diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index c20282a45..d20fbc05c 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1423,7 +1423,8 @@ class UsersController < ApplicationController
   def search_user_course
     @user = User.current
     if !params[:search].nil?
-      @course = @user.courses.where(" #{Course.table_name}.id = #{params[:search].to_i } or #{Course.table_name}.name like '%#{params[:search.to_s]}%'")
+      search = "%#{params[:search].to_s.strip.downcase}%"
+      @course = @user.courses.where(" #{Course.table_name}.id = #{params[:search].to_i } or #{Course.table_name}.name like :p",:p=>search)
       .select { |course|  @user.allowed_to?(:as_teacher,course)}
     else
       @course = @user.courses
@@ -1442,7 +1443,8 @@ class UsersController < ApplicationController
   def search_user_project
     @user = User.current
     if !params[:search].nil?
-      @projects = @user.projects.where(" #{Project.table_name}.id = #{params[:search].to_i } or #{Project.table_name}.name like '%#{params[:search.to_s]}%'")
+      search = "%#{params[:search].to_s.strip.downcase}%"
+      @projects = @user.projects.where(" #{Project.table_name}.id = #{params[:search].to_i } or #{Project.table_name}.name like :p",:p=>search)
     else
       @projects = @user.projects
     end