troca string interpolation por prepared statements com ?

server/services/medicos/get.js

@@ -4,8 +4,11 @@ const crm = _req.getString("crm") ?? "";
 const dbRegistros = _db.query(`
     SELECT nome, c_r_m
     FROM medico
-    WHERE nome LIKE '%${nome}%' AND c_r_m LIKE '%${crm}%'
-`);
+    WHERE nome LIKE ? AND c_r_m LIKE ?
+`,
+    `%${nome}%`,
+    `%${crm}%`
+);
 
 const lista = _val.list();
 

server/services/pacientes/get.js

@@ -5,8 +5,12 @@ const cpf = _req.getString("cpf") ?? "";
 const dbRegistros = _db.query(`
     SELECT nome, r_g, c_p_f, data_de_nascimento, endereco, telefone
     FROM paciente
-    WHERE nome LIKE '%${nome}%' AND r_g LIKE '%${rg}%' AND c_p_f LIKE '%${cpf}%'
-`);
+    WHERE nome LIKE ? AND r_g LIKE ? AND c_p_f LIKE ?
+`,
+    `%${nome}%`,
+    `%${rg}%`,
+    `%${cpf}%`
+);
 
 const lista = _val.list();