Format output for the proper code syntax, this should fix many various issues with output formatting and page breakage

2026-03-10 15:54:51 +00:00 · 2022-12-02 19:58:21 -05:00
parent 3067e6bd1e
commit b6e540825f
128 changed files with 1222 additions and 1227 deletions
--- a/accounts.php
+++ b/accounts.php
@@ -49,10 +49,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $account_id = $row['account_id'];
-            $account_name = $row['account_name'];
+            $account_name = htmlentities($row['account_name']);
            $opening_balance = $row['opening_balance'];
-            $account_currency_code = $row['account_currency_code'];
+            $account_currency_code = htmlentities($row['account_currency_code']);
-            $account_notes = $row['account_notes'];
+            $account_notes = htmlentities($row['account_notes']);
            $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
            $row = mysqli_fetch_array($sql_payments);
--- a/calendar_event_add_modal.php
+++ b/calendar_event_add_modal.php
@@ -23,8 +23,8 @@
                $sql = mysqli_query($mysqli,"SELECT * FROM calendars WHERE company_id = $session_company_id ORDER BY calendar_name ASC"); 
                while($row = mysqli_fetch_array($sql)){
                  $calendar_id = $row['calendar_id'];
-                  $calendar_name = $row['calendar_name'];
+                  $calendar_name = htmlentities($row['calendar_name']);
-                  $calendar_color = $row['calendar_color'];
+                  $calendar_color = htmlentities($row['calendar_color']);
                ?>
                  <option <?php if($config_default_calendar == $calendar_id){ echo "selected"; } ?> data-content="<i class='fa fa-circle mr-2' style='color:<?php echo $calendar_color; ?>;'></i> <?php echo $calendar_name; ?>" value="<?php echo $calendar_id; ?>"><?php echo $calendar_name; ?></option>
@@ -108,8 +108,8 @@
                $sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id WHERE clients.company_id = $session_company_id ORDER BY client_name ASC"); 
                while($row = mysqli_fetch_array($sql)){
                  $client_id = $row['client_id'];
-                  $client_name = $row['client_name'];
+                  $client_name = htmlentities($row['client_name']);
-                  $contact_email = $row['contact_email'];
+                  $contact_email = htmlentities($row['contact_email']);
                ?>
                  <option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option>
--- a/calendar_event_edit_modal.php
+++ b/calendar_event_edit_modal.php
@@ -40,8 +40,8 @@
                $sql_calendars_select = mysqli_query($mysqli,"SELECT * FROM calendars WHERE company_id = $session_company_id ORDER BY calendar_name ASC"); 
                while($row = mysqli_fetch_array($sql_calendars_select)){
                  $calendar_id_select = $row['calendar_id'];
-                  $calendar_name_select = $row['calendar_name'];
+                  $calendar_name_select = htmlentities($row['calendar_name']);
-                  $calendar_color_select = $row['calendar_color'];
+                  $calendar_color_select = htmlentities($row['calendar_color']);
                ?>
                  <option data-content="<i class='fa fa-circle mr-2' style='color:<?php echo $calendar_color_select; ?>;'></i> <?php echo $calendar_name_select; ?>"<?php if($calendar_id == $calendar_id_select){ echo "selected"; } ?> value="<?php echo $calendar_id_select; ?>"><?php echo $calendar_name_select; ?></option>
@@ -107,8 +107,8 @@
                $sql_clients = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN contacts ON primary_contact = contact_id WHERE clients.company_id = $session_company_id ORDER BY client_name ASC"); 
                while($row = mysqli_fetch_array($sql_clients)){
                  $client_id_select = $row['client_id'];
-                  $client_name_select = $row['client_name'];
+                  $client_name_select = htmlentities($row['client_name']);
-                  $contact_email_select = $row['contact_email'];
+                  $contact_email_select = htmlentities($row['contact_email']);
                ?>
                  <option <?php if($client_id == $client_id_select){ echo "selected"; } ?> value="<?php echo $client_id_select; ?>"><?php echo $client_name_select; ?></option>
--- a/calendar_events.php
+++ b/calendar_events.php
@@ -25,14 +25,14 @@ if(isset($_GET['calendar_id'])){
 $sql = mysqli_query($mysqli,"SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id WHERE calendars.company_id = $session_company_id");
 while($row = mysqli_fetch_array($sql)){
  $event_id = $row['event_id'];
-  $event_title = $row['event_title'];
+  $event_title = htmlentities($row['event_title']);
-  $event_description = $row['event_description'];
+  $event_description = htmlentities($row['event_description']);
-  $event_start = $row['event_start'];
+  $event_start = htmlentities($row['event_start']);
-  $event_end = $row['event_end'];
+  $event_end = htmlentities($row['event_end']);
-  $event_repeat = $row['event_repeat'];
+  $event_repeat = htmlentities($row['event_repeat']);
  $calendar_id = $row['calendar_id'];
-  $calendar_name = $row['calendar_name'];
+  $calendar_name = htmlentities($row['calendar_name']);
-  $calendar_color = $row['calendar_color'];
+  $calendar_color = htmlentities($row['calendar_color']);
  $client_id = $row['event_client_id'];
  include("calendar_event_edit_modal.php");
@@ -76,15 +76,15 @@ while($row = mysqli_fetch_array($sql)){
          <?php
          $sql = mysqli_query($mysqli,"SELECT * FROM events LEFT JOIN calendars ON event_calendar_id = calendar_id WHERE calendars.company_id = $session_company_id");
          while($row = mysqli_fetch_array($sql)){
-            $event_id = $row['event_id'];
+            $event_id = json_encode($row['event_id']);
-            $event_title = $row['event_title'];
+            $event_title = json_encode($row['event_title']);
-            $event_start = $row['event_start'];
+            $event_start = json_encode($row['event_start']);
-            $event_end = $row['event_end'];
+            $event_end = json_encode($row['event_end']);
-            $calendar_id = $row['calendar_id'];
+            $calendar_id = json_encode($row['calendar_id']);
-            $calendar_name = $row['calendar_name'];
+            $calendar_name = json_encode($row['calendar_name']);
-            $calendar_color = $row['calendar_color'];
+            $calendar_color = json_encode($row['calendar_color']);
-            echo "{ id: '$event_id', title: '$event_title', start: '$event_start', end: '$event_end', color: '$calendar_color'},";
+            echo "{ id: $event_id, title: $event_title, start: $event_start, end: $event_end, color: $calendar_color },";
          }
          ?>
@@ -92,11 +92,11 @@ while($row = mysqli_fetch_array($sql)){
          //Invoices Created
          $sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN invoices ON client_id = invoice_client_id WHERE clients.company_id = $session_company_id");
          while($row = mysqli_fetch_array($sql)){
-            $event_id = $row['invoice_id'];
+            $event_id = json_encode($row['invoice_id']);
-            $event_title = $row['invoice_prefix'] . $row['invoice_number'] . " " . $row['invoice_scope'];
+            $event_title = json_encode($row['invoice_prefix'] . $row['invoice_number'] . " " . $row['invoice_scope']);
-            $event_start = $row['invoice_date'];
+            $event_start = json_encode($row['invoice_date']);
-            echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'blue', url: 'invoice.php?invoice_id=$event_id'},";
+            echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'blue', url: 'invoice.php?invoice_id=$event_id' },";
          }
          ?>
@@ -104,11 +104,11 @@ while($row = mysqli_fetch_array($sql)){
          //Quotes Created
          $sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN quotes ON client_id = quote_client_id WHERE clients.company_id = $session_company_id");
          while($row = mysqli_fetch_array($sql)){
-            $event_id = $row['quote_id'];
+            $event_id = json_encode($row['quote_id']);
-            $event_title = $row['quote_prefix'] . $row['quote_number'] . " " . $row['quote_scope'];
+            $event_title = json_encode($row['quote_prefix'] . $row['quote_number'] . " " . $row['quote_scope']);
-            $event_start = $row['quote_date'];
+            $event_start = json_encode($row['quote_date']);
-            echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'purple', url: 'quote.php?quote_id=$event_id'},";
+            echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'purple', url: 'quote.php?quote_id=$event_id' },";
          }
          ?>
@@ -116,11 +116,11 @@ while($row = mysqli_fetch_array($sql)){
          //Tickets Created
          $sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN tickets ON client_id = ticket_client_id WHERE clients.company_id = $session_company_id");
