diff --git a/check_login.php b/check_login.php
index f44ff076..cc1f9c65 100644
--- a/check_login.php
+++ b/check_login.php
@@ -30,7 +30,7 @@ $session_user_id = $_SESSION['user_id'];
 
 $sql = mysqli_query($mysqli, "SELECT * FROM users, user_settings WHERE users.user_id = user_settings.user_id AND users.user_id = $session_user_id");
 $row = mysqli_fetch_array($sql);
-$session_name = mysqli_real_escape_string($mysqli, $row['user_name']);
+$session_name = sanitizeInput($row['user_name']);
 $session_email = $row['user_email'];
 $session_avatar = $row['user_avatar'];
 $session_token = $row['user_token'];
diff --git a/clients.php b/clients.php
index cab766cb..4bdfbdbb 100644
--- a/clients.php
+++ b/clients.php
@@ -148,7 +148,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
                             $client_tag_id_array[] = $client_tag_id;
                             if (empty($client_tag_color)) {
-                                $client_tag_name_display_array[] = "<small class='text-secondary'>$client_tag_name</small> ";
+                                $client_tag_name_display_array[] = "<small class='text-secondary'><i class='fa fa-fw fa-$client_tag_icon'></i>$client_tag_name</small> ";
                             } else {
                                 $client_tag_name_display_array[] = "<span class='badge bg-$client_tag_color'><i class='fa fa-fw fa-$client_tag_icon'></i> $client_tag_name</span> ";
                             }
diff --git a/get_settings.php b/get_settings.php
index 97871565..b0269021 100644
--- a/get_settings.php
+++ b/get_settings.php
@@ -58,7 +58,7 @@ $config_ticket_next_number = intval($row['config_ticket_next_number']);
 $config_ticket_from_name = $row['config_ticket_from_name'];
 $config_ticket_from_email = $row['config_ticket_from_email'];
 $config_ticket_email_parse = intval($row['config_ticket_email_parse']);
-$config_ticket_client_general_notifications = $row['config_ticket_client_general_notifications'];
+$config_ticket_client_general_notifications = intval($row['config_ticket_client_general_notifications']);
 
 // Alerts
 $config_enable_cron = intval($row['config_enable_cron']);
diff --git a/guest_header.php b/guest_header.php
index 784108a6..f845c9ca 100644
--- a/guest_header.php
+++ b/guest_header.php
@@ -20,7 +20,7 @@ $browser = sanitizeInput(getWebBrowser($ua));
     <meta http-equiv="x-ua-compatible" content="ie=edge">
     <meta name="robots" content="noindex">
 
-    <title><?php echo $config_app_name; ?></title>
+    <title><?php echo htmlentities($config_app_name); ?></title>
 
     <!-- Font Awesome Icons -->
     <link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css">
diff --git a/guest_view_invoice.php b/guest_view_invoice.php
index 96f8b33d..1f521c01 100644
--- a/guest_view_invoice.php
+++ b/guest_view_invoice.php
@@ -73,8 +73,6 @@ if (!empty($company_logo)) {
 $company_locale = htmlentities($row['company_locale']);
 $config_invoice_footer = htmlentities($row['config_invoice_footer']);
 $config_stripe_enable = intval($row['config_stripe_enable']);
-$config_stripe_publishable = $row['config_stripe_publishable'];
-$config_stripe_secret = $row['config_stripe_secret'];
 
 //Set Currency Format
 $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
diff --git a/guest_view_item.php b/guest_view_item.php
index 2d5297d8..4b55c2b0 100644
--- a/guest_view_item.php
+++ b/guest_view_item.php
@@ -7,7 +7,7 @@ header('Pragma: no-cache');
 require_once("guest_header.php"); ?>
 
     <br>
-    <h1> <?php echo $config_app_name ?> Guest sharing </h1>
+    <h1> <?php echo htmlentities($config_app_name); ?> Guest sharing </h1>
     <hr>
 
