bug

server/Application/Api/Controller/UserController.class.php

@@ -267,8 +267,8 @@ class UserController extends BaseController {
         $uid = $login_user['uid'] ;
         $username = I("username");
         $field = "username as value" ;
-        $username = \SQLite3::escapeString($username) ;
         if ($username) {
+            $username = \SQLite3::escapeString($username) ;
             $where = " username like '%{$username}%'" ;
         }else{
             $where = ' 1 = 1 ';