          while($row = mysqli_fetch_array($sql)){
-            $event_id = $row['ticket_id'];
+            $event_id = json_encode($row['ticket_id']);
-            $event_title = $row['ticket_prefix'] . $row['ticket_number'] . " " . $row['ticket_subject'];
+            $event_title = json_encode($row['ticket_prefix'] . $row['ticket_number'] . " " . $row['ticket_subject']);
-            $event_start = $row['ticket_created_at'];
+            $event_start = json_encode($row['ticket_created_at']);
-            echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'orange', url: 'ticket.php?ticket_id=$event_id'},";
+            echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'orange', url: 'ticket.php?ticket_id=$event_id' },";
          }
@@ -130,11 +130,11 @@ while($row = mysqli_fetch_array($sql)){
          //Vendors Added Created
          $sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN vendors ON client_id = vendor_client_id WHERE clients.company_id = $session_company_id");
          while($row = mysqli_fetch_array($sql)){
-            $event_id = $row['vendor_id'];
+            $event_id = json_encode($row['vendor_id']);
-            $event_title = $row['vendor_name'];
+            $event_title = json_encode($row['vendor_name']);
-            $event_start = $row['vendor_created_at'];
+            $event_start = json_encode($row['vendor_created_at']);
-            echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'brown', url: 'client_vendors.php?client_id=$event_id'},";
+            echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'brown', url: 'client_vendors.php?client_id=$event_id' },";
          }
          ?>
@@ -142,11 +142,11 @@ while($row = mysqli_fetch_array($sql)){
          //Clients Added
          $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE clients.company_id = $session_company_id");
          while($row = mysqli_fetch_array($sql)){
-            $event_id = $row['client_id'];
+            $event_id = json_encode($row['client_id']);
-            $event_title = $row['client_name'];
+            $event_title = json_encode($row['client_name']);
-            $event_start = $row['client_created_at'];
+            $event_start = json_encode($row['client_created_at']);
-            echo "{ id: '$event_id', title: ". json_encode($event_title) .", start: '$event_start', color: 'green', url: 'client.php?client_id=$event_id'},";
+            echo "{ id: $event_id, title: $event_title, start: $event_start, color: 'green', url: 'client.php?client_id=$event_id' },";
          }
          ?>
--- a/categories.php
+++ b/categories.php
@@ -84,8 +84,8 @@ $colors_diff = array_diff($colors_array,$colors_used_array);
          while($row = mysqli_fetch_array($sql)){
            $category_id = $row['category_id'];
-            $category_name = $row['category_name'];
+            $category_name = htmlentities($row['category_name']);
-            $category_color = $row['category_color'];
+            $category_color = htmlentities($row['category_color']);
            //$colors_used_array[] = $row['category_color'];
          ?>
--- a/client_add_modal.php
+++ b/client_add_modal.php
@@ -66,7 +66,7 @@
                    $referral_sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Referral' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC"); 
                    while($row = mysqli_fetch_array($referral_sql)){
-                      $referral = $row['category_name'];
+                      $referral = htmlentities($row['category_name']);
                    ?>
                      <option><?php echo $referral; ?></option>
@@ -279,9 +279,9 @@
                while($row = mysqli_fetch_array($sql_tags_select)){
                  $tag_id_select = $row['tag_id'];
-                  $tag_name_select = $row['tag_name'];
+                  $tag_name_select = htmlentities($row['tag_name']);
-                  $tag_color_select = $row['tag_color'];
+                  $tag_color_select = htmlentities($row['tag_color']);
-                  $tag_icon_select = $row['tag_icon'];
+                  $tag_icon_select = htmlentities($row['tag_icon']);
                ?>
                  <li class="list-group-item">
--- a/client_asset_add_modal.php
+++ b/client_asset_add_modal.php
@@ -125,7 +125,7 @@
                    $sql = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC"); 
                    while($row = mysqli_fetch_array($sql)){
                      $location_id = $row['location_id'];
-                      $location_name = $row['location_name'];
+                      $location_name = htmlentities($row['location_name']);
                    ?>
                    <option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option>
@@ -150,7 +150,7 @@
                    $sql = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC"); 
                    while($row = mysqli_fetch_array($sql)){
                      $contact_id = $row['contact_id'];
-                      $contact_name = $row['contact_name'];
+                      $contact_name = htmlentities($row['contact_name']);
                    ?>
                    <option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
@@ -190,8 +190,8 @@
                    $sql = mysqli_query($mysqli,"SELECT * FROM networks WHERE network_archived_at IS NULL AND network_client_id = $client_id ORDER BY network_name ASC"); 
                    while($row = mysqli_fetch_array($sql)){
                      $network_id = $row['network_id'];
-                      $network_name = $row['network_name'];
+                      $network_name = htmlentities($row['network_name']);
-                      $network = $row['network'];
+                      $network = htmlentities($row['network']);
                    ?>
                    <option value="<?php echo $network_id; ?>"><?php echo $network_name; ?> - <?php echo $network; ?></option>
@@ -240,7 +240,7 @@
                    $sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id ORDER BY vendor_name ASC"); 
                    while($row = mysqli_fetch_array($sql)){
                      $vendor_id = $row['vendor_id'];
-                      $vendor_name = $row['vendor_name'];
+                      $vendor_name = htmlentities($row['vendor_name']);
                    ?>
                    <option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
--- a/client_asset_copy_modal.php
+++ b/client_asset_copy_modal.php
@@ -123,7 +123,7 @@
                    $sql_locations = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC"); 
                    while($row = mysqli_fetch_array($sql_locations)){
                      $location_id_select = $row['location_id'];
-                      $location_name_select = $row['location_name'];
+                      $location_name_select = htmlentities($row['location_name']);
                    ?>
                    <option <?php if($asset_location_id == $location_id_select){ echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option>
@@ -148,7 +148,7 @@
                    $sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC"); 
                    while($row = mysqli_fetch_array($sql_contacts)){
                      $contact_id = $row['contact_id'];
-                      $contact_name = $row['contact_name'];
+                      $contact_name = htmlentities($row['contact_name']);
                    ?>
                    <option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
@@ -187,8 +187,8 @@
                    $sql_networks = mysqli_query($mysqli,"SELECT * FROM networks WHERE (network_archived_at > '$asset_created_at' OR network_archived_at IS NULL) AND network_client_id = $client_id ORDER BY network_name ASC"); 
                    while($row = mysqli_fetch_array($sql_networks)){
                      $network_id_select = $row['network_id'];
-                      $network_name_select = $row['network_name'];
+                      $network_name_select = htmlentities($row['network_name']);
-                      $network_select = $row['network'];
+                      $network_select = htmlentities($row['network']);
                    ?>
                    <option <?php if($asset_network_id == $network_id_select){ echo "selected"; } ?> value="<?php echo $network_id_select; ?>"><?php echo $network_name_select; ?> - <?php echo $network_select; ?></option>
@@ -237,7 +237,7 @@
                    $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE (vendor_archived_at > '$asset_created_at' OR vendor_archived_at IS NULL) AND vendor_client_id = $client_id ORDER BY vendor_name ASC"); 
                    while($row = mysqli_fetch_array($sql_vendors)){
                      $vendor_id_select = $row['vendor_id'];
-                      $vendor_name_select = $row['vendor_name'];
+                      $vendor_name_select = htmlentities($row['vendor_name']);
                    ?>
