diff --git a/accounts.php b/accounts.php
index efdd9594..61216bee 100644
--- a/accounts.php
+++ b/accounts.php
@@ -1,7 +1,7 @@
 <?php include("inc_all_settings.php");
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "account_name";
 }
@@ -27,7 +27,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Accounts">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Accounts">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/categories.php b/categories.php
index c633b2bb..95b56d04 100644
--- a/categories.php
+++ b/categories.php
@@ -1,13 +1,13 @@
 <?php include("inc_all_settings.php"); 
 
 if(isset($_GET['category'])){
-  $category = mysqli_real_escape_string($mysqli,$_GET['category']);
+  $category = strip_tags(mysqli_real_escape_string($mysqli,$_GET['category']));
 }else{
   $category = "Expense";
 }
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "category_name";
 }
@@ -42,18 +42,18 @@ $colors_diff = array_diff($colors_array,$colors_used_array);
 
 <div class="card card-dark">
   <div class="card-header py-2">
-    <h3 class="card-title mt-2"><i class="fa fa-fw fa-list"></i> <?php echo $category; ?> Categories</h3>
+    <h3 class="card-title mt-2"><i class="fa fa-fw fa-list"></i> <?php echo htmlentities($category); ?> Categories</h3>
     <div class="card-tools">
       <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addCategoryModal"><i class="fas fa-fw fa-plus"></i> New</button>
     </div>
   </div>
   <div class="card-body">
     <form autocomplete="off">
-      <input type="hidden" name="category" value="<?php echo $category; ?>">
+      <input type="hidden" name="category" value="<?php echo htmlentities($category); ?>">
       <div class="row">
         <div class="col-sm-4 mb-2">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Categories">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Categories">
             <div class="input-group-append">
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_assets.php b/client_assets.php
index f91d0e3b..9f919f4b 100644
--- a/client_assets.php
+++ b/client_assets.php
@@ -32,7 +32,7 @@ $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT(*) AS count FROM as
 $other_count = $row['count'];
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "asset_name";
 }
@@ -75,18 +75,18 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
   <div class="card-header py-2">
     <h3 class="card-title mt-2"><i class="fa fa-fw fa-desktop"></i> Assets</h3>
     <div class="card-tools">
-      <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addAssetModal"><i class="fas fa-fw fa-plus"></i> New <?php if(!empty($_GET['type'])){ echo ucwords(strip_tags($_GET['type'])); }else{ echo "Asset"; } ?></button>
+      <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addAssetModal"><i class="fas fa-fw fa-plus"></i> New <?php if(!empty($_GET['type'])){ echo ucwords(strip_tags(htmlentities($_GET['type']))); }else{ echo "Asset"; } ?></button>
     </div>
   </div>
   <div class="card-body">
     <form autocomplete="off">
       <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
-      <input type="hidden" name="type" value="<?php echo strip_tags($_GET['type']); ?>">
+      <input type="hidden" name="type" value="<?php echo strip_tags(htmlentities($_GET['type'])); ?>">
       <div class="row">
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php if(!empty($_GET['type'])){ echo ucwords(strip_tags($_GET['type'])); }else{ echo "Asset"; } ?>s">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search <?php if(!empty($_GET['type'])){ echo ucwords(strip_tags(htmlentities($_GET['type']))); }else{ echo "Asset"; } ?>s">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_certificates.php b/client_certificates.php
index b94d2cfd..4de3f655 100644
--- a/client_certificates.php
+++ b/client_certificates.php
@@ -3,7 +3,7 @@
 <?php 
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "certificate_name";
 }
@@ -33,7 +33,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Certificates">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Certificates">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_contacts.php b/client_contacts.php
index 688da7dd..68877746 100644
--- a/client_contacts.php
+++ b/client_contacts.php
@@ -3,7 +3,7 @@
 <?php 
 
 if(isset($_GET['q'])){
-  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
+  $q = strip_tags(mysqli_real_escape_string($mysqli,$_GET['q']));
   //Phone Numbers
   $n = preg_replace("/[^0-9]/", '',$q);
   if(empty($n)){
@@ -16,7 +16,7 @@ if(isset($_GET['q'])){
 }
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "contact_name";
 }
@@ -48,7 +48,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Contacts">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Contacts">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_documents.php b/client_documents.php
index 012041b8..244e58ad 100644
--- a/client_documents.php
+++ b/client_documents.php
@@ -11,7 +11,7 @@ if(!empty($_GET['folder_id'])){
 
