diff --git a/accounts.php b/accounts.php
index 6bf648fb..3d44cb85 100644
--- a/accounts.php
+++ b/accounts.php
@@ -15,13 +15,13 @@
   }
     
   if(isset($_GET['q'])){
-    $q = $_GET['q'];
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
   }else{
     $q = "";
   }
 
   if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
   }else{
     $sb = "account_id";
   }
@@ -57,7 +57,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Accounts">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Accounts">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/categories.php b/categories.php
index e454c1a0..8783cce9 100644
--- a/categories.php
+++ b/categories.php
@@ -15,13 +15,13 @@
   }
     
   if(isset($_GET['q'])){
-    $q = $_GET['q'];
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
   }else{
     $q = "";
   }
 
   if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
   }else{
     $sb = "category_type";
   }
@@ -56,7 +56,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Categories">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Categories">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/client_assets.php b/client_assets.php
index 227fa4c0..1b72d9e6 100644
--- a/client_assets.php
+++ b/client_assets.php
@@ -15,13 +15,13 @@ if(isset($_GET['p'])){
 }
   
 if(isset($_GET['q'])){
-  $q = $_GET['q'];
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
 }else{
   $q = "";
 }
 
 if(!empty($_GET['sb'])){
-  $sb = $_GET['sb'];
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
   $sb = "asset_type";
 }
@@ -60,7 +60,7 @@ $total_pages = ceil($total_found_rows / 10);
       <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
       <input type="hidden" name="tab" value="<?php echo $_GET['tab']; ?>">
       <div class="input-group">
-        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
+        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
         <div class="input-group-append">
           <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/client_contacts.php b/client_contacts.php
index a75c5261..9895c6d7 100644
--- a/client_contacts.php
+++ b/client_contacts.php
@@ -15,13 +15,13 @@ if(isset($_GET['p'])){
 }
   
 if(isset($_GET['q'])){
-  $q = $_GET['q'];
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
 }else{
   $q = "";
 }
 
 if(!empty($_GET['sb'])){
-  $sb = $_GET['sb'];
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
   $sb = "contact_name";
 }
@@ -58,7 +58,7 @@ $total_pages = ceil($total_found_rows / 10);
       <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
       <input type="hidden" name="tab" value="<?php echo $_GET['tab']; ?>">
       <div class="input-group">
-        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
+        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
         <div class="input-group-append">
           <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/client_domains.php b/client_domains.php
index 82d973a7..b6b0eac6 100644
--- a/client_domains.php
+++ b/client_domains.php
@@ -15,13 +15,13 @@ if(isset($_GET['p'])){
 }
   
 if(isset($_GET['q'])){
-  $q = $_GET['q'];
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
 }else{
   $q = "";
 }
 
 if(!empty($_GET['sb'])){
-  $sb = $_GET['sb'];
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
   $sb = "domain_id";
 }
@@ -59,7 +59,7 @@ $total_pages = ceil($total_found_rows / 10);
       <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
       <input type="hidden" name="tab" value="<?php echo $_GET['tab']; ?>">
       <div class="input-group">
-        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
+        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
         <div class="input-group-append">
           <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/client_invoices.php b/client_invoices.php
index 3a80aa13..c996886c 100644
--- a/client_invoices.php
+++ b/client_invoices.php
@@ -15,13 +15,13 @@ if(isset($_GET['p'])){
 }
   
 if(isset($_GET['q'])){
-  $q = $_GET['q'];
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
 }else{
   $q = "";
 }
 
 if(!empty($_GET['sb'])){
-  $sb = $_GET['sb'];
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
   $sb = "invoice_id";
 }
@@ -61,7 +61,7 @@ $total_pages = ceil($total_found_rows / 10);
       <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
       <input type="hidden" name="tab" value="<?php echo $_GET['tab']; ?>">
       <div class="input-group">
-        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
+        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
         <div class="input-group-append">
           <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/client_locations.php b/client_locations.php
index f4c0e01e..a2d3849a 100644
--- a/client_locations.php
+++ b/client_locations.php
@@ -15,13 +15,13 @@ if(isset($_GET['p'])){
 }
   
