diff --git a/server.js b/server.js
index b204b28..82bfcf0 100644
--- a/server.js
+++ b/server.js
@@ -567,7 +567,7 @@ router.get("/api/getPosts", async function(req,res) {
   res.set("Access-Control-Allow-Origin","*")
   if(req.query.channel != undefined) {
     let sql = `select post_user_name,post_text,post_time,post_special_text,post_id,post_from_bot,post_reply_id from ipost.posts where post_receiver_name = ? group by post_id order by post_id desc limit 30;`
-    con.query(sql, [req.query.channel], function (err, result) {
+    con.query(sql, [encodeURIComponent(req.query.channel)], function (err, result) {
       if (err) throw err;
       res.json(result)
     });
@@ -584,7 +584,7 @@ router.get("/api/getPostsLowerThan", async function(req,res) {
   res.set("Access-Control-Allow-Origin","*")
   if(req.query.channel != undefined) {
     let sql = `select post_user_name,post_text,post_time,post_special_text,post_id,post_from_bot,post_reply_id from ipost.posts where ((post_receiver_name = ?) and (post_id < ?)) group by post_id order by post_id desc limit 30;`
-    con.query(sql, [req.query.channel,req.query.id], function (err, result) {
+    con.query(sql, [encodeURIComponent(req.query.channel),req.query.id], function (err, result) {
       if (err) throw err;
       res.json(result)
     });