                    <option <?php if($asset_vendor_id == $vendor_id_select){ echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
--- a/client_asset_documents_modal.php
+++ b/client_asset_documents_modal.php
@@ -12,7 +12,7 @@
        <?php
        while($row = mysqli_fetch_array($sql_related_documents)){
          $related_document_id = $row['document_id'];
-          $related_document_name = $row['document_name'];
+          $related_document_name = htmlentities($row['document_name']);
        ?>
          <p>
            <i class="fas fa-fw fa-document text-secondary"></i>
--- a/client_asset_edit_modal.php
+++ b/client_asset_edit_modal.php
@@ -124,7 +124,7 @@
                    $sql_locations = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_client_id = $client_id ORDER BY location_name ASC"); 
                    while($row = mysqli_fetch_array($sql_locations)){
                      $location_id_select = $row['location_id'];
-                      $location_name_select = $row['location_name'];
+                      $location_name_select = htmlentities($row['location_name']);
                    ?>
                    <option <?php if($asset_location_id == $location_id_select){ echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option>
@@ -148,7 +148,7 @@
                    $sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts WHERE (contact_archived_at > '$asset_created_at' OR contact_archived_at IS NULL) AND contact_client_id = $client_id ORDER BY contact_name ASC"); 
                    while($row = mysqli_fetch_array($sql_contacts)){
                      $contact_id_select = $row['contact_id'];
-                      $contact_name_select = $row['contact_name'];
+                      $contact_name_select = htmlentities($row['contact_name']);
                    ?>
                    <option <?php if($asset_contact_id == $contact_id_select){ echo "selected"; } ?> value="<?php echo $contact_id_select; ?>">
                      <?php echo $contact_name_select; ?> <?php if(!empty($row['contact_archived_at'])){ echo " (Archived " . date('Y-m-d',strtotime($row['contact_archived_at'])) .")"; } ?>
@@ -188,8 +188,8 @@
                    $sql_networks = mysqli_query($mysqli,"SELECT * FROM networks WHERE (network_archived_at > '$asset_created_at' OR network_archived_at IS NULL) AND network_client_id = $client_id ORDER BY network_name ASC"); 
                    while($row = mysqli_fetch_array($sql_networks)){
                      $network_id_select = $row['network_id'];
-                      $network_name_select = $row['network_name'];
+                      $network_name_select = htmlentities($row['network_name']);
-                      $network_select = $row['network'];
+                      $network_select = htmlentities($row['network']);
                    ?>
                    <option <?php if($asset_network_id == $network_id_select){ echo "selected"; } ?> value="<?php echo $network_id_select; ?>"><?php echo $network_name_select; ?> - <?php echo $network_select; ?></option>
@@ -238,7 +238,7 @@
                    $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE (vendor_archived_at > '$asset_created_at' OR vendor_archived_at IS NULL) AND vendor_client_id = $client_id ORDER BY vendor_name ASC"); 
                    while($row = mysqli_fetch_array($sql_vendors)){
                      $vendor_id_select = $row['vendor_id'];
-                      $vendor_name_select = $row['vendor_name'];
+                      $vendor_name_select = htmlentities($row['vendor_name']);
                    ?>
                    <option <?php if($asset_vendor_id == $vendor_id_select){ echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
--- a/client_asset_tickets_modal.php
+++ b/client_asset_tickets_modal.php
@@ -13,10 +13,10 @@
        // Query is run from client_assets.php
        while($row = mysqli_fetch_array($sql_tickets)){
          $ticket_id = $row['ticket_id'];
-          $ticket_prefix = $row['ticket_prefix'];
+          $ticket_prefix = htmlentities($row['ticket_prefix']);
-          $ticket_number = $row['ticket_number'];
+          $ticket_number = htmlentities($row['ticket_number']);
-          $ticket_subject = $row['ticket_subject'];
+          $ticket_subject = htmlentities($row['ticket_subject']);
-          $ticket_status = $row['ticket_status'];
+          $ticket_status = htmlentities($row['ticket_status']);
          $ticket_created_at = $row['ticket_created_at'];
          $ticket_updated_at = $row['ticket_updated_at'];
          ?>
--- a/client_assets.php
+++ b/client_assets.php
@@ -164,30 +164,30 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $asset_id = $row['asset_id'];
-            $asset_type = $row['asset_type'];
+            $asset_type = htmlentities($row['asset_type']);
-            $asset_name = $row['asset_name'];
+            $asset_name = htmlentities($row['asset_name']);
-            $asset_make = $row['asset_make'];
+            $asset_make = htmlentities($row['asset_make']);
-            $asset_model = $row['asset_model'];
+            $asset_model = htmlentities($row['asset_model']);
-            $asset_serial = $row['asset_serial'];
+            $asset_serial = htmlentities($row['asset_serial']);
            if(empty($asset_serial)){
              $asset_serial_display = "-";
            }else{
              $asset_serial_display = $asset_serial;
            }
-            $asset_os = $row['asset_os'];
+            $asset_os = htmlentities($row['asset_os']);
            if(empty($asset_os)){
              $asset_os_display = "-";
            }else{
              $asset_os_display = $asset_os;
            }
-            $asset_ip = $row['asset_ip'];
+            $asset_ip = htmlentities($row['asset_ip']);
            if(empty($asset_ip)){
              $asset_ip_display = "-";
            }else{
              $asset_ip_display = "$asset_ip<button class='btn btn-sm' data-clipboard-text='$asset_ip'><i class='far fa-copy text-secondary'></i></button>";
            }
-            $asset_mac = $row['asset_mac'];
+            $asset_mac = htmlentities($row['asset_mac']);
-            $asset_status = $row['asset_status'];
+            $asset_status = htmlentities($row['asset_status']);
            $asset_purchase_date = $row['asset_purchase_date'];
            $asset_warranty_expire = $row['asset_warranty_expire'];
            $asset_install_date = $row['asset_install_date'];
@@ -196,7 +196,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
            }else{
              $asset_install_date_display = $asset_install_date;
            }
-            $asset_notes = $row['asset_notes'];
+            $asset_notes = htmlentities($row['asset_notes']);
            $asset_created_at = $row['asset_created_at'];
            $asset_vendor_id = $row['asset_vendor_id'];
            $asset_location_id = $row['asset_location_id'];
@@ -242,8 +242,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
            }
            $login_id = $row['login_id'];
-            $login_username = $row['login_username'];
+            $login_username = htmlentities($row['login_username']);
-            $login_password = decryptLoginEntry($row['login_password']);
+            $login_password = htmlentities(decryptLoginEntry($row['login_password']));
            // Related tickets
            $sql_tickets = mysqli_query($mysqli,"SELECT * FROM tickets WHERE ticket_asset_id = $asset_id ORDER BY ticket_number DESC");
--- a/client_certificate_add_modal.php
+++ b/client_certificate_add_modal.php
@@ -76,7 +76,7 @@
                                $domains_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
                                while($domain_row = mysqli_fetch_array($domains_sql)){
                                    $domain_id = $domain_row['domain_id'];
-                                    $domain_name = $domain_row['domain_name'];
+                                    $domain_name = htmlentities($domain_row['domain_name']);
                                    echo "<option value=\"$domain_id\">$domain_name</option>";
                                }
                                ?>
--- a/client_certificates.php
+++ b/client_certificates.php
@@ -65,10 +65,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $certificate_id = $row['certificate_id'];
-            $certificate_name = $row['certificate_name'];
+            $certificate_name = htmlentities($row['certificate_name']);
-            $certificate_domain = $row['certificate_domain'];
+            $certificate_domain = htmlentities($row['certificate_domain']);
-            $certificate_issued_by = $row['certificate_issued_by'];
+            $certificate_issued_by = htmlentities($row['certificate_issued_by']);
-            $certificate_expire = $row['certificate_expire'];
+            $certificate_expire = htmlentities($row['certificate_expire']);
          ?>
          <tr>
--- a/client_contact_add_modal.php
+++ b/client_contact_add_modal.php
@@ -117,7 +117,7 @@
