diff --git a/model/game_card.go b/model/game_card.go
index 9c75a7f..fb23df2 100644
--- a/model/game_card.go
+++ b/model/game_card.go
@@ -560,17 +560,16 @@ func GetGameCardSearch(name string, page, pageSize int, storeId uint32) ([]GameC
 	//	sqlStore = fmt.Sprintf(" AND id IN (%s) ", strings.Join(gameCardIds, ","))
 	//}
 
-	countSql := "SELECT COUNT(id) AS count  FROM game_card WHERE status=1 AND game_card.name LIKE '%" + name + "%'"
-	err := DB.Raw(countSql).Scan(&cardCount).Error
+	likeName := "%" + name + "%"
+	countSql := "SELECT COUNT(id) AS count FROM game_card WHERE status=1 AND game_card.name LIKE ?"
+	err := DB.Raw(countSql, likeName).Scan(&cardCount).Error
 	if err != nil {
 		logger.Error("err:", err)
 		return cards, 0, err
 	}
 
-	sql := "SELECT game_card.* FROM game_card WHERE status=1 AND game_card.name LIKE '%" + name + "%'"
-	//sql := "SELECT game_card.* FROM game_card WHERE status=1 AND game_card.name LIKE '%" + name + "%'" + sqlStore +
-	//	fmt.Sprintf(" LIMIT %d,%d;", page*pageSize, pageSize)
-	err = DB.Raw(sql).Scan(&cards).Error
+	sql := "SELECT game_card.* FROM game_card WHERE status=1 AND game_card.name LIKE ?"
+	err = DB.Raw(sql, likeName).Scan(&cards).Error
 	if err != nil {
 		logger.Error("err:", err)
 		return cards, 0, err