 // Sort by
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "document_name";
 }
@@ -130,7 +130,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
           <input type="hidden" name="client_id" value="<?php echo intval($client_id); ?>">
           <input type="hidden" name="folder_id" value="<?php echo $get_folder_id; ?>">
           <div class="input-group">
-            <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Documents">
+            <input type="search" class="form-control " name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Documents">
             <div class="input-group-append">
               <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_domains.php b/client_domains.php
index aa2e25ee..10bb382f 100644
--- a/client_domains.php
+++ b/client_domains.php
@@ -3,7 +3,7 @@
 <?php 
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "domain_name";
 }
@@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Domains">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Domains">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_invoices.php b/client_invoices.php
index 4ba41ed0..65e23cbd 100644
--- a/client_invoices.php
+++ b/client_invoices.php
@@ -3,7 +3,7 @@
 <?php
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "invoice_number";
 }
@@ -41,7 +41,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Invoices">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Invoices">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_locations.php b/client_locations.php
index 889af06e..f063aa64 100644
--- a/client_locations.php
+++ b/client_locations.php
@@ -3,7 +3,7 @@
 <?php 
  
 if(isset($_GET['q'])){
-  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
+  $q = strip_tags(mysqli_real_escape_string($mysqli,$_GET['q']));
   //Phone Numbers
   $phone_query = preg_replace("/[^0-9]/", '',$q);
   if(empty($phone_query)){
@@ -15,7 +15,7 @@ if(isset($_GET['q'])){
 }
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "location_name";
 }
@@ -47,7 +47,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Locations">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Locations">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_logins.php b/client_logins.php
index 74bc5223..3c9eaf66 100644
--- a/client_logins.php
+++ b/client_logins.php
@@ -3,7 +3,7 @@
 <?php
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "login_name";
 }
@@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 
           <div class="col-md-4">
             <div class="input-group mb-3 mb-md-0">
-              <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Passwords">
+              <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Passwords">
               <div class="input-group-append">
                 <button class="btn btn-dark"><i class="fa fa-search"></i></button>
               </div>
diff --git a/client_logs.php b/client_logs.php
index f8365711..8816067d 100644
--- a/client_logs.php
+++ b/client_logs.php
@@ -3,7 +3,7 @@
 <?php 
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "log_id";
 }
@@ -40,7 +40,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Logs">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Logs">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_networks.php b/client_networks.php
index c2bcdba3..eea103c9 100644
--- a/client_networks.php
+++ b/client_networks.php
@@ -3,7 +3,7 @@
 <?php
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "network_name";
 }
@@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Networks">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Networks">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_payments.php b/client_payments.php
index 02ebd5af..32ce2214 100644
--- a/client_payments.php
+++ b/client_payments.php
@@ -3,7 +3,7 @@
 <?php
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "payment_date";
 }
@@ -39,7 +39,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Payments">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Payments">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_quotes.php b/client_quotes.php
index c48735df..53f367b5 100644
--- a/client_quotes.php
+++ b/client_quotes.php
@@ -3,7 +3,7 @@
 <?php
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "quote_number";
 }
@@ -41,7 +41,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Quotes">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Quotes">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_recurring_invoices.php b/client_recurring_invoices.php
index 345ea32f..523d8c11 100644
--- a/client_recurring_invoices.php
+++ b/client_recurring_invoices.php
@@ -3,7 +3,7 @@
 <?php
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "recurring_id";
 }
@@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Recurring Invoices">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Recurring Invoices">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_scheduled_tickets.php b/client_scheduled_tickets.php
index 8173b208..bb2392b4 100644
--- a/client_scheduled_tickets.php
+++ b/client_scheduled_tickets.php
@@ -3,7 +3,7 @@
 <?php
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "scheduled_ticket_subject";
 }
@@ -38,7 +38,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Scheduled Tickets">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Scheduled Tickets">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_services.php b/client_services.php
index 6eacd6bc..774ee229 100644
--- a/client_services.php
+++ b/client_services.php
@@ -3,7 +3,7 @@
 <?php
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "service_name";
 }
@@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <form autocomplete="off">
         <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
         <div class="input-group">
-          <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Services">
+          <input type="search" class="form-control " name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Services">
           <div class="input-group-append">
             <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
           </div>
diff --git a/client_shared_items.php b/client_shared_items.php
index d425034e..b99df38e 100644
--- a/client_shared_items.php
+++ b/client_shared_items.php
@@ -3,7 +3,7 @@
 <?php
 