 <?php
diff --git a/header.php b/header.php
index 75bb5d1f..c0038be1 100644
--- a/header.php
+++ b/header.php
@@ -15,7 +15,7 @@ header("X-Frame-Options: DENY");
   <meta http-equiv="x-ua-compatible" content="ie=edge">
   <meta name="robots" content="noindex">
 
-  <title><?php echo "$session_company_name | $config_app_name"; ?></title>
+  <title><?php echo htmlentities($session_company_name); ?> | <?php echo htmlentities($config_app_name); ?></title>
 
   <!-- Font Awesome Icons -->
   <link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css">
diff --git a/portal/portal_header.php b/portal/portal_header.php
index e7af2edc..7582dfe9 100644
--- a/portal/portal_header.php
+++ b/portal/portal_header.php
@@ -12,7 +12,7 @@ header("X-Frame-Options: DENY");
 <head>
     <meta charset="utf-8">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <title><?php echo $config_app_name; ?> | Client Portal - Tickets</title>
+    <title><?php echo htmlentities($config_app_name); ?> | Client Portal - Tickets</title>
 
     <!-- Tell the browser to be responsive to screen width -->
     <meta name="viewport" content="width=device-width, initial-scale=1">
@@ -32,7 +32,7 @@ header("X-Frame-Options: DENY");
 
 <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
     <div class="container">
-        <a class="navbar-brand" href="index.php"><?php echo $config_app_name ?></a>
+        <a class="navbar-brand" href="index.php"><?php echo htmlentities($config_app_name); ?></a>
         <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
             <span class="navbar-toggler-icon"></span>
         </button>
@@ -55,7 +55,7 @@ header("X-Frame-Options: DENY");
             <ul class="nav navbar-nav pull-right">
                 <li class="nav-item dropdown">
                     <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown">
-                        <?php echo $session_contact_name ?>
+                        <?php echo htmlentities($session_contact_name); ?>
                     </a>
                     <div class="dropdown-menu" aria-labelledby="navbarDropdown">
                         <a class="dropdown-item" href="profile.php">Profile</a>
diff --git a/settings_api.php b/settings_api.php
index ce7a9585..7e8185c2 100644
--- a/settings_api.php
+++ b/settings_api.php
@@ -31,7 +31,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
         <div class="card-body">
             <form autocomplete="off">
                 <div class="input-group">
-                    <input type="search" class="form-control col-md-4" name="q" value="<?php if (isset($q)) { echo strip_tags(htmlentities($q)); } ?>" placeholder="Search keys">
+                    <input type="search" class="form-control col-md-4" name="q" value="<?php if (isset($q)) { echo stripslashes(htmlentities($q)); } ?>" placeholder="Search keys">
                     <div class="input-group-append">
                         <button class="btn btn-primary"><i class="fa fa-search"></i></button>
                     </div>
diff --git a/user_profile.php b/user_profile.php
index b435ad40..facae218 100644
--- a/user_profile.php
+++ b/user_profile.php
@@ -21,13 +21,13 @@ $sql_recent_logs = mysqli_query($mysqli, "SELECT * FROM logs
 
                 <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
                     <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
-                    <input type="hidden" name="existing_file_name" value="<?php echo $session_avatar; ?>">
+                    <input type="hidden" name="existing_file_name" value="<?php echo htmlentities($session_avatar); ?>">
 
                     <center class="mb-3 px-5">
                         <?php if (empty($session_avatar)) { ?>
                             <i class="fas fa-user-circle fa-8x text-secondary"></i>
                         <?php } else { ?>
-                            <img alt="User avatar" src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>" class="img-fluid">
+                            <img alt="User avatar" src="<?php echo "uploads/users/$session_user_id/" . htmlentities($session_avatar); ?>" class="img-fluid">
                         <?php } ?>
                         <h4 class="text-secondary mt-2"><?php echo htmlentities($session_user_role_display); ?></h4>
                     </center>