diff --git a/api/v1/clients/client_model.php b/api/v1/clients/client_model.php
index 42321016..4ab7a9c7 100644
--- a/api/v1/clients/client_model.php
+++ b/api/v1/clients/client_model.php
@@ -5,7 +5,7 @@
if (isset($_POST['client_name'])) {
$name = sanitizeInput($_POST['client_name']);
} elseif ($client_row) {
- $name = $client_row['client_name'];
+ $name = mysqli_real_escape_string($mysqli, $client_row['client_name']);
} else {
$name = '';
}
@@ -13,7 +13,7 @@ if (isset($_POST['client_name'])) {
if (isset($_POST['client_type'])) {
$type = sanitizeInput($_POST['client_type']);
} elseif ($client_row) {
- $type = $client_row['client_type'];
+ $type = mysqli_real_escape_string($mysqli, $client_row['client_type']);
} else {
$type = '';
}
@@ -21,7 +21,7 @@ if (isset($_POST['client_type'])) {
if (isset($_POST['client_website'])) {
$website = preg_replace("(^https?://)", "", sanitizeInput($_POST['client_website']));
} elseif ($client_row) {
- $website = $client_row['client_website'];
+ $website = mysqli_real_escape_string($mysqli, $client_row['client_website']);
} else {
$website = '';
}
@@ -29,7 +29,7 @@ if (isset($_POST['client_website'])) {
if (isset($_POST['client_referral'])) {
$referral = sanitizeInput($_POST['client_referral']);
} elseif ($client_row) {
- $referral = $client_row['client_referral'];
+ $referral = mysqli_real_escape_string($mysqli, $client_row['client_referral']);
} else {
$referral = '';
}
@@ -45,7 +45,7 @@ if (isset($_POST['client_rate'])) {
if (isset($_POST['client_currency_code'])) {
$currency_code = sanitizeInput($_POST['client_currency_code']);
} elseif ($client_row) {
- $currency_code = $client_row['client_currency_code'];
+ $currency_code = mysqli_real_escape_string($mysqli, $client_row['client_currency_code']);
} else {
$currency_code = '';
}
@@ -61,7 +61,7 @@ if (isset($_POST['client_net_terms'])) {
if (isset($_POST['client_tax_id_number'])) {
$tax_id_number = sanitizeInput($_POST['client_tax_id_number']);
} elseif ($client_row) {
- $tax_id_number = $client_row['client_tax_id_number'];
+ $tax_id_number = mysqli_real_escape_string($mysqli, $client_row['client_tax_id_number']);
} else {
$tax_id_number = '';
}
@@ -69,7 +69,7 @@ if (isset($_POST['client_tax_id_number'])) {
if (isset($_POST['client_abbreviation'])) {
$abbreviation = sanitizeInput(substr($_POST['client_abbreviation'], 0, 6));
} elseif ($client_row) {
- $abbreviation = $client_row['client_abbreviation'];
+ $abbreviation = mysqli_real_escape_string($mysqli, $client_row['client_abbreviation']);
} else {
$abbreviation = '';
}
@@ -85,7 +85,7 @@ if (isset($_POST['client_is_lead'])) {
if (isset($_POST['client_notes'])) {
$notes = sanitizeInput($_POST['client_notes']);
} elseif ($client_row) {
- $notes = $client_row['client_notes'];
+ $notes = mysqli_real_escape_string($mysqli, $client_row['client_notes']);
} else {
$notes = '';
}
diff --git a/api/v1/contacts/contact_model.php b/api/v1/contacts/contact_model.php
index dbac6bda..e92f4246 100644
--- a/api/v1/contacts/contact_model.php
+++ b/api/v1/contacts/contact_model.php
@@ -5,7 +5,7 @@ define('number_regex', '/[^0-9]/');
if (isset($_POST['contact_name'])) {
$name = sanitizeInput($_POST['contact_name']);
} elseif ($contact_row) {
- $name = $contact_row['contact_name'];
+ $name = mysqli_real_escape_string($mysqli, $contact_row['contact_name']);
} else {
$name = '';
}
@@ -13,7 +13,7 @@ if (isset($_POST['contact_name'])) {
if (isset($_POST['contact_title'])) {
$title = sanitizeInput($_POST['contact_title']);
} elseif ($contact_row) {
- $title = $contact_row['contact_title'];
+ $title = mysqli_real_escape_string($mysqli, $contact_row['contact_title']);