 if(isset($_GET['q'])){
-  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
+  $q = strip_tags(mysqli_real_escape_string($mysqli,$_GET['q']));
   //Phone Numbers
   $phone_query = preg_replace("/[^0-9]/", '',$q);
   if(empty($phone_query)){
@@ -42,7 +42,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 
           <div class="col-md-4">
             <div class="input-group mb-3 mb-md-0">
-              <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Shared Items">
+              <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Shared Items">
               <div class="input-group-append">
                 <button class="btn btn-dark"><i class="fa fa-search"></i></button>
               </div>
diff --git a/client_software.php b/client_software.php
index 16e89fb2..71c21061 100644
--- a/client_software.php
+++ b/client_software.php
@@ -3,7 +3,7 @@
 <?php 
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "software_name";
 }
@@ -35,7 +35,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Licenses">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Licenses">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_tickets.php b/client_tickets.php
index 5f4af54c..d83a96c1 100644
--- a/client_tickets.php
+++ b/client_tickets.php
@@ -3,7 +3,7 @@
 <?php 
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "ticket_number";
 }
@@ -45,7 +45,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Tickets">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Tickets">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_trips.php b/client_trips.php
index 995c2d4d..48d52e06 100644
--- a/client_trips.php
+++ b/client_trips.php
@@ -3,7 +3,7 @@
 <?php
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "trip_date";
 }
@@ -16,8 +16,8 @@ if(!isset($_GET['o'])){
 
 //Date From and Date To Filter
 if(isset($_GET['dtf'])){
-  $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
-  $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
+  $dtf = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtf']));
+  $dtt = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtt']));
 }else{
   $dtf = "0000-00-00";
   $dtt = "9999-00-00";
@@ -52,7 +52,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Trips">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Trips">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/client_vendors.php b/client_vendors.php
index 8caebfff..c01cf6a7 100644
--- a/client_vendors.php
+++ b/client_vendors.php
@@ -3,7 +3,7 @@
 <?php
 
 if(isset($_GET['q'])){
-  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
+  $q = strip_tags(mysqli_real_escape_string($mysqli,$_GET['q']));
   //Phone Numbers
   $phone_query = preg_replace("/[^0-9]/", '',$q);
   if(empty($phone_query)){
@@ -15,7 +15,7 @@ if(isset($_GET['q'])){
 }
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "vendor_name";
 }
@@ -45,7 +45,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
         
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Vendors">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Vendors">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/clients.php b/clients.php
index 99d47d63..99f2403c 100644
--- a/clients.php
+++ b/clients.php
@@ -15,7 +15,7 @@ if(isset($_GET['p'])){
   
 //Custom Query Filter  
 if(isset($_GET['query'])){
-  $query = mysqli_real_escape_string($mysqli,$_GET['query']);
+  $query = strip_tags(mysqli_real_escape_string($mysqli,$_GET['query']));
   //Phone Numbers
   $phone_query = preg_replace("/[^0-9]/", '',$query);
   if(empty($phone_query)){
@@ -28,7 +28,7 @@ if(isset($_GET['query'])){
 
 //Column Filter
 if(!empty($_GET['sortby'])){
-  $sortby = mysqli_real_escape_string($mysqli,$_GET['sortby']);
+  $sortby = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sortby']));
 }else{
   $sortby = "client_accessed_at";
 }
@@ -55,8 +55,8 @@ if(empty($_GET['canned_date'])) {
 
