diff --git a/Lab01/app/database/database.go b/Lab01/app/database/database.go
index a9b4cf7..bb22036 100644
--- a/Lab01/app/database/database.go
+++ b/Lab01/app/database/database.go
@@ -34,6 +34,13 @@ func (db *Database) GetAllTasks(username string) []Task {
 	return tasks
 }
 
+func (db *Database) FilteredTasks(username string, filter string) []Task {
+	var tasks []Task
+	query := fmt.Sprintf("SELECT * FROM tasks WHERE username = '%s' AND description LIKE '%s'", username, filter)
+	db.ORM.Raw(query).Scan(&tasks)
+	return tasks
+}
+
 func (db *Database) CreateTask(username string, description string) Task {
 	task := Task{
 		ID:          0,
@@ -97,7 +104,3 @@ func (db *Database) UserIsLoggedIn(username string) bool {
 	}
 	return false
 }
-
-func (db *Database) Search(term string) {
-	db.ORM.Exec("SELECT * FROM tasks")
-}
diff --git a/Lab01/app/templates/tasks.tmpl b/Lab01/app/templates/tasks.tmpl
index 63789d0..37aec54 100644
--- a/Lab01/app/templates/tasks.tmpl
+++ b/Lab01/app/templates/tasks.tmpl
@@ -47,10 +47,10 @@
         const enteredText = e.currentTarget.value;
         clearTimeout(timer);
         if (e.key === "Enter ") {
-            searchTask(enteredText);
+            getAllTasks(enteredText);
         } else {
             timer = setTimeout(() => {
-                searchTask(enteredText);
+                getAllTasks(enteredText);
             }, 1000);
         }
     });
@@ -84,12 +84,6 @@
             });
     }
 
-    function searchTask(value) {
-        if (value !== "") {
-            console.log(value);
-        }
-    }
-
     function addTaskToTasks(task, number) {
         tasks.push(task);
         const newTask = document.createElement('div');
@@ -119,10 +113,10 @@
         tasksEl.appendChild(taskHeader);
     }
 
-    function getAllTasks() {
+    function getAllTasks(filter) {
         tasksEl.innerHTML = "";
         addTaskHeader();
-        axios.get("/tasks", axiosConfig).then((response) => {
+        axios.get("/tasks", {params: {filter: filter}, headers: {username: username}}).then((response) => {
             tasks = response.data.tasks;
             tasks.forEach((task, index) => {
                 addTaskToTasks(task, index + 1);
diff --git a/Lab01/app/webpage/webpage.go b/Lab01/app/webpage/webpage.go
index 540511b..aea5404 100644
--- a/Lab01/app/webpage/webpage.go
+++ b/Lab01/app/webpage/webpage.go
@@ -38,11 +38,17 @@ func (wp *Webpage) defineRoutes() {
 	tasks := wp.Router.Group("/tasks")
 	{
 		tasks.GET("", func(c *gin.Context) {
-			if wp.isLoggedInMiddleware(c) {
-				username := c.Request.Header.Get("username")
-				tasks := wp.Database.GetAllTasks(username)
+			//if wp.isLoggedInMiddleware(c) { // FOR SQL INJECTION (username=Florian OR 1=1 in Header)
+			username := c.Request.Header.Get("username")
+			filter := c.Query("filter")
+			if filter != "" {
+				tasks := wp.Database.FilteredTasks(username, filter)
 				c.JSON(200, gin.H{"tasks": tasks})
+				return
 			}
+			tasks := wp.Database.GetAllTasks(username)
+			c.JSON(200, gin.H{"tasks": tasks})
+			//}
 		})
 		tasks.POST("", func(c *gin.Context) {
 			if wp.isLoggedInMiddleware(c) {