                    $sql = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC"); 
                    while($row = mysqli_fetch_array($sql)){
                      $location_id = $row['location_id'];
-                      $location_name = $row['location_name'];
+                      $location_name = htmlentities($row['location_name']);
                    ?>
                    <option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option>
--- a/client_contact_details_modal.php
+++ b/client_contact_details_modal.php
@@ -35,11 +35,11 @@
              while($row = mysqli_fetch_array($sql_related_assets)){
                $asset_id = $row['asset_id'];
-                $asset_type = $row['asset_type'];
+                $asset_type = htmlentities($row['asset_type']);
-                $asset_name = $row['asset_name'];
+                $asset_name = htmlentities($row['asset_name']);
-                $asset_make = $row['asset_make'];
+                $asset_make = htmlentities($row['asset_make']);
-                $asset_model = $row['asset_model'];
+                $asset_model = htmlentities($row['asset_model']);
-                $asset_serial = $row['asset_serial'];
+                $asset_serial = htmlentities($row['asset_serial']);
              ?>
@@ -58,11 +58,11 @@
              while($row = mysqli_fetch_array($sql_related_logins)){
                $login_id = $row['login_id'];
-                $login_name = $row['login_name'];
+                $login_name = htmlentities($row['login_name']);
-                $login_uri = $row['login_uri'];
+                $login_uri = htmlentities($row['login_uri']);
-                $login_username = $row['login_username'];
+                $login_username = htmlentities($row['login_username']);
-                $login_password = $row['login_password'];
+                $login_password = htmlentities($row['login_password']);
-                $login_note = $row['login_note'];
+                $login_note = htmlentities($row['login_note']);
                $vendor_id = $row['vendor_id'];
                $asset_id = $row['asset_id'];
                $software_id = $row['software_id'];
@@ -84,9 +84,9 @@
              while($row = mysqli_fetch_array($sql_related_software)){
                $software_id = $row['software_id'];
-                $software_name = $row['software_name'];
+                $software_name = htmlentities($row['software_name']);
-                $software_type = $row['software_type'];
+                $software_type = htmlentities($row['software_type']);
-                $software_notes = $row['software_notes'];
+                $software_notes = htmlentities($row['software_notes']);
              ?>
--- a/client_contact_edit_modal.php
+++ b/client_contact_edit_modal.php
@@ -119,7 +119,7 @@
                    $sql_locations = mysqli_query($mysqli,"SELECT * FROM locations WHERE (location_archived_at > '$contact_created_at' OR location_archived_at IS NULL) AND location_client_id = $client_id ORDER BY location_name ASC");
                    while($row = mysqli_fetch_array($sql_locations)){
                      $location_id_select = $row['location_id'];
-                      $location_name_select = $row['location_name'];
+                      $location_name_select = htmlentities($row['location_name']);
                    ?>
                    <option <?php if($contact_location_id == $location_id_select){ echo "selected"; } ?> value="<?php echo $location_id_select; ?>"><?php echo $location_name_select; ?></option>
--- a/client_contacts.php
+++ b/client_contacts.php
@@ -83,14 +83,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $contact_id = $row['contact_id'];
-            $contact_name = $row['contact_name'];
+            $contact_name = htmlentities($row['contact_name']);
-            $contact_title = $row['contact_title'];
+            $contact_title = htmlentities($row['contact_title']);
            if(empty($contact_title)){
              $contact_title_display = "-";
            }else{
              $contact_title_display = "<small class='text-secondary'>$contact_title</small>";
            }
-            $contact_department = $row['contact_department'];
+            $contact_department =htmlentities($row['contact_department']);
            if(empty($contact_department)){
              $contact_department_display = "-";
            }else{
@@ -102,22 +102,22 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
            }else{
              $contact_phone_display = "$contact_phone";
            }
-            $contact_extension = $row['contact_extension'];
+            $contact_extension = htmlentities($row['contact_extension']);
            $contact_mobile = formatPhoneNumber($row['contact_mobile']);
            if(empty($contact_mobile)){
              $contact_mobile_display = "-";
            }else{
              $contact_mobile_display = "$contact_mobile";
            }
-            $contact_email = $row['contact_email'];
+            $contact_email = htmlentities($row['contact_email']);
            if(empty($contact_email)){
              $contact_email_display = "-";
            }else{
              $contact_email_display = "<a href='mailto:$contact_email'>$contact_email</a><button class='btn btn-sm clipboardjs' data-clipboard-text='$contact_email'><i class='far fa-copy text-secondary'></i></button>";
            }
-            $contact_photo = $row['contact_photo'];
+            $contact_photo = htmlentities($row['contact_photo']);
            $contact_initials = initials($contact_name);
-            $contact_notes = $row['contact_notes'];
+            $contact_notes = htmlentities($row['contact_notes']);
            $contact_created_at = $row['contact_created_at'];
            if($contact_id == $primary_contact){
                $primary_contact_display = "<small class='text-success'>Primary Contact</small>";
@@ -125,13 +125,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
              $primary_contact_display = FALSE;
            }
            $contact_location_id = $row['contact_location_id'];
-            $location_name = $row['location_name'];
+            $location_name = htmlentities($row['location_name']);
            if(empty($location_name)){
              $location_name_display = "-";
            }else{
              $location_name_display = $location_name;
            }
-            $auth_method = $row['contact_auth_method'];
+            $auth_method = htmlentities($row['contact_auth_method']);
            // Related Assets Query
            $sql_related_assets = mysqli_query($mysqli,"SELECT * FROM assets WHERE asset_contact_id = $contact_id AND company_id = $session_company_id ORDER BY asset_id DESC");
--- a/client_document_add_modal.php
+++ b/client_document_add_modal.php
@@ -46,7 +46,7 @@
                $sql_folders = mysqli_query($mysqli,"SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
                while($row = mysqli_fetch_array($sql_folders)){
                  $folder_id = $row['folder_id'];
-                  $folder_name = $row['folder_name'];
+                  $folder_name = htmlentities($row['folder_name']);
                ?>
                <option <?php if($_GET['folder_id'] == $folder_id) echo "selected"; ?> value="<?php echo $folder_id ?>"><?php echo $folder_name; ?></option>
--- a/client_document_details.php
+++ b/client_document_details.php
@@ -16,7 +16,7 @@ $sql_document = mysqli_query($mysqli,"SELECT * FROM documents LEFT JOIN folders
 $row = mysqli_fetch_array($sql_document);
 $folder_name = $row['folder_name'];
-$document_name = $row['document_name'];
+$document_name = htmlentities($row['document_name']);
 $document_content = $row['document_content'];
 $document_created_at = $row['document_created_at'];
 $document_updated_at = $row['document_updated_at'];
--- a/client_document_edit_modal.php
+++ b/client_document_edit_modal.php
@@ -46,7 +46,7 @@
                $sql_folders_select = mysqli_query($mysqli,"SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
                while($row = mysqli_fetch_array($sql_folders_select)){
                  $folder_id_select = $row['folder_id'];
-                  $folder_name_select = $row['folder_name'];
+                  $folder_name_select = htmlentities($row['folder_name']);
                ?>
                <option <?php if($folder_id_select == $document_folder_id) echo "selected"; ?> value="<?php echo $folder_id_select ?>"><?php echo $folder_name_select; ?></option>
                <?php
--- a/client_documents.php
+++ b/client_documents.php
@@ -76,7 +76,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          $sql_folders = mysqli_query($mysqli,"SELECT * FROM folders WHERE folder_client_id = $client_id ORDER BY folder_name ASC");
          while($row = mysqli_fetch_array($sql_folders)){
            $folder_id = $row['folder_id'];
-            $folder_name = $row['folder_name'];
+            $folder_name = htmlentities($row['folder_name']);