 //Date Filter
 if($_GET['canned_date'] == "custom" && !empty($_GET['date_from'])){
-  $date_from = mysqli_real_escape_string($mysqli,$_GET['date_from']);
-  $date_to = mysqli_real_escape_string($mysqli,$_GET['date_to']);
+  $date_from = strip_tags(mysqli_real_escape_string($mysqli,$_GET['date_from']));
+  $date_to = strip_tags(mysqli_real_escape_string($mysqli,$_GET['date_to']));
 }elseif($_GET['canned_date'] == "today"){
   $date_from = date('Y-m-d');
   $date_to = date('Y-m-d');
@@ -119,7 +119,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="query" value="<?php if(isset($query)){echo stripslashes($query);} ?>" placeholder="Search Clients" autofocus>
+            <input type="search" class="form-control" name="query" value="<?php if(isset($query)){echo stripslashes(htmlentities($query));} ?>" placeholder="Search Clients" autofocus>
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -148,13 +148,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
           <div class="col-md-2">
             <div class="form-group">
               <label>Date From</label>
-              <input type="date" class="form-control" name="date_from" max="2999-12-31" value="<?php echo $date_from; ?>">
+              <input type="date" class="form-control" name="date_from" max="2999-12-31" value="<?php echo htmlentities($date_from); ?>">
             </div>
           </div>
           <div class="col-md-2">
             <div class="form-group">
               <label>Date To</label>
-              <input type="date" class="form-control" name="date_to" max="2999-12-31" value="<?php echo $date_to; ?>">
+              <input type="date" class="form-control" name="date_to" max="2999-12-31" value="<?php echo htmlentities($date_to); ?>">
             </div>
           </div>
         </div>    
diff --git a/companies.php b/companies.php
index 7d3502db..ee6b370f 100644
--- a/companies.php
+++ b/companies.php
@@ -1,7 +1,7 @@
 <?php include("inc_all_settings.php");
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "company_name";
 }
@@ -28,7 +28,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Companies">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Companies">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/expenses.php b/expenses.php
index 88ca3b84..196ec06a 100644
--- a/expenses.php
+++ b/expenses.php
@@ -3,7 +3,7 @@
 //$o = "DESC";
   
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "expense_date";
 }
@@ -22,8 +22,8 @@ if(empty($_GET['canned_date'])){
 
 //Date Filter
 if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
-  $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
-  $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
+  $dtf = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtf']));
+  $dtt = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtt']));
 }elseif($_GET['canned_date'] == "today"){
   $dtf = date('Y-m-d');
   $dtt = date('Y-m-d');
@@ -83,7 +83,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Expenses">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Expenses">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -117,13 +117,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
           <div class="col-md-2">
             <div class="form-group">
               <label>Date From</label>
-              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo $dtf; ?>">
+              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
             </div>
           </div>
           <div class="col-md-2">
             <div class="form-group">
               <label>Date To</label>
-              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo $dtt; ?>">
+              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
             </div>
           </div>
         </div>    
diff --git a/global_search.php b/global_search.php
index 811ac99a..32defdc4 100644
--- a/global_search.php
+++ b/global_search.php
@@ -4,7 +4,7 @@
 
 if(isset($_GET['query'])){
 
-    $query = mysqli_real_escape_string($mysqli,$_GET['query']);
+    $query = strip_tags(mysqli_real_escape_string($mysqli,$_GET['query']));
 
     $phone_query = preg_replace("/[^0-9]/", '',$query);
     if(empty($phone_query)){
diff --git a/invoices.php b/invoices.php
index 976b48f6..99dfc925 100644
--- a/invoices.php
+++ b/invoices.php
@@ -85,8 +85,8 @@
   
   //Date Filter
   if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
-    $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
-    $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
+    $dtf = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtf']));
+    $dtt = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtt']));
   }elseif($_GET['canned_date'] == "today"){
     $dtf = date('Y-m-d');
     $dtt = date('Y-m-d');
@@ -201,11 +201,11 @@
 
   <div class="card-body">
     <form class="mb-4" autocomplete="off">
-      <input type="hidden" name="status" value="<?php if(isset($_GET['status'])){ echo strip_tags($_GET['status']); } ?>">
+      <input type="hidden" name="status" value="<?php if(isset($_GET['status'])){ echo htmlentities($_GET['status']); } ?>">
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Invoices">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Invoices">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
diff --git a/logs.php b/logs.php
index ba92622b..c0195480 100644
--- a/logs.php
+++ b/logs.php
@@ -1,7 +1,7 @@
 <?php include("inc_all_settings.php");
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "log_id";
 }
@@ -20,8 +20,8 @@ if(empty($_GET['canned_date'])){
 