} else {
$title = '';
}
@@ -21,7 +21,7 @@ if (isset($_POST['contact_title'])) {
if (isset($_POST['contact_department'])) {
$department = sanitizeInput($_POST['contact_department']);
} elseif ($contact_row) {
- $department = $contact_row['contact_department'];
+ $department = mysqli_real_escape_string($mysqli, $contact_row['contact_department']);
} else {
$department = '';
}
@@ -29,7 +29,7 @@ if (isset($_POST['contact_department'])) {
if (isset($_POST['contact_email'])) {
$email = sanitizeInput($_POST['contact_email']);
} elseif ($contact_row) {
- $email = $contact_row['contact_email'];
+ $email = mysqli_real_escape_string($mysqli, $contact_row['contact_email']);
} else {
$email = '';
}
@@ -37,7 +37,7 @@ if (isset($_POST['contact_email'])) {
if (isset($_POST['contact_phone'])) {
$phone = preg_replace(number_regex, '', $_POST['contact_phone']);
} elseif ($contact_row) {
- $phone = $contact_row['contact_phone'];
+ $phone = mysqli_real_escape_string($mysqli, $contact_row['contact_phone']);
} else {
$phone = '';
}
@@ -45,7 +45,7 @@ if (isset($_POST['contact_phone'])) {
if (isset($_POST['contact_extension'])) {
$extension = preg_replace(number_regex, '', $_POST['contact_extension']);
} elseif ($contact_row) {
- $extension = $contact_row['contact_extension'];
+ $extension = mysqli_real_escape_string($mysqli, $contact_row['contact_extension']);
} else {
$extension = '';
}
@@ -53,7 +53,7 @@ if (isset($_POST['contact_extension'])) {
if (isset($_POST['contact_mobile'])) {
$mobile = preg_replace(number_regex, '', $_POST['contact_mobile']);
} elseif ($contact_row) {
- $mobile = $contact_row['contact_mobile'];
+ $mobile = mysqli_real_escape_string($mysqli, $contact_row['contact_mobile']);
} else {
$mobile = '';
}
@@ -61,7 +61,7 @@ if (isset($_POST['contact_mobile'])) {
if (isset($_POST['contact_notes'])) {
$notes = sanitizeInput($_POST['contact_notes']);
} elseif ($contact_row) {
- $notes = $contact_row['contact_notes'];
+ $notes = mysqli_real_escape_string($mysqli, $contact_row['contact_notes']);
} else {
$notes = '';
}
diff --git a/api/v1/credentials/credential_model.php b/api/v1/credentials/credential_model.php
index ac2faf5f..f4243082 100644
--- a/api/v1/credentials/credential_model.php
+++ b/api/v1/credentials/credential_model.php
@@ -11,7 +11,7 @@ if (isset($_POST['api_key_decrypt_password'])) {
if (isset($_POST['credential_name'])) {
$name = sanitizeInput($_POST['credential_name']);
} elseif (isset($credential_row) && isset($credential_row['credential_name'])) {
- $name = $credential_row['credential_name'];
+ $name = mysqli_real_escape_string($mysqli, $credential_row['credential_name']);
} else {
$name = '';
}
@@ -19,7 +19,7 @@ if (isset($_POST['credential_name'])) {
if (isset($_POST['credential_description'])) {
$description = sanitizeInput($_POST['credential_description']);
} elseif (isset($credential_row) && isset($credential_row['credential_description'])) {
- $description = $credential_row['credential_description'];
+ $description = mysqli_real_escape_string($mysqli, $credential_row['credential_description']);
} else {
$description = '';
}
@@ -27,7 +27,7 @@ if (isset($_POST['credential_description'])) {
if (isset($_POST['credential_uri'])) {
$uri = sanitizeInput($_POST['credential_uri']);
} elseif (isset($credential_row) && isset($credential_row['credential_uri'])) {
- $uri = $credential_row['credential_uri'];
+ $uri = mysqli_real_escape_string($mysqli, $credential_row['credential_uri']);
} else {
$uri = '';
}
@@ -35,7 +35,7 @@ if (isset($_POST['credential_uri'])) {
if (isset($_POST['credential_uri_2'])) {
$uri_2 = sanitizeInput($_POST['credential_uri_2']);