            $row = mysqli_fetch_assoc(mysqli_query($mysqli,"SELECT COUNT('document_id') AS num FROM documents WHERE document_folder_id = $folder_id"));
            $num_documents = $row['num'];
@@ -161,7 +161,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
              while($row = mysqli_fetch_array($sql)){
                $document_id = $row['document_id'];
-                $document_name = $row['document_name'];
+                $document_name = htmlentities($row['document_name']);
                $document_content = $row['document_content'];
                $document_created_at = $row['document_created_at'];
                $document_updated_at = $row['document_updated_at'];
--- a/client_domain_add_modal.php
+++ b/client_domain_add_modal.php
@@ -34,7 +34,7 @@
                $sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id ORDER BY vendor_name ASC"); 
                while($row = mysqli_fetch_array($sql)){
                  $vendor_id = $row['vendor_id'];
-                  $vendor_name = $row['vendor_name'];
+                  $vendor_name = htmlentities($row['vendor_name']);
                ?>
                <option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
@@ -58,7 +58,7 @@
                $sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_archived_at IS NULL AND vendor_client_id = $client_id ORDER BY vendor_name ASC"); 
                while($row = mysqli_fetch_array($sql)){
                  $vendor_id = $row['vendor_id'];
-                  $vendor_name = $row['vendor_name'];
+                  $vendor_name = htmlentities($row['vendor_name']);
                ?>
                <option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
--- a/client_domains.php
+++ b/client_domains.php
@@ -66,18 +66,18 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $domain_id = $row['domain_id'];
-            $domain_name = $row['domain_name'];
+            $domain_name = htmlentities($row['domain_name']);
-            $domain_registrar = $row['domain_registrar'];
+            $domain_registrar = htmlentities($row['domain_registrar']);
-            $domain_webhost = $row['domain_webhost'];
+            $domain_webhost = htmlentities($row['domain_webhost']);
-            $domain_expire = $row['domain_expire'];
+            $domain_expire = htmlentities($row['domain_expire'];
-            $domain_registrar_name = $row['vendor_name'];
+            $domain_registrar_name = htmlentities($row['vendor_name']);
            if(empty($domain_registrar_name)){
              $domain_registrar_name = "-";
            }
            $sql_domain_webhost = mysqli_query($mysqli,"SELECT vendor_name FROM vendors WHERE vendor_id = $domain_webhost");
            $row = mysqli_fetch_array($sql_domain_webhost);
-            $domain_webhost_name = $row['vendor_name'];
+            $domain_webhost_name = htmlentities($row['vendor_name']);
            if(empty($domain_webhost_name)){
              $domain_webhost_name = "-";
            }
--- a/client_edit_modal.php
+++ b/client_edit_modal.php
@@ -61,7 +61,7 @@
                    $referral_sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Referral' AND (category_archived_at > '$client_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC"); 
                    while($row = mysqli_fetch_array($referral_sql)){
-                      $referral = $row['category_name'];
+                      $referral = htmlentities($row['category_name']);
                    ?>
                      <option <?php if($client_referral == $referral){ echo "selected"; } ?> > <?php echo $referral; ?></option>
@@ -142,9 +142,9 @@
                while($row = mysqli_fetch_array($sql_tags_select)){
                  $tag_id_select = $row['tag_id'];
-                  $tag_name_select = $row['tag_name'];
+                  $tag_name_select = htmlentities($row['tag_name']);
-                  $tag_color_select = $row['tag_color'];
+                  $tag_color_select = htmlentities($row['tag_color']);
-                  $tag_icon_select = $row['tag_icon'];
+                  $tag_icon_select = htmlentities($row['tag_icon']);
                ?>
                  <li class="list-group-item">
--- a/client_events.php
+++ b/client_events.php
@@ -25,14 +25,14 @@ if(isset($_GET['calendar_id'])){
 $sql = mysqli_query($mysqli,"SELECT * FROM calendars LEFT JOIN events ON calendar_id = event_calendar_id WHERE event_client_id = $client_id AND calendars.company_id = $session_company_id");
 while($row = mysqli_fetch_array($sql)){
  $event_id = $row['event_id'];
-  $event_title = $row['event_title'];
+  $event_title = htmlentities($row['event_title']);
-  $event_description = $row['event_description'];
+  $event_description = htmlentities($row['event_description']);
-  $event_start = $row['event_start'];
+  $event_start = htmlentities($row['event_start']);
-  $event_end = $row['event_end'];
+  $event_end = htmlentities($row['event_end']);
-  $event_repeat = $row['event_repeat'];
+  $event_repeat = htmlentities($row['event_repeat']);
  $calendar_id = $row['calendar_id'];
-  $calendar_name = $row['calendar_name'];
+  $calendar_name = htmlentities($row['calendar_name']);
-  $calendar_color = $row['calendar_color'];
+  $calendar_color = htmlentities($row['calendar_color']);
  include("calendar_event_edit_modal.php");
@@ -73,15 +73,15 @@ while($row = mysqli_fetch_array($sql)){
          <?php
          $sql = mysqli_query($mysqli,"SELECT * FROM calendars LEFT JOIN events ON calendar_id = event_calendar_id WHERE event_client_id = $client_id AND calendars.company_id = $session_company_id");
          while($row = mysqli_fetch_array($sql)){
-            $event_id = $row['event_id'];
+            $event_id = json_encode($row['event_id']);
-            $event_title = $row['event_title'];
+            $event_title = json_encode($row['event_title']);
-            $event_start = $row['event_start'];
+            $event_start = json_encode($row['event_start']);
-            $event_end = $row['event_end'];
+            $event_end = json_encode($row['event_end']);
-            $calendar_id = $row['calendar_id'];
+            $calendar_id = json_encode($row['calendar_id']);
-            $calendar_name = $row['calendar_name'];
+            $calendar_name = json_encode($row['calendar_name']);
-            $calendar_color = $row['calendar_color'];
+            $calendar_color = json_encode($row['calendar_color']);
-            echo "{ id: '$event_id', title: '$event_title', start: '$event_start', end: '$event_end', color: '$calendar_color'},";
+            echo "{ id: $event_id, title: $event_title, start: $event_start, end: $event_end, color: $calendar_color },";
          }
          ?>
        ],
--- a/client_files.php
+++ b/client_files.php
@@ -33,9 +33,9 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
        while($row = mysqli_fetch_array($sql_files_images)){
          $file_id = $row['file_id'];
-          $file_name = $row['file_name'];
+          $file_name = htmlentities($row['file_name']);
-          $file_reference_name = $row['file_reference_name'];
+          $file_reference_name = htmlentities($row['file_reference_name']);
-          $file_ext = $row['file_ext'];
+          $file_ext = htmlentities($row['file_ext']);
          ?>
@@ -70,9 +70,9 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
        <?php
        while($row = mysqli_fetch_array($sql_files_other)){
          $file_id = $row['file_id'];
-          $file_name = $row['file_name'];
+          $file_name = htmlentities($row['file_name']);
-          $file_reference_name = $row['file_reference_name'];
+          $file_reference_name = htmlentities($row['file_reference_name']);
-          $file_ext = $row['file_ext'];
+          $file_ext = htmlentities($row['file_ext']);
          if($file_ext == 'pdf'){
            $file_icon = "file-pdf";
          }elseif($file_ext == 'gz' || $file_ext == 'tar' || $file_ext == 'zip' || $file_ext == '7z' || $file_ext == 'rar'){
--- a/client_invoices.php
+++ b/client_invoices.php
@@ -76,25 +76,24 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $invoice_id = $row['invoice_id'];
-            $invoice_prefix = $row['invoice_prefix'];
+            $invoice_prefix = htmlentities($row['invoice_prefix']);
-            $invoice_number = $row['invoice_number'];
+            $invoice_number = htmlentities($row['invoice_number']);
-            $invoice_scope = $row['invoice_scope'];
+            $invoice_scope = htmlentities($row['invoice_scope']);
            if(empty($invoice_scope)){
              $invoice_scope_display = "-";
            }else{
              $invoice_scope_display = $invoice_scope;
            }
-            $invoice_status = $row['invoice_status'];
+            $invoice_status = htmlentities($row['invoice_status']);
            $invoice_date = $row['invoice_date'];
            $invoice_due = $row['invoice_due'];
-            $invoice_amount = $row['invoice_amount'];
+            $invoice_amount = htmlentities($row['invoice_amount']);
-            $invoice_currency_code = $row['invoice_currency_code'];