 if(isset($_GET['q'])){
-  $q = $_GET['q'];
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
 }else{
   $q = "";
 }
 
 if(!empty($_GET['sb'])){
-  $sb = $_GET['sb'];
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
   $sb = "location_name";
 }
@@ -60,7 +60,7 @@ $total_pages = ceil($total_found_rows / 10);
       <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
       <input type="hidden" name="tab" value="<?php echo $_GET['tab']; ?>">
       <div class="input-group">
-        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
+        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
         <div class="input-group-append">
           <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/client_logins.php b/client_logins.php
index 7504b153..a44d10e7 100644
--- a/client_logins.php
+++ b/client_logins.php
@@ -15,13 +15,13 @@ if(isset($_GET['p'])){
 }
   
 if(isset($_GET['q'])){
-  $q = $_GET['q'];
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
 }else{
   $q = "";
 }
 
 if(!empty($_GET['sb'])){
-  $sb = $_GET['sb'];
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
   $sb = "login_id";
 }
@@ -61,7 +61,7 @@ $total_pages = ceil($total_found_rows / 10);
       <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
       <input type="hidden" name="tab" value="<?php echo $_GET['tab']; ?>">
       <div class="input-group">
-        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
+        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
         <div class="input-group-append">
           <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/client_networks.php b/client_networks.php
index ba2718d1..f9384f02 100644
--- a/client_networks.php
+++ b/client_networks.php
@@ -15,13 +15,13 @@ if(isset($_GET['p'])){
 }
   
 if(isset($_GET['q'])){
-  $q = $_GET['q'];
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
 }else{
   $q = "";
 }
 
 if(!empty($_GET['sb'])){
-  $sb = $_GET['sb'];
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
   $sb = "network_id";
 }
@@ -60,7 +60,7 @@ $total_pages = ceil($total_found_rows / 10);
       <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
       <input type="hidden" name="tab" value="<?php echo $_GET['tab']; ?>">
       <div class="input-group">
-        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
+        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
         <div class="input-group-append">
           <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/client_payments.php b/client_payments.php
index cbdd5cdf..bda86bea 100644
--- a/client_payments.php
+++ b/client_payments.php
@@ -15,13 +15,13 @@ if(isset($_GET['p'])){
 }
   
 if(isset($_GET['q'])){
-  $q = $_GET['q'];
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
 }else{
   $q = "";
 }
 
 if(!empty($_GET['sb'])){
-  $sb = $_GET['sb'];
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
   $sb = "payment_id";
 }
@@ -62,7 +62,7 @@ $total_pages = ceil($total_found_rows / 10);
       <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
       <input type="hidden" name="tab" value="<?php echo $_GET['tab']; ?>">
       <div class="input-group">
-        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
+        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
         <div class="input-group-append">
           <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/client_quotes.php b/client_quotes.php
index f1d382f7..5815f736 100644
--- a/client_quotes.php
+++ b/client_quotes.php
@@ -15,13 +15,13 @@ if(isset($_GET['p'])){
 }
   
 if(isset($_GET['q'])){
-  $q = $_GET['q'];
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
 }else{
   $q = "";
 }
 
 if(!empty($_GET['sb'])){
-  $sb = $_GET['sb'];
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
   $sb = "quote_id";
 }
@@ -61,7 +61,7 @@ $total_pages = ceil($total_found_rows / 10);
       <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
       <input type="hidden" name="tab" value="<?php echo $_GET['tab']; ?>">
       <div class="input-group">
-        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
+        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
         <div class="input-group-append">
           <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/client_recurring.php b/client_recurring.php
index 90f30d8a..dc307444 100644
--- a/client_recurring.php
+++ b/client_recurring.php
@@ -15,13 +15,13 @@ if(isset($_GET['p'])){
 }
   
