Escape %_ using ActiveRecord::Sanitization

app/helpers/search_helper.rb

@@ -21,7 +21,7 @@ def self.parse_search_params(params, symbol, user)
       regex_support.each { |k, v| input = input.gsub(k, v) }
     else
       operation = 'LIKE'
-      input = '%' + input + '%'
+      input = '%' + ActiveRecord::Base.sanitize_sql_like(input) + '%'
     end
 
     [input, operation]