From 9b656534ae467a8ba482284234290919f4fe8dfd Mon Sep 17 00:00:00 2001
From: Rick Barrette <rickbarrette@gmail.com>
Date: Sat, 21 Feb 2026 08:23:58 -0500
Subject: [PATCH] Sanitize search, no little bobby tables

---
 app/models/customer.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/models/customer.rb b/app/models/customer.rb
index f5cfe15..f36c179 100644
--- a/app/models/customer.rb
+++ b/app/models/customer.rb
@@ -169,6 +169,7 @@ class Customer < ActiveRecord::Base
   
   # Searchs the database for a customer by name or phone number with out special chars
   def self.search(search)
+    search = sanitize_sql_like(search)
     customers = where("name LIKE ? OR phone_number LIKE ? OR mobile_phone_number LIKE ?", "%#{search}%", "%#{search}%", "%#{search}%")
     return customers.order(:name)
   end