 //Date Filter
 if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
-  $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
-  $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
+  $dtf = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtf']));
+  $dtt = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtt']));
 }elseif($_GET['canned_date'] == "today"){
   $dtf = date('Y-m-d');
   $dtt = date('Y-m-d');
@@ -68,14 +68,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 
 <div class="card card-dark">
   <div class="card-header">
-    <h3 class="card-title"><i class="fa fa-fw fa-eye"></i> Audit Logs <?php echo $extended_query; ?></h3>
+    <h3 class="card-title"><i class="fa fa-fw fa-eye"></i> Audit Logs</h3>
   </div>
   <div class="card-body">
     <form class="mb-4" autocomplete="off">
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search audit logs">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search audit logs">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
diff --git a/notifications_dismissed.php b/notifications_dismissed.php
index 8944a3f4..e7ac7974 100644
--- a/notifications_dismissed.php
+++ b/notifications_dismissed.php
@@ -2,7 +2,7 @@
 
 //Column Filter
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "notification_timestamp";
 }
@@ -15,8 +15,8 @@ if(!isset($_GET['o'])){
 
 //Date From and Date To Filter
 if(!empty($_GET['dtf'])){
-  $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
-  $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
+  $dtf = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtf']));
+  $dtt = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtt']));
 }else{
   $dtf = "0000-00-00";
   $dtt = "9999-00-00";
@@ -44,7 +44,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Dismissed Notifications">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Dismissed Notifications">
             <div class="input-group-append">
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
             </div>
@@ -59,13 +59,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
           <div class="col-md-2">
             <div class="form-group">
               <label>Date From</label>
-              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo $dtf; ?>">
+              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
             </div>
           </div>
           <div class="col-md-2">
             <div class="form-group">
               <label>Date To</label>
-              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo $dtt; ?>">
+              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
             </div>
           </div>
         </div>    
diff --git a/pagination_head.php b/pagination_head.php
index 742f1689..bbfb282a 100644
--- a/pagination_head.php
+++ b/pagination_head.php
@@ -34,7 +34,7 @@ if(isset($_GET['o'])){
 
 // Search
 if(isset($_GET['q'])){
-  $q = mysqli_real_escape_string($mysqli,trim($_GET['q']));
+  $q = strip_tags(mysqli_real_escape_string($mysqli,trim($_GET['q'])));
 }else{
   $q = "";
 }
\ No newline at end of file
diff --git a/payments.php b/payments.php
index fc33a37c..0d529e1c 100644
--- a/payments.php
+++ b/payments.php
@@ -1,7 +1,7 @@
 <?php include("inc_all.php");
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "payment_date";
 }
@@ -20,8 +20,8 @@ if(empty($_GET['canned_date'])){
 
 //Date Filter
 if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
-  $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
-  $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
+  $dtf = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtf']));
+  $dtt = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtt']));
 }elseif($_GET['canned_date'] == "today"){
   $dtf = date('Y-m-d');
   $dtt = date('Y-m-d');
@@ -78,7 +78,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Payments">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Payments">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -107,13 +107,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
           <div class="col-md-2">
             <div class="form-group">
               <label>Date From</label>
-              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo $dtf; ?>">
+              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
             </div>
           </div>
           <div class="col-md-2">
             <div class="form-group">
               <label>Date To</label>
-              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo $dtt; ?>">
+              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
             </div>
           </div>
         </div>    
diff --git a/products.php b/products.php
index 2d44fa5d..b933c8b1 100644
--- a/products.php
+++ b/products.php
@@ -1,7 +1,7 @@
 <?php include("inc_all.php");
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "product_name";
 }
@@ -32,7 +32,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Products">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Products">
             <div class="input-group-append">
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
             </div>
diff --git a/quotes.php b/quotes.php
index 82bd90d3..e3b4bd99 100644
--- a/quotes.php
+++ b/quotes.php
@@ -1,7 +1,7 @@
 <?php include("inc_all.php");
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "quote_number";
 }
@@ -20,8 +20,8 @@ if(empty($_GET['canned_date'])){
 
