%

src/main/java/app/services/db/PromoCodeService.java

@@ -49,9 +49,24 @@ public class PromoCodeService {
                 (rs, n) -> new PromoCode(rs));
     }
 
+    private String sanitazesCode(String input) {
+        if (input == null) return "";
+        StringBuilder sb = new StringBuilder();
+        for (char c : input.toCharArray()) {
+            if ((c >= 'a' && c <= 'z') ||
+                    (c >= 'A' && c <= 'Z') ||
+                    (c >= '0' && c <= '9') ||
+                    c == '-') {
+                sb.append(c);
+            }
+        }
+        return sb.toString();
+    }
+
     public PromoCode getPromoCode(String code) {
+        String sanitCode = sanitazesCode(code);
         return jdbcTemplate.query("SELECT * FROM gived_promocode WHERE code LIKE ?",
-                new Object[]{code},
+                new Object[]{sanitCode},
                 (rs, n) -> new PromoCode(rs)).stream().findFirst().orElse(null);
     }