR username LIKE :search" \
                     " OR users.#{created_at_query} LIKE :search OR users.provider LIKE :search" \
                     " OR roles.name LIKE :roles_search"
-      role_search_param = "%#{string}%"
+      role_search_param = "%#{sanitize_sql_like(string)}%"
     else
       search_query = "(users.name LIKE :search OR email LIKE :search OR username LIKE :search" \
                     " OR users.#{created_at_query} LIKE :search OR users.provider LIKE :search)" \
@@ -93,7 +93,7 @@ class User < ApplicationRecord
       role_search_param = role.name
     end
 
-    search_param = "%#{string}%"
+    search_param = "%#{sanitize_sql_like(string)}%"
     where(search_query, search: search_param, roles_search: role_search_param)
   end