Escape server http host/uri submitted to database during setup

setup.php

@@ -923,7 +923,7 @@ if(isset($_POST['add_company_settings'])){
   mysqli_query($mysqli,"INSERT INTO companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone = '$phone', company_email = '$email', company_website = '$website', company_locale = '$locale', company_currency = '$currency_code', company_created_at = NOW()");
 
   $company_id = mysqli_insert_id($mysqli);
-  $config_base_url = $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']);
+  $config_base_url = mysqli_real_escape_string($mysqli,$_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']));
 
   mkdir_missing("uploads/clients/$company_id");
   file_put_contents("uploads/clients/$company_id/index.php", "");