 if(isset($_GET['q'])){
-  $q = $_GET['q'];
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
 }else{
   $q = "";
 }
 
 if(!empty($_GET['sb'])){
-  $sb = $_GET['sb'];
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
   $sb = "recurring_id";
 }
@@ -61,7 +61,7 @@ $total_pages = ceil($total_found_rows / 10);
       <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
       <input type="hidden" name="tab" value="<?php echo $_GET['tab']; ?>">
       <div class="input-group">
-        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
+        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
         <div class="input-group-append">
           <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/client_software.php b/client_software.php
index 318a9184..d291cec3 100644
--- a/client_software.php
+++ b/client_software.php
@@ -15,13 +15,13 @@ if(isset($_GET['p'])){
 }
   
 if(isset($_GET['q'])){
-  $q = $_GET['q'];
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
 }else{
   $q = "";
 }
 
 if(!empty($_GET['sb'])){
-  $sb = $_GET['sb'];
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
   $sb = "software_id";
 }
@@ -60,7 +60,7 @@ $total_pages = ceil($total_found_rows / 10);
       <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
       <input type="hidden" name="tab" value="<?php echo $_GET['tab']; ?>">
       <div class="input-group">
-        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
+        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
         <div class="input-group-append">
           <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/client_tickets.php b/client_tickets.php
index 741dba3c..e62749e0 100644
--- a/client_tickets.php
+++ b/client_tickets.php
@@ -15,13 +15,13 @@ if(isset($_GET['p'])){
 }
   
 if(isset($_GET['q'])){
-  $q = $_GET['q'];
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
 }else{
   $q = "";
 }
 
 if(!empty($_GET['sb'])){
-  $sb = $_GET['sb'];
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
   $sb = "ticket_id";
 }
@@ -60,7 +60,7 @@ $total_pages = ceil($total_found_rows / 10);
       <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
       <input type="hidden" name="tab" value="<?php echo $_GET['tab']; ?>">
       <div class="input-group">
-        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
+        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
         <div class="input-group-append">
           <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/client_vendors.php b/client_vendors.php
index 2bb581ea..475d2f94 100644
--- a/client_vendors.php
+++ b/client_vendors.php
@@ -15,13 +15,13 @@ if(isset($_GET['p'])){
 }
   
 if(isset($_GET['q'])){
-  $q = $_GET['q'];
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
 }else{
   $q = "";
 }
 
 if(!empty($_GET['sb'])){
-  $sb = $_GET['sb'];
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
   $sb = "vendor_id";
 }
@@ -60,7 +60,7 @@ $total_pages = ceil($total_found_rows / 10);
       <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
       <input type="hidden" name="tab" value="<?php echo $_GET['tab']; ?>">
       <div class="input-group">
-        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
+        <input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
         <div class="input-group-append">
           <button class="btn btn-secondary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/clients.php b/clients.php
index d7d823b2..93fff5c7 100644
--- a/clients.php
+++ b/clients.php
@@ -15,13 +15,13 @@ if(isset($_GET['p'])){
 }
   
 if(isset($_GET['q'])){
-  $q = $_GET['q'];
+  $q = mysqli_real_escape_string($mysqli,$_GET['q']);
 }else{
   $q = "";
 }
 
 if(!empty($_GET['sb'])){
-  $sb = $_GET['sb'];
+  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
   $sb = "client_id";
 }
@@ -55,7 +55,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Clients">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Clients">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/companies.php b/companies.php
index 9e09815f..0611ec27 100644
--- a/companies.php
+++ b/companies.php
@@ -15,13 +15,13 @@
   }
     
   if(isset($_GET['q'])){
-    $q = $_GET['q'];
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
   }else{
     $q = "";
   }
 
