- Prevent error 500s when existing data can't be cleanly re-inserted to database

api/v1/documents/document_model.php

@@ -4,7 +4,7 @@
 if (isset($_POST['document_name'])) {
     $name = sanitizeInput($_POST['document_name']);
 } elseif (isset($document_row) && isset($document_row['document_name'])) {
-    $name = $document_row['document_name'];
+    $name = mysqli_real_escape_string($mysqli, $document_row['document_name']);
 } else {
     $name = '';
 }
@@ -12,7 +12,7 @@ if (isset($_POST['document_name'])) {
 if (isset($_POST['document_description'])) {
     $description = sanitizeInput($_POST['document_description']);
 } elseif (isset($document_row) && isset($document_row['document_description'])) {
-    $description = $document_row['document_description'];
+    $description = mysqli_real_escape_string($mysqli, $document_row['document_description']);
 } else {
     $description = '';
 }
@@ -20,7 +20,7 @@ if (isset($_POST['document_description'])) {
 if (isset($_POST['document_content'])) {
     $content = mysqli_real_escape_string($mysqli, $_POST['document_content']);
 } elseif (isset($document_row) && isset($document_row['document_content'])) {
-    $content = $document_row['document_content'];
+    $content = mysqli_real_escape_string($mysqli, $document_row['document_content']);
 } else {
     $content = '';
 }
@@ -29,7 +29,7 @@ if (isset($_POST['document_content'])) {
 if (isset($_POST['document_content'])) {
     $content_raw = sanitizeInput($_POST['document_name'] . $_POST['document_description'] . " " . str_replace("<", " <", $_POST['document_content']));
 } elseif (isset($document_row) && isset($document_row['document_content_raw'])) {
-    $content_raw = $document_row['document_content_raw'];
+    $content_raw = mysqli_real_escape_string($mysqli, $document_row['document_content_raw']);
 } else {
     $content_raw = '';
 }