mirror of
https://github.com/itflow-org/itflow
synced 2026-02-28 02:44:53 +00:00
Do not htmlentities client name into notifications
This commit is contained in:
@@ -77,7 +77,9 @@ if(isset($_GET['quote_id'], $_GET['url_key'])){
|
||||
//Mark viewed in history
|
||||
mysqli_query($mysqli,"INSERT INTO history SET history_status = '$quote_status', history_description = 'Quote viewed - $ip - $os - $browser - $device', history_created_at = NOW(), history_quote_id = $quote_id, company_id = $company_id");
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name - $ip - $os - $browser - $device', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
|
||||
//Prevent SQL Error if client_name has ' in their name example Bill's Market
|
||||
$client_name_escaped = mysqli_escape_string($mysqli,$row['client_name']);
|
||||
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Quote Viewed', notification = 'Quote $quote_prefix$quote_number has been viewed by $client_name_escaped - $ip - $os - $browser - $device', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
|
||||
|
||||
?>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user