 //Date Filter
 if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
-  $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
-  $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
+  $dtf = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtf']));
+  $dtt = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtt']));
 }elseif($_GET['canned_date'] == "today"){
   $dtf = date('Y-m-d');
   $dtt = date('Y-m-d');
@@ -79,7 +79,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Quotes">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Quotes">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -108,13 +108,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
           <div class="col-md-2">
             <div class="form-group">
               <label>Date From</label>
-              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo $dtf; ?>">
+              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
             </div>
           </div>
           <div class="col-md-2">
             <div class="form-group">
               <label>Date To</label>
-              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo $dtt; ?>">
+              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
             </div>
           </div>
         </div>    
diff --git a/recurring_invoices.php b/recurring_invoices.php
index c934bc31..83249d98 100644
--- a/recurring_invoices.php
+++ b/recurring_invoices.php
@@ -1,7 +1,7 @@
 <?php include("inc_all.php");
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "recurring_next_date";
 }
@@ -14,8 +14,8 @@ if(empty($_GET['canned_date'])) {
 
 //Date Filter
 if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
-  $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
-  $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
+  $dtf = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtf']));
+  $dtt = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtt']));
 }elseif($_GET['canned_date'] == "today"){
   $dtf = date('Y-m-d');
   $dtt = date('Y-m-d');
@@ -79,7 +79,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Recurring Invoices">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Recurring Invoices">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -108,13 +108,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
           <div class="col-md-2">
             <div class="form-group">
               <label>Date From</label>
-              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo $dtf; ?>">
+              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
             </div>
           </div>
           <div class="col-md-2">
             <div class="form-group">
               <label>Date To</label>
-              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo $dtt; ?>">
+              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
             </div>
           </div>
         </div>    
diff --git a/revenues.php b/revenues.php
index 2de5be29..4bb36508 100644
--- a/revenues.php
+++ b/revenues.php
@@ -1,7 +1,7 @@
 <?php include("inc_all.php");
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "revenue_date";
 }
@@ -20,8 +20,8 @@ if(empty($_GET['canned_date'])){
 
 //Date Filter
 if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
-  $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
-  $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
+  $dtf = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtf']));
+  $dtt = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtt']));
 }elseif($_GET['canned_date'] == "today"){
   $dtf = date('Y-m-d');
   $dtt = date('Y-m-d');
@@ -79,7 +79,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Revenues">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Revenues">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -108,13 +108,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
           <div class="col-md-2">
             <div class="form-group">
               <label>Date From</label>
-              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo $dtf; ?>">
+              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
             </div>
           </div>
           <div class="col-md-2">
             <div class="form-group">
               <label>Date To</label>
-              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo $dtt; ?>">
+              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
             </div>
           </div>
         </div>    
diff --git a/scheduled_tickets.php b/scheduled_tickets.php
index 3dfb20ca..aad30880 100644
--- a/scheduled_tickets.php
+++ b/scheduled_tickets.php
@@ -2,7 +2,7 @@
 include("inc_all.php");
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "scheduled_ticket_subject";
 }
@@ -34,7 +34,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
 
         <div class="col-md-4">
           <div class="input-group mb-3 mb-md-0">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Scheduled Tickets">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Scheduled Tickets">
             <div class="input-group-append">
               <button class="btn btn-dark"><i class="fa fa-search"></i></button>
             </div>
diff --git a/settings_api.php b/settings_api.php
index 4e69f822..a5a6557d 100644
--- a/settings_api.php
+++ b/settings_api.php
@@ -1,7 +1,7 @@
 <?php include("inc_all_settings.php");
 
   if(!empty($_GET['sb'])){
-    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+    $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
   }else{
     $sb = "api_key_name";
   }
@@ -29,7 +29,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search keys">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search keys">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/settings_tags.php b/settings_tags.php
index 5385867e..5634f28b 100644
--- a/settings_tags.php
+++ b/settings_tags.php
@@ -3,7 +3,7 @@
 <?php
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "tag_name";
 }
@@ -51,7 +51,7 @@ $colors_diff = array_diff($colors_array,$colors_used_array);
       <div class="col-sm-4 mb-2">
         <form autocomplete="off">  
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Tags">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Tags">
             <div class="input-group-append">
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
             </div>
diff --git a/settings_taxes.php b/settings_taxes.php
index 1c7be89f..735f7795 100644
--- a/settings_taxes.php
+++ b/settings_taxes.php
@@ -1,7 +1,7 @@
 <?php include("inc_all_settings.php"); 
 
