How do I prevent SQL injection when using the LIKE operator?

I am building a website using Node and the node-mysql package.

app.get('/api/tags', function(req, res) {
  var term = req.query.term;
  var query =
  'SELECT \
     t.tagName \
   FROM tags t \
   JOIN screencastTags st \
     ON st.tagName = t.tagName \
   JOIN screencasts s \
     ON s.screencastId = st.screencastId \
   WHERE s.status = \'approved\' AND t.tagName LIKE \'%' + term + '%\' \
   GROUP BY t.tagName \
   LIMIT 5';
  connection.queryAsync(query).spread(function(tags) {
    tags = tags.map(function(tag) { return tag.tagName });
    res.send(tags);
  })
})

Here I use a value from the query string - term - to return a list of tags.

My question is: How do I prevent against SQL injection when I am using the LIKE operator?

I tried

  var query =
  'SELECT \
     t.tagName \
   FROM tags t \
   JOIN screencastTags st \
     ON st.tagName = t.tagName \
   JOIN screencasts s \
     ON s.screencastId = st.screencastId \
   WHERE s.status = \'approved\' AND t.tagName LIKE \'%' + conneciton.escape(term) + '%\' \
   GROUP BY t.tagName \
   LIMIT 5';

But that produces invalid SQL.