- $taglist = DBA::select('tag', ['name'], ["`name` LIKE ?", $t . "%"], ['order' => ['name'], 'limit' => 100]);
+ $taglist = DBA::select(
+ 'tag',
+ ['name'],
+ ["`name` LIKE ?", Strings::escapeHtml($request['t']) . "%"],
+ ['order' => ['name'], 'limit' => 100]
+ );