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "tax_name";
 }
diff --git a/side_nav.php b/side_nav.php
index 01ce0295..76f0b51d 100644
--- a/side_nav.php
+++ b/side_nav.php
@@ -15,7 +15,7 @@
 
       <div class="dropdown brand-link">
         <a class="" href="#" data-toggle="dropdown">
-          <h3 class="brand-text text-light mb-0"><?php echo $session_company_name; ?> <small><i class="fa fa-caret-down"></i></small></h3>
+          <h3 class="brand-text text-light mb-0"><?php echo htmlentities($session_company_name); ?> <small><i class="fa fa-caret-down"></i></small></h3>
         </a>
 
         <ul class="dropdown-menu">
@@ -48,7 +48,7 @@
 
       <form class="form-inline mb-3" action="global_search.php">
         <div class="input-group">
-          <input class="form-control form-control-sidebar" type="search" placeholder="Search" name="query" value="<?php if(isset($_GET['query'])){ echo strip_tags($_GET['query']); } ?>">
+          <input class="form-control form-control-sidebar" type="search" placeholder="Search" name="query" value="<?php if(isset($_GET['query'])){ echo htmlentities($_GET['query']); } ?>">
           <div class="input-group-append">
             <button class="btn btn-sidebar" type="submit">
               <i class="fas fa-search"></i>
diff --git a/tickets.php b/tickets.php
index 7d3cf884..e64743be 100644
--- a/tickets.php
+++ b/tickets.php
@@ -12,13 +12,13 @@ if (isset($_GET['p'])) {
 }
 
 if (isset($_GET['q'])) {
-    $q = mysqli_real_escape_string($mysqli, $_GET['q']);
+    $q = strip_tags(mysqli_real_escape_string($mysqli, $_GET['q']));
 } else {
     $q = "";
 }
 
 if (!empty($_GET['sb'])) {
-    $sb = mysqli_real_escape_string($mysqli, $_GET['sb']);
+    $sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb']));
 } else {
     $sb = "ticket_number";
 }
@@ -74,8 +74,8 @@ if (empty($_GET['canned_date'])) {
 }
 
 if ($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])) {
-    $dtf = mysqli_real_escape_string($mysqli, $_GET['dtf']);
-    $dtt = mysqli_real_escape_string($mysqli, $_GET['dtt']);
+    $dtf = strip_tags(mysqli_real_escape_string($mysqli, $_GET['dtf']));
+    $dtt = strip_tags(mysqli_real_escape_string($mysqli, $_GET['dtt']));
 } elseif ($_GET['canned_date'] == "today") {
     $dtf = date('Y-m-d');
     $dtt = date('Y-m-d');
@@ -176,7 +176,7 @@ $user_active_assigned_tickets = $row['total_tickets_assigned'];
                     <div class="col-sm-4">
                         <div class="input-group">
                             <input type="search" class="form-control" name="q" value="<?php if (isset($q)) {
-                                echo htmlentities($q);
+                                echo stripslashes(htmlentities($q));
                             } ?>" placeholder="Search Tickets">
                             <div class="input-group-append">
                                 <button class="btn btn-secondary" type="button" data-toggle="collapse"
@@ -252,13 +252,13 @@ $user_active_assigned_tickets = $row['total_tickets_assigned'];
                         <div class="col-md-2">
                             <div class="form-group">
                                 <label>Date From</label>
-                                <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo $dtf; ?>">
+                                <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
                             </div>
                         </div>
                         <div class="col-md-2">
                             <div class="form-group">
                                 <label>Date To</label>
-                                <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo $dtt; ?>">
+                                <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
                             </div>
                         </div>
                         <div class="col-md-2">
@@ -386,7 +386,7 @@ $user_active_assigned_tickets = $row['total_tickets_assigned'];
                                 $ticket_assigned_to_display = "<p class='text-danger'>Not Assigned</p>";
                             }
                         } else {
-                            $ticket_assigned_to_display = $row['user_name'];
+                            $ticket_assigned_to_display = htmlentities($row['user_name']);
                         }
 
                         if (empty($contact_name)) {
diff --git a/transfers.php b/transfers.php
index 8f6ca592..68bbe16c 100644
--- a/transfers.php
+++ b/transfers.php
@@ -2,7 +2,7 @@
 
 //Column Sortby Filter
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "transfer_date";
 }
@@ -21,8 +21,8 @@ if(empty($_GET['canned_date'])){
 