+            $invoice_currency_code = htmlentities($row['invoice_currency_code']);
            $invoice_created_at = $row['invoice_created_at'];
            $category_id = $row['category_id'];
-            $category_name = $row['category_name'];
+            $category_name = htmlentities($row['category_name']);
            $now = time();
-            if(($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) < $now ){
+            if(($invoice_status == "Sent" || $invoice_status == "Partial" || $invoice_status == "Viewed") && strtotime($invoice_due) < time() ){
                $overdue_color = "text-danger font-weight-bold";
              }else{
                $overdue_color = "";
--- a/client_location_add_modal.php
+++ b/client_location_add_modal.php
@@ -116,7 +116,7 @@
                    $sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_archived_at IS NULL AND contact_client_id = $client_id ORDER BY contact_name ASC"); 
                    while($row = mysqli_fetch_array($sql_contacts)){
                      $contact_id = $row['contact_id'];
-                      $contact_name = $row['contact_name'];
+                      $contact_name = htmlentities($row['contact_name']);
                    ?>
                      <option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
--- a/client_location_edit_modal.php
+++ b/client_location_edit_modal.php
@@ -118,7 +118,7 @@
                    $sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts WHERE (contact_archived_at > '$location_created_at' OR contact_archived_at IS NULL) AND contact_client_id = $client_id ORDER BY contact_name ASC"); 
                    while($row = mysqli_fetch_array($sql_contacts)){
                      $contact_id_select = $row['contact_id'];
-                      $contact_name_select = $row['contact_name'];
+                      $contact_name_select = htmlentities($row['contact_name']);
                    ?>
                      <option <?php if($location_contact_id == $contact_id_select){ echo "selected"; } ?> value="<?php echo $contact_id_select; ?>"><?php echo $contact_name_select; ?></option>
--- a/client_locations.php
+++ b/client_locations.php
@@ -80,26 +80,26 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $location_id = $row['location_id'];
-            $location_name = $row['location_name'];
+            $location_name = htmlentities($row['location_name']);
-            $location_country = $row['location_country'];
+            $location_country = htmlentities($row['location_country']);
-            $location_address = $row['location_address'];
+            $location_address = htmlentities($row['location_address']);
-            $location_city = $row['location_city'];
+            $location_city = htmlentities($row['location_city']);
-            $location_state = $row['location_state'];
+            $location_state = htmlentities($row['location_state']);
-            $location_zip = $row['location_zip'];
+            $location_zip = htmlentities($row['location_zip']);
            $location_phone = formatPhoneNumber($row['location_phone']);
            if(empty($location_phone)){
              $location_phone_display = "-";
            }else{
              $location_phone_display = $location_phone;
            }
-            $location_hours = $row['location_hours'];
+            $location_hours = htmlentities($row['location_hours']);
            if(empty($location_hours)){
              $location_hours_display = "-";
            }else{
              $location_hours_display = $location_hours;
            }
-            $location_photo = $row['location_photo'];
+            $location_photo = htmlentities($row['location_photo']);
-            $location_notes = $row['location_notes'];
+            $location_notes = htmlentities($row['location_notes']);
            $location_created_at = $row['location_created_at'];
            $location_contact_id = $row['location_contact_id'];
            if($location_id == $primary_location){
--- a/client_login_add_modal.php
+++ b/client_login_add_modal.php
@@ -105,7 +105,7 @@
                    $sql = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC"); 
                    while($row = mysqli_fetch_array($sql)){
                      $contact_id = $row['contact_id'];
-                      $contact_name = $row['contact_name'];
+                      $contact_name = htmlentities($row['contact_name']);
                    ?>
                      <option value="<?php echo $contact_id; ?>"><?php echo $contact_name; ?></option>
@@ -129,7 +129,7 @@
                    $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC"); 
                    while($row = mysqli_fetch_array($sql_vendors)){
                      $vendor_id = $row['vendor_id'];
-                      $vendor_name = $row['vendor_name'];
+                      $vendor_name = htmlentities($row['vendor_name']);
                    ?>
                      <option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
@@ -153,7 +153,7 @@
                    $sql = mysqli_query($mysqli,"SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_name ASC"); 
                    while($row = mysqli_fetch_array($sql)){
                      $asset_id = $row['asset_id'];
-                      $asset_name = $row['asset_name'];
+                      $asset_name = htmlentities($row['asset_name']);
                    ?>
                      <option value="<?php echo $asset_id; ?>"><?php echo $asset_name; ?></option>
@@ -177,7 +177,7 @@
                    $sql = mysqli_query($mysqli,"SELECT * FROM software WHERE software_client_id = $client_id ORDER BY software_name ASC"); 
                    while($row = mysqli_fetch_array($sql)){
                      $software_id = $row['software_id'];
-                      $software_name = $row['software_name'];
+                      $software_name = htmlentities($row['software_name']);
                    ?>
                      <option value="<?php echo $software_id; ?>"><?php echo $software_name; ?></option>
--- a/client_login_edit_modal.php
+++ b/client_login_edit_modal.php
@@ -111,7 +111,7 @@
                    $sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC"); 
                    while($row = mysqli_fetch_array($sql_contacts)){
                      $contact_id_select = $row['contact_id'];
-                      $contact_name_select = $row['contact_name'];
+                      $contact_name_select = htmlentities($row['contact_name']);
                    ?>
                      <option <?php if($login_contact_id == $contact_id_select){ echo "selected"; } ?> value="<?php echo $contact_id_select; ?>"><?php echo $contact_name_select; ?></option>
@@ -135,7 +135,7 @@
                    $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_client_id = $client_id ORDER BY vendor_name ASC"); 
                    while($row = mysqli_fetch_array($sql_vendors)){
                      $vendor_id_select = $row['vendor_id'];
-                      $vendor_name_select = $row['vendor_name'];
+                      $vendor_name_select = htmlentities($row['vendor_name']);
                    ?>
                      <option <?php if($login_vendor_id == $vendor_id_select){ echo "selected"; } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
@@ -159,7 +159,7 @@
                    $sql_assets = mysqli_query($mysqli,"SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_name ASC"); 
                    while($row = mysqli_fetch_array($sql_assets)){
                      $asset_id_select = $row['asset_id'];
-                      $asset_name_select = $row['asset_name'];
+                      $asset_name_select = htmlentities($row['asset_name']);
                    ?>
                      <option <?php if($login_asset_id == $asset_id_select){ echo "selected"; } ?> value="<?php echo $asset_id_select; ?>"><?php echo $asset_name_select; ?></option>
@@ -183,7 +183,7 @@
                    $sql_software = mysqli_query($mysqli,"SELECT * FROM software WHERE software_client_id = $client_id ORDER BY software_name ASC"); 
                    while($row = mysqli_fetch_array($sql_software)){
                      $software_id_select = $row['software_id'];
-                      $software_name_select = $row['software_name'];
+                      $software_name_select = htmlentities($row['software_name']);
                    ?>
                      <option <?php if($login_software_id == $software_id_select){ echo "selected"; } ?> value="<?php echo $software_id_select; ?>"><?php echo $software_name_select; ?></option>
--- a/client_logins.php
+++ b/client_logins.php
@@ -68,28 +68,28 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $login_id = $row['login_id'];
-            $login_name = $row['login_name'];
+            $login_name = htmlentities($row['login_name']);
-            $login_uri = $row['login_uri'];
+            $login_uri = htmlentities($row['login_uri']);
            if(empty($login_uri)){