} elseif (isset($credential_row) && isset($credential_row['credential_uri_2'])) {
- $uri_2 = $credential_row['credential_uri_2'];
+ $uri_2 = mysqli_real_escape_string($mysqli, $credential_row['credential_uri_2']);
} else {
$uri_2 = '';
}
@@ -66,7 +66,7 @@ if (isset($_POST['credential_password'])) {
if (isset($_POST['credential_otp_secret'])) {
$otp_secret = sanitizeInput($_POST['credential_otp_secret']);
} elseif (isset($credential_row) && isset($credential_row['credential_otp_secret'])) {
- $otp_secret = $credential_row['credential_otp_secret'];
+ $otp_secret = mysqli_real_escape_string($mysqli, $credential_row['credential_otp_secret']);
} else {
$otp_secret = '';
}
@@ -74,7 +74,7 @@ if (isset($_POST['credential_otp_secret'])) {
if (isset($_POST['credential_note'])) {
$note = sanitizeInput($_POST['credential_note']);
} elseif (isset($credential_row) && isset($credential_row['credential_note'])) {
- $note = $credential_row['credential_note'];
+ $note = mysqli_real_escape_string($mysqli, $credential_row['credential_note']);
} else {
$note = '';
}
diff --git a/api/v1/documents/document_model.php b/api/v1/documents/document_model.php
index 75a93d56..47d5962f 100644
--- a/api/v1/documents/document_model.php
+++ b/api/v1/documents/document_model.php
@@ -4,7 +4,7 @@
if (isset($_POST['document_name'])) {
$name = sanitizeInput($_POST['document_name']);
} elseif (isset($document_row) && isset($document_row['document_name'])) {
- $name = $document_row['document_name'];
+ $name = mysqli_real_escape_string($mysqli, $document_row['document_name']);
} else {
$name = '';
}
@@ -12,7 +12,7 @@ if (isset($_POST['document_name'])) {
if (isset($_POST['document_description'])) {
$description = sanitizeInput($_POST['document_description']);
} elseif (isset($document_row) && isset($document_row['document_description'])) {
- $description = $document_row['document_description'];
+ $description = mysqli_real_escape_string($mysqli, $document_row['document_description']);
} else {
$description = '';
}
@@ -20,7 +20,7 @@ if (isset($_POST['document_description'])) {
if (isset($_POST['document_content'])) {
$content = mysqli_real_escape_string($mysqli, $_POST['document_content']);
} elseif (isset($document_row) && isset($document_row['document_content'])) {
- $content = $document_row['document_content'];
+ $content = mysqli_real_escape_string($mysqli, $document_row['document_content']);
} else {
$content = '';
}
@@ -29,7 +29,7 @@ if (isset($_POST['document_content'])) {
if (isset($_POST['document_content'])) {
$content_raw = sanitizeInput($_POST['document_name'] . $_POST['document_description'] . " " . str_replace("<", " <", $_POST['document_content']));
} elseif (isset($document_row) && isset($document_row['document_content_raw'])) {
- $content_raw = $document_row['document_content_raw'];
+ $content_raw = mysqli_real_escape_string($mysqli, $document_row['document_content_raw']);
} else {
$content_raw = '';
}
diff --git a/api/v1/locations/location_model.php b/api/v1/locations/location_model.php
index 6f031a79..b177a4e5 100644
--- a/api/v1/locations/location_model.php
+++ b/api/v1/locations/location_model.php
@@ -5,7 +5,7 @@
if (isset($_POST['location_name'])) {
$name = sanitizeInput($_POST['location_name']);
} elseif ($location_row) {
- $name = $location_row['location_name'];
+ $name = mysqli_real_escape_string($mysqli, $location_row['location_name']);
} else {
$name = '';
}
@@ -13,7 +13,7 @@ if (isset($_POST['location_name'])) {
if (isset($_POST['location_description'])) {
$description = sanitizeInput($_POST['location_description']);
} elseif ($location_row) {
- $description = $location_row['location_description'];