 //Date Filter
 if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
-  $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
-  $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
+  $dtf = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtf']));
+  $dtt = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtt']));
 }elseif($_GET['canned_date'] == "today"){
   $dtf = date('Y-m-d');
   $dtt = date('Y-m-d');
@@ -80,7 +80,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Transfers">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Transfers">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -109,13 +109,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
           <div class="col-md-2">
             <div class="form-group">
               <label>Date From</label>
-              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo $dtf; ?>">
+              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
             </div>
           </div>
           <div class="col-md-2">
             <div class="form-group">
               <label>Date To</label>
-              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo $dtt; ?>">
+              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
             </div>
           </div>
         </div>    
diff --git a/trips.php b/trips.php
index b1e6ffc7..36175ec4 100644
--- a/trips.php
+++ b/trips.php
@@ -1,7 +1,7 @@
 <?php include("inc_all.php");
 
   if(!empty($_GET['sb'])){
-    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+    $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
   }else{
     $sb = "trip_date";
   }
@@ -20,8 +20,8 @@
 
   //Date Filter
   if($_GET['canned_date'] == "custom" && !empty($_GET['dtf'])){
-    $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
-    $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
+    $dtf = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtf']));
+    $dtt = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtt']));
   }elseif($_GET['canned_date'] == "today"){
     $dtf = date('Y-m-d');
     $dtt = date('Y-m-d');
@@ -84,7 +84,7 @@
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Trips">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Trips">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -118,13 +118,13 @@
           <div class="col-md-2">
             <div class="form-group">
               <label>Date From</label>
-              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo $dtf; ?>">
+              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
             </div>
           </div>
           <div class="col-md-2">
             <div class="form-group">
               <label>Date To</label>
-              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo $dtt; ?>">
+              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
             </div>
           </div>
         </div>    
diff --git a/users.php b/users.php
index 35022c23..d2f8462a 100644
--- a/users.php
+++ b/users.php
@@ -1,7 +1,7 @@
 <?php include("inc_all_settings.php");
 
   if(!empty($_GET['sb'])){
-    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+    $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
   }else{
     $sb = "user_name";
   }
@@ -29,7 +29,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Users">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Users">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/vendors.php b/vendors.php
index ea885507..a39d6ed8 100644
--- a/vendors.php
+++ b/vendors.php
@@ -1,7 +1,7 @@
 <?php include("inc_all.php");
 
 if(isset($_GET['q'])){
-  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
+  $q = strip_tags(mysqli_real_escape_string($mysqli,$_GET['q']));
   //Phone Numbers
   $phone_query = preg_replace("/[^0-9]/", '',$q);
   if(empty($phone_query)){
@@ -14,15 +14,15 @@ if(isset($_GET['q'])){
 
 //Column Filter
 if(!empty($_GET['sb'])){
-  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  $sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
 }else{
   $sb = "vendor_name";
 }
 
 //Date From and Date To Filter
 if(!empty($_GET['dtf'])){
-  $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
-  $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
+  $dtf = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtf']));
+  $dtt = strip_tags(mysqli_real_escape_string($mysqli,$_GET['dtt']));
 }else{
   $dtf = "0000-00-00";
   $dtt = "9999-00-00";
@@ -56,7 +56,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
       <div class="row">
         <div class="col-sm-4">
           <div class="input-group">
-            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Vendors">
+            <input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes(htmlentities($q));} ?>" placeholder="Search Vendors">
             <div class="input-group-append">
               <button class="btn btn-secondary" type="button" data-toggle="collapse" data-target="#advancedFilter"><i class="fas fa-filter"></i></button>
               <button class="btn btn-primary"><i class="fa fa-search"></i></button>
@@ -69,13 +69,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
           <div class="col-md-2">
             <div class="form-group">
               <label>Date From</label>
-              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo $dtf; ?>">
+              <input type="date" class="form-control" name="dtf" max="2999-12-31" value="<?php echo htmlentities($dtf); ?>">
             </div>
           </div>
           <div class="col-md-2">
             <div class="form-group">
               <label>Date To</label>
-              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo $dtt; ?>">
+              <input type="date" class="form-control" name="dtt" max="2999-12-31" value="<?php echo htmlentities($dtt); ?>">
             </div>
           </div>
         </div>