              $login_uri_display = "-";
            }else{
              $login_uri_display = "$login_uri<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_uri'><i class='far fa-copy text-secondary'></i></button><a href='https://$login_uri' target='_blank'><i class='fa fa-external-link-alt text-secondary'></i></a>";
            }
-            $login_username = $row['login_username'];
+            $login_username = htmlentities($row['login_username']);
            if(empty($login_username)){
              $login_username_display = "-";
            }else{
              $login_username_display = "$login_username<button class='btn btn-sm clipboardjs' data-clipboard-text='$login_username'><i class='far fa-copy text-secondary'></i></button>";
            }
            $login_password = htmlentities(decryptLoginEntry($row['login_password']));
-            $login_otp_secret = $row['login_otp_secret'];
+            $login_otp_secret = htmlentities($row['login_otp_secret']);
            $login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
            if(empty($login_otp_secret)){
              $otp_display = "-";
            }else{
              $otp_display = "<span onmouseenter='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
            }
-            $login_note = $row['login_note'];
+            $login_note = htmlentities($row['login_note']);
            $login_contact_id = $row['login_contact_id'];
            $login_vendor_id = $row['login_vendor_id'];
            $login_asset_id = $row['login_asset_id'];
--- a/client_logs.php
+++ b/client_logs.php
@@ -71,14 +71,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $log_id = $row['log_id'];
-            $log_type = $row['log_type'];
+            $log_type = htmlentities($row['log_type']);
-            $log_action = $row['log_action'];
+            $log_action = htmlentities($row['log_action']);
            $log_description = htmlentities($row['log_description']);
            $log_ip = htmlentities($row['log_ip']);
-            $log_user_agent = $row['log_user_agent'];
+            $log_user_agent = htmlentities($row['log_user_agent']);
            $log_created_at = $row['log_created_at'];
            $user_id = $row['user_id'];
-            $user_name = $row['user_name'];
+            $user_name = htmlentities($row['user_name']);
            if(empty($user_name)){
              $user_name_display = "-";
            }else{
--- a/client_network_add_modal.php
+++ b/client_network_add_modal.php
@@ -74,7 +74,7 @@
                $sql = mysqli_query($mysqli,"SELECT * FROM locations WHERE location_archived_at IS NULL AND location_client_id = $client_id ORDER BY location_name ASC"); 
                while($row = mysqli_fetch_array($sql)){
                  $location_id = $row['location_id'];
-                  $location_name = $row['location_name'];
+                  $location_name = htmlentities($row['location_name']);
                ?>
                <option value="<?php echo $location_id; ?>"><?php echo $location_name; ?></option>
--- a/client_networks.php
+++ b/client_networks.php
@@ -69,23 +69,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $network_id = $row['network_id'];
-            $network_name = $row['network_name'];
+            $network_name = htmlentities($row['network_name']);
-            $network_vlan = $row['network_vlan'];
+            $network_vlan = htmlentities($row['network_vlan']);
            if(empty($network_vlan)){
              $network_vlan_display = "-";
            }else{
              $network_vlan_display = $network_vlan;
            }
-            $network = $row['network'];
+            $network = htmlentities($row['network']);
-            $network_gateway = $row['network_gateway'];
+            $network_gateway = htmlentities($row['network_gateway']);
-            $network_dhcp_range = $row['network_dhcp_range'];
+            $network_dhcp_range = htmlentities($row['network_dhcp_range']);
            if(empty($network_dhcp_range)){
              $network_dhcp_range_display = "-";
            }else{
              $network_dhcp_range_display = $network_dhcp_range;
            }
            $network_location_id = $row['network_location_id'];
-            $location_name = $row['location_name'];
+            $location_name = htmlentities($row['location_name']);
            if(empty($location_name)){
              $location_name_display = "-";
            }else{
--- a/client_payments.php
+++ b/client_payments.php
@@ -74,23 +74,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $invoice_id = $row['invoice_id'];
-            $invoice_prefix = $row['invoice_prefix'];
+            $invoice_prefix = htmlentities($row['invoice_prefix']);
-            $invoice_number = $row['invoice_number'];
+            $invoice_number = htmlentities($row['invoice_number']);
-            $invoice_status = $row['invoice_status'];
+            $invoice_status = htmlentities($row['invoice_status']);
-            $invoice_amount = $row['invoice_amount'];
+            $invoice_amount = htmlentities($row['invoice_amount']);
-            $invoice_currency_code = $row['invoice_currency_code'];
+            $invoice_currency_code = htmlentities($row['invoice_currency_code']);
            $invoice_date = $row['invoice_date'];
            $payment_date = $row['payment_date'];
-            $payment_method = $row['payment_method'];
+            $payment_method = htmlentities($row['payment_method']);
-            $payment_reference = $row['payment_reference'];
+            $payment_reference = htmlentities($row['payment_reference']);
            if(empty($payment_reference)){
              $payment_reference_display = "-";
            }else{
              $payment_reference_display = $payment_reference;
            }
-            $payment_amount = $row['payment_amount'];
+            $payment_amount = htmlentities($row['payment_amount']);
-            $payment_currency_code = $row['payment_currency_code'];
+            $payment_currency_code = htmlentities($row['payment_currency_code']);
-            $account_name = $row['account_name'];
+            $account_name = htmlentities($row['account_name']);
          ?>
--- a/client_quotes.php
+++ b/client_quotes.php
@@ -75,21 +75,21 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $quote_id = $row['quote_id'];
-            $quote_prefix = $row['quote_prefix'];
+            $quote_prefix = htmlentities($row['quote_prefix']);
-            $quote_number = $row['quote_number'];
+            $quote_number = htmlentities($row['quote_number']);
-            $quote_scope = $row['quote_scope'];
+            $quote_scope = htmlentities($row['quote_scope']);
            if(empty($quote_scope)){
              $quote_scope_display = "-";
            }else{
              $quote_scope_display = $quote_scope;
            }
-            $quote_status = $row['quote_status'];
+            $quote_status = htmlentities($row['quote_status']);
            $quote_date = $row['quote_date'];
-            $quote_amount = $row['quote_amount'];
+            $quote_amount = htmlentities($row['quote_amount']);
-            $quote_currency_code = $row['quote_currency_code'];
+            $quote_currency_code = htmlentities($row['quote_currency_code']);
            $quote_created_at = $row['quote_created_at'];
            $category_id = $row['category_id'];
-            $category_name = $row['category_name'];
+            $category_name = htmlentities($row['category_name']);
            //Set Badge color based off of quote status
            if($quote_status == "Sent"){
--- a/client_recurring_invoices.php
+++ b/client_recurring_invoices.php
@@ -71,21 +71,21 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
           while($row = mysqli_fetch_array($sql)){
                $recurring_id = $row['recurring_id'];
-                $recurring_prefix = $row['recurring_prefix'];
+                $recurring_prefix = htmlentities($row['recurring_prefix']);
-                $recurring_number = $row['recurring_number'];
+                $recurring_number = htmlentities($row['recurring_number']);
-                $recurring_scope = $row['recurring_scope'];
+                $recurring_scope = htmlentities($row['recurring_scope']);
-                $recurring_frequency = $row['recurring_frequency'];
+                $recurring_frequency = htmlentities($row['recurring_frequency']);
-                $recurring_status = $row['recurring_status'];
+                $recurring_status = htmlentities($row['recurring_status']);
                $recurring_last_sent = $row['recurring_last_sent'];
                if($recurring_last_sent == 0){
                  $recurring_last_sent = "-";
                }
                $recurring_next_date = $row['recurring_next_date'];
-                $recurring_amount = $row['recurring_amount'];
+                $recurring_amount = htmlentities($row['recurring_amount']);
-                $recurring_currency_code = $row['recurring_currency_code'];