+ $description = mysqli_real_escape_string($mysqli, $location_row['location_description']);
} else {
$description = '';
}
@@ -21,7 +21,7 @@ if (isset($_POST['location_description'])) {
if (isset($_POST['location_country'])) {
$country = sanitizeInput($_POST['location_country']);
} elseif ($location_row) {
- $country = $location_row['location_country'];
+ $country = mysqli_real_escape_string($mysqli, $location_row['location_country']);
} else {
$country = '';
}
@@ -29,7 +29,7 @@ if (isset($_POST['location_country'])) {
if (isset($_POST['location_address'])) {
$address = sanitizeInput($_POST['location_address']);
} elseif ($location_row) {
- $address = $location_row['location_address'];
+ $address = mysqli_real_escape_string($mysqli, $location_row['location_address']);
} else {
$address = '';
}
@@ -37,7 +37,7 @@ if (isset($_POST['location_address'])) {
if (isset($_POST['location_city'])) {
$city = sanitizeInput($_POST['location_city']);
} elseif ($location_row) {
- $city = $location_row['location_city'];
+ $city = mysqli_real_escape_string($mysqli, $location_row['location_city']);
} else {
$city = '';
}
@@ -45,7 +45,7 @@ if (isset($_POST['location_city'])) {
if (isset($_POST['location_state'])) {
$state = sanitizeInput($_POST['location_state']);
} elseif ($location_row) {
- $state = $location_row['location_state'];
+ $state = mysqli_real_escape_string($mysqli, $location_row['location_state']);
} else {
$state = '';
}
@@ -53,7 +53,7 @@ if (isset($_POST['location_state'])) {
if (isset($_POST['location_zip'])) {
$zip = sanitizeInput($_POST['location_zip']);
} elseif ($location_row) {
- $zip = $location_row['location_zip'];
+ $zip = mysqli_real_escape_string($mysqli, $location_row['location_zip']);
} else {
$zip = '';
}
@@ -61,7 +61,7 @@ if (isset($_POST['location_zip'])) {
if (isset($_POST['location_hours'])) {
$hours = sanitizeInput($_POST['location_hours']);
} elseif ($location_row) {
- $hours = $location_row['location_hours'];
+ $hours = mysqli_real_escape_string($mysqli, $location_row['location_hours']);
} else {
$hours = '';
}
@@ -69,7 +69,7 @@ if (isset($_POST['location_hours'])) {
if (isset($_POST['location_notes'])) {
$notes = sanitizeInput($_POST['location_notes']);
} elseif ($location_row) {
- $notes = $location_row['location_notes'];
+ $notes = mysqli_real_escape_string($mysqli, $location_row['location_notes']);
} else {
$notes = '';
}
diff --git a/api/v1/tickets/ticket_model.php b/api/v1/tickets/ticket_model.php
index 633e6905..d6bd2c5d 100644
--- a/api/v1/tickets/ticket_model.php
+++ b/api/v1/tickets/ticket_model.php
@@ -21,7 +21,7 @@ if (isset($_POST['ticket_asset_id'])) {
if (isset($_POST['ticket_subject'])) {
$subject = sanitizeInput($_POST['ticket_subject']);
} elseif ($ticket_row) {
- $subject = $ticket_row['ticket_subject'];
+ $subject = mysqli_real_escape_string($mysqli, $ticket_row['ticket_subject']);
} else {
$subject = '';
}
@@ -30,16 +30,16 @@ if (isset($_POST['ticket_subject'])) {
if (isset($_POST['ticket_priority'])) {
$priority = sanitizeInput($_POST['ticket_priority']);
} elseif ($ticket_row) {
- $priority = $ticket_row['ticket_priority'];
+ $priority = mysqli_real_escape_string($mysqli, $ticket_row['ticket_priority']);
} else {
$priority = 'Low';
}
if (isset($_POST['ticket_details'])) {
- $details = mysqli_escape_string($mysqli, $_POST['ticket_details'] . "
");
+ $details = mysqli_real_escape_string($mysqli, $_POST['ticket_details'] . "
");
} elseif ($ticket_row) {
- $details = $ticket_row['ticket_details'];
+ $details = mysqli_real_escape_string($mysqli, $ticket_row['ticket_details']);
} else {
$details = '< blank >
';
}