   if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
   }else{
     $sb = "companies.company_id";
   }
@@ -59,7 +59,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Companies">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Companies">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/expenses.php b/expenses.php
index c007e59b..45b89034 100644
--- a/expenses.php
+++ b/expenses.php
@@ -15,13 +15,13 @@
   }
     
   if(isset($_GET['q'])){
-    $q = $_GET['q'];
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
   }else{
     $q = "";
   }
 
   if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
   }else{
     $sb = "expense_date";
   }
@@ -61,7 +61,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Expenses">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Expenses">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/global_search.php b/global_search.php
index efb99573..86ad6405 100644
--- a/global_search.php
+++ b/global_search.php
@@ -4,7 +4,7 @@
 
 if(isset($_GET['query'])){
 
-  $query = $_GET['query'];
+  $query = mysqli_real_escape_string($mysqli,$_GET['query']);
 
   $sql_clients = mysqli_query($mysqli,"SELECT * FROM clients WHERE client_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY client_id DESC LIMIT 5");
   $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY vendor_id DESC LIMIT 5");
diff --git a/invoices.php b/invoices.php
index d452d5ff..43c9406b 100644
--- a/invoices.php
+++ b/invoices.php
@@ -59,13 +59,13 @@
   }
     
   if(isset($_GET['q'])){
-    $q = $_GET['q'];
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
   }else{
     $q = "";
   }
 
   if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
   }else{
     $sb = "invoice_id";
   }
@@ -150,7 +150,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Invoices">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Invoices">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/payments.php b/payments.php
index e2a3bd73..814954c3 100644
--- a/payments.php
+++ b/payments.php
@@ -15,13 +15,13 @@
   }
     
   if(isset($_GET['q'])){
-    $q = $_GET['q'];
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
   }else{
     $q = "";
   }
 
   if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
   }else{
     $sb = "payment_id";
   }
@@ -60,7 +60,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Payments">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Payments">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/post.php b/post.php
index 87e51fd1..05af1835 100644
--- a/post.php
+++ b/post.php
@@ -1168,6 +1168,9 @@ if(isset($_POST['add_quote_to_invoice'])){
     $client_id = $row['client_id'];
     $category_id = $row['category_id'];
 
+    //Generate a unique URL key for clients to access
+    $url_key = keygen();
+
     mysqli_query($mysqli,"INSERT INTO invoices SET invoice_number = '$invoice_number', invoice_date = '$date', invoice_due = DATE_ADD(CURDATE(), INTERVAL $client_net_terms day), category_id = $category_id, invoice_status = 'Draft', invoice_amount = '$quote_amount', invoice_note = '$quote_note', invoice_created_at = NOW(), client_id = $client_id, company_id = $session_company_id");
 
     $new_invoice_id = mysqli_insert_id($mysqli);
diff --git a/products.php b/products.php
index 31d434b6..19bc901d 100644
--- a/products.php
+++ b/products.php
@@ -15,13 +15,13 @@
   }
     
   if(isset($_GET['q'])){
-    $q = $_GET['q'];
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
   }else{
     $q = "";
   }
 
   if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
   }else{
     $sb = "product_name";
   }
@@ -56,7 +56,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Products">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Products">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/quotes.php b/quotes.php
index 200011a9..adba4923 100644
--- a/quotes.php
+++ b/quotes.php
@@ -15,13 +15,13 @@
   }
     
   if(isset($_GET['q'])){
-    $q = $_GET['q'];
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
   }else{
     $q = "";
   }
 
   if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
   }else{
     $sb = "quote_number";
   }
@@ -60,7 +60,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Quotes">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Quotes">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/recurring.php b/recurring.php
index f1d26787..0b90fe2e 100644
--- a/recurring.php
+++ b/recurring.php
@@ -15,13 +15,13 @@
   }
     
   if(isset($_GET['q'])){
-    $q = $_GET['q'];
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
   }else{
     $q = "";
   }
 
