Fixed a SQL injection could only work if you had a login thanks disclosure5 for pointing this out from reddit/r/msp

logs.php

@@ -135,7 +135,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
     </form>
     <hr>
     <div class="table-responsive">
-      <table class="table table-striped table-borderless table-hover">
+      <table class="table table-sm table-striped table-borderless table-hover">
         <thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
           <tr>
             <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=log_created_at&o=<?php echo $disp; ?>">Timestamp</a></th>

post.php

@@ -251,7 +251,7 @@ if(isset($_POST['edit_profile'])){
 if(isset($_POST['edit_user_companies'])){
 
     $user_id = intval($_POST['user_id']);
-    $companies = $_POST['companies'];
+    $companies = mysqli_real_escape_string($_POST['companies']);
     
     //Turn the Array into a string with , seperation
     $companies_imploded = implode(",",$companies);
@@ -270,7 +270,7 @@ if(isset($_POST['edit_user_companies'])){
 if(isset($_POST['edit_user_clients'])){
 
     $user_id = intval($_POST['user_id']);
-    $clients = $_POST['clients'];
+    $clients = mysqli_real_escape_string($_POST['clients']);
     
     //Turn the Array into a string with , seperation
     $clients_imploded = implode(",",$clients);