+                $recurring_currency_code = htmlentities($row['recurring_currency_code']);
                $recurring_created_at = $row['recurring_created_at'];
                $category_id = $row['category_id'];
-                $category_name = $row['category_name'];
+                $category_name = htmlentities($row['category_name']);
                if($recurring_status == 1){
                  $status = "Active";
                  $status_badge_color = "success";
--- a/client_scheduled_tickets.php
+++ b/client_scheduled_tickets.php
@@ -67,9 +67,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
        while ($row = mysqli_fetch_array($sql)) {
          $scheduled_ticket_id = $row['scheduled_ticket_id'];
-          $scheduled_ticket_subject = $row['scheduled_ticket_subject'];
+          $scheduled_ticket_subject = htmlentities($row['scheduled_ticket_subject']);
-          $scheduled_ticket_priority = $row['scheduled_ticket_priority'];
+          $scheduled_ticket_priority = htmlentities($row['scheduled_ticket_priority']);
-          $scheduled_ticket_frequency = $row['scheduled_ticket_frequency'];
+          $scheduled_ticket_frequency = htmlentities($row['scheduled_ticket_frequency']);
          $scheduled_ticket_next_run = $row['scheduled_ticket_next_run'];
          ?>
--- a/client_service_add_modal.php
+++ b/client_service_add_modal.php
@@ -104,7 +104,7 @@
                  $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id = '$client_id'");
                  while($row = mysqli_fetch_array($sql)){
                    $contact_id = $row['contact_id'];
-                    $contact_name = $row['contact_name'];
+                    $contact_name = htmlentities($row['contact_name']);
                    echo "<option value=\"$contact_id\">$contact_name</option>";
                  }
                  ?>
@@ -120,7 +120,7 @@
                  $sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = '$client_id'");
                  while($row = mysqli_fetch_array($sql)){
                    $vendor_id = $row['vendor_id'];
-                    $vendor_name = $row['vendor_name'];
+                    $vendor_name = htmlentities($row['vendor_name']);
                    echo "<option value=\"$vendor_id\">$vendor_name</option>";
                  }
                  ?>
@@ -136,7 +136,7 @@
                  $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
                  while($row = mysqli_fetch_array($sql)){
                    $document_id = $row['document_id'];
-                    $document_name = $row['document_name'];
+                    $document_name = htmlentities($row['document_name']);
                    echo "<option value=\"$document_id\">$document_name</option>";
                  }
                  ?>
@@ -162,7 +162,7 @@
                      $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
                      while($row = mysqli_fetch_array($sql)){
                        $asset_id = $row['asset_id'];
-                        $asset_name = $row['asset_name'];
+                        $asset_name = htmlentities($row['asset_name']);
                        echo "<option value=\"$asset_id\">$asset_name</option>";
                      }
                      ?>
@@ -180,7 +180,7 @@
                      $sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
                      while($row = mysqli_fetch_array($sql)){
                        $login_id = $row['login_id'];
-                        $login_name = $row['login_name'];
+                        $login_name = htmlentities($row['login_name']);
                        echo "<option value=\"$login_id\">$login_name</option>";
                      }
                      ?>
@@ -203,7 +203,7 @@
                      $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
                      while($row = mysqli_fetch_array($sql)){
                        $domain_id = $row['domain_id'];
-                        $domain_name = $row['domain_name'];
+                        $domain_name = htmlentities($row['domain_name']);
                        echo "<option value=\"$domain_id\">$domain_name</option>";
                      }
                      ?>
@@ -221,8 +221,8 @@
                      $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
                      while($row = mysqli_fetch_array($sql)){
                        $cert_id = $row['certificate_id'];
-                        $cert_name = $row['certificate_name'];
+                        $cert_name = htmlentities($row['certificate_name']);
-                        $cert_domain = $row['certificate_domain'];
+                        $cert_domain = htmlentities($row['certificate_domain']);
                        echo "<option value=\"$cert_id\">$cert_name ($cert_domain)</option>";
                      }
                      ?>
--- a/client_service_edit_modal.php
+++ b/client_service_edit_modal.php
@@ -111,7 +111,7 @@
                  while($row_all = mysqli_fetch_array($sql_all)){
                    $contact_id = $row_all['contact_id'];
-                    $contact_name = $row_all['contact_name'];
+                    $contact_name = htmlentities($row_all['contact_name']);
                    if(in_array($contact_id, $selected_ids)){
                      echo "<option value=\"$contact_id\" selected>$contact_name</option>";
@@ -135,7 +135,7 @@
                  $sql_all = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id = '$client_id'");
                  while($row_all = mysqli_fetch_array($sql_all)){
                    $vendor_id = $row_all['vendor_id'];
-                    $vendor_name = $row_all['vendor_name'];
+                    $vendor_name = htmlentities($row_all['vendor_name']);
                    if(in_array($vendor_id, $selected_ids)){
                      echo "<option value=\"$vendor_id\" selected>$vendor_name</option>";
@@ -159,7 +159,7 @@
                  $sql_all = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = '$client_id'");
                  while($row_all = mysqli_fetch_array($sql_all)){
                    $document_id = $row_all['document_id'];
-                    $document_name = $row_all['document_name'];
+                    $document_name = htmlentities($row_all['document_name']);
                    if(in_array($document_id, $selected_ids)){
                      echo "<option value=\"$document_id\" selected>$document_name</option>";
@@ -194,7 +194,7 @@
                      $sql_all = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client_id'");
                      while($row_all = mysqli_fetch_array($sql_all)){
                        $asset_id = $row_all['asset_id'];
-                        $asset_name = $row_all['asset_name'];
+                        $asset_name = htmlentities($row_all['asset_name']);
                        if(in_array($asset_id, $selected_ids)){
                          echo "<option value=\"$asset_id\" selected>$asset_name</option>";
@@ -220,7 +220,7 @@
                      $sql_all = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id = '$client_id'");
                      while($row_all = mysqli_fetch_array($sql_all)){
                        $login_id = $row_all['login_id'];
-                        $login_name = $row_all['login_name'];
+                        $login_name = htmlentities($row_all['login_name']);
                        if(in_array($login_id, $selected_ids)){
                          echo "<option value=\"$login_id\" selected>$login_name</option>";
@@ -251,7 +251,7 @@
                      $sql_all = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client_id'");
                      while($row_all = mysqli_fetch_array($sql_all)){
                        $domain_id = $row_all['domain_id'];
-                        $domain_name = $row_all['domain_name'];
+                        $domain_name = htmlentities($row_all['domain_name']);
                        if(in_array($domain_id, $selected_ids)){
                          echo "<option value=\"$domain_id\" selected>$domain_name</option>";
@@ -277,7 +277,7 @@
                      $sql_all = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id'");
                      while($row_all = mysqli_fetch_array($sql_all)){
                        $cert_id = $row_all['certificate_id'];
-                        $cert_name = $row_all['certificate_name'];
+                        $cert_name = htmlentities($row_all['certificate_name']);
                        if(in_array($cert_id, $selected_ids)){
                          echo "<option value=\"$cert_id\" selected>$cert_name</option>";
--- a/client_services.php
+++ b/client_services.php
@@ -59,12 +59,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $service_id = $row['service_id'];
-            $service_name = $row['service_name'];
+            $service_name = htmlentities($row['service_name']);
-            $service_description = $row['service_description'];
+            $service_description = htmlentities($row['service_description']