From 0e75106e1a7cff98b67c72f4fe03652a3e96824e Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Mon, 23 Mar 2026 13:30:03 -0400
Subject: [PATCH] Client POST: Added comment regarding MySQLi Prepared
 statement usage within Client add/edit POST

---
 agent/post/client.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/agent/post/client.php b/agent/post/client.php
index b5f0ac45..90ec6ef5 100644
--- a/agent/post/client.php
+++ b/agent/post/client.php
@@ -8,6 +8,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
 
 if (isset($_POST['add_client'])) {
 
+    // JQ - Using Prepared MySQLi Statements here for show this is not our standard and is only used in the client add/edit POST.
+
     validateCSRFToken($_POST['csrf_token']);
 
     enforceUserPermission('module_client', 2);