   if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
   }else{
     $sb = "recurring_id";
   }
@@ -60,7 +60,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Recurring Invoices">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Recurring Invoices">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/revenues.php b/revenues.php
index 39abb1ed..38667efb 100644
--- a/revenues.php
+++ b/revenues.php
@@ -15,13 +15,13 @@
   }
     
   if(isset($_GET['q'])){
-    $q = $_GET['q'];
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
   }else{
     $q = "";
   }
 
   if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
   }else{
     $sb = "revenue_id";
   }
@@ -60,7 +60,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Revenues">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Revenues">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/setup.php b/setup.php
index ad06c997..0582e778 100644
--- a/setup.php
+++ b/setup.php
@@ -297,6 +297,23 @@ if(isset($_POST['add_company_settings'])){
           $_SESSION['alert_message'] = '';
         }
         ?>
+        <?php if(isset($_GET['setup_checks'])){ ?>
+
+        <div class="card mb-3">
+          <div class="card-header">
+            <h6 class="mt-1"><i class="fa fa-fw fa-checkmark"></i> Setup Checks</h6>
+          </div>
+          <div class="card-body">
+            <ul class="mb-4">
+              <li>Upload is readable and writeable</li>
+              <li>PHP 7+ Installed</li>
+            </ul>
+            <center><a href="?database" class="btn btn-lg btn-primary mb-5">Install</a></center>
+          </div>
+        </div>
+
+        <?php } ?>
+
 
         <?php if(isset($_GET['database'])){ ?>
 
diff --git a/tickets.php b/tickets.php
index 58d58f2f..6e72739e 100644
--- a/tickets.php
+++ b/tickets.php
@@ -15,13 +15,13 @@
   }
     
   if(isset($_GET['q'])){
-    $q = $_GET['q'];
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
   }else{
     $q = "";
   }
 
   if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
   }else{
     $sb = "ticket_id";
   }
@@ -59,7 +59,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Tickets">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Tickets">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/transfers.php b/transfers.php
index 3d2ac77f..bb113e05 100644
--- a/transfers.php
+++ b/transfers.php
@@ -15,13 +15,13 @@
   }
     
   if(isset($_GET['q'])){
-    $q = $_GET['q'];
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
   }else{
     $q = "";
   }
 
   if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
   }else{
     $sb = "transfer_date";
   }
@@ -56,7 +56,7 @@ $total_pages = ceil($total_found_rows / 10);
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Transfers">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Transfers">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/trips.php b/trips.php
index e0e5fd1f..a91837cd 100644
--- a/trips.php
+++ b/trips.php
@@ -15,13 +15,13 @@
   }
     
   if(isset($_GET['q'])){
-    $q = $_GET['q'];
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
   }else{
     $q = "";
   }
 
   if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
   }else{
     $sb = "trip_id";
   }
@@ -58,7 +58,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Trips">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Trips">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/users.php b/users.php
index a6eeb23d..6c748982 100644
--- a/users.php
+++ b/users.php
@@ -15,13 +15,13 @@
   }
     
   if(isset($_GET['q'])){
-    $q = $_GET['q'];
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
   }else{
     $q = "";
   }
 
   if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
   }else{
     $sb = "user_id";
   }
@@ -58,7 +58,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Users">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Users">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>
diff --git a/vendors.php b/vendors.php
index d99a0226..759e4225 100644
--- a/vendors.php
+++ b/vendors.php
@@ -15,13 +15,13 @@
   }
     
   if(isset($_GET['q'])){
-    $q = $_GET['q'];
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
   }else{
     $q = "";
   }
 
   if(!empty($_GET['sb'])){
-    $sb = $_GET['sb'];
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
   }else{
     $sb = "vendor_name";
   }
@@ -57,7 +57,7 @@
   <div class="card-body">
     <form autocomplete="off">
       <div class="input-group">
-        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search Invoices">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Invoices">
         <div class="input-group-append">
           <button class="btn btn-primary"><i class="fa fa-search"></i></button>
         </div>