diff --git a/uc_order/src/Form/OrderCreateForm.php b/uc_order/src/Form/OrderCreateForm.php
index d8b6d04..ad7ec1c 100644
--- a/uc_order/src/Form/OrderCreateForm.php
+++ b/uc_order/src/Form/OrderCreateForm.php
@@ -99,26 +99,33 @@ class OrderCreateForm extends FormBase {
         '#suffix' => '</div>',
       );
 
+      $user_input = $form_state->getUserInput();
       // Search for existing customer by e-mail address.
-      if ($form_state->getValue('customer')) {
-        $query = db_select('users_field_data', 'u')->distinct();
+      if (!empty($user_input['customer'])) {
+        $user_input = $form_state->getUserInput();
+        $connection = Database::getConnection();
+
+        $query = $connection->select('users_field_data', 'u')->distinct();
         $query->leftJoin('uc_orders', 'o', 'u.uid = o.uid');
         $query->fields('u', array('uid', 'name', 'mail'))
           ->fields('o', array('billing_first_name', 'billing_last_name'))
-          ->condition('u.uid', 0, '>')
-          ->condition(db_or()
-            ->isNull('o.billing_first_name')
-            ->condition('o.billing_first_name', db_like(trim($form_state->getValue(['customer', 'first_name']))) . '%', 'LIKE')
-          )
-          ->condition(db_or()
-            ->isNull('o.billing_last_name')
-            ->condition('o.billing_last_name', db_like(trim($form_state->getValue(['customer', 'last_name']))) . '%', 'LIKE')
-          )
-          ->condition(db_or()
-            ->condition('o.primary_email', db_like(trim($form_state->getValue(['customer', 'email']))) . '%', 'LIKE')
-            ->condition('u.mail', db_like(trim($form_state->getValue(['customer', 'email']))) . '%', 'LIKE')
-          )
-          ->condition('u.name', db_like(trim($form_state->getValue(['customer', 'username']))) . '%', 'LIKE')
+          ->condition('u.uid', 0, '>');
+        $group = $query->orConditionGroup()
+          ->isNull('o.billing_first_name')
+          ->condition('o.billing_first_name', $connection->escapeLike(trim($user_input['customer']['first_name'])) . '%', 'LIKE');
+        $query->condition($group);
+
+        $group = $query->orConditionGroup()
+          ->isNull('o.billing_last_name')
+          ->condition('o.billing_last_name', $connection->escapeLike(trim($user_input['customer']['last_name'])) . '%', 'LIKE');
+        $query->condition($group);
+
+        $group = $query->orConditionGroup()
+          ->condition('o.primary_email', $connection->escapeLike(trim($user_input['customer']['email'])) . '%', 'LIKE')
+          ->condition('u.mail', $connection->escapeLike(trim($user_input['customer']['email'])) . '%', 'LIKE');
+        $query->condition($group);
+
+        $query->condition('u.name', $connection->escapeLike(trim($user_input['customer']['username'])) . '%', 'LIKE')
           ->orderBy('o.created', 'DESC')
           ->range(0, $limit = 11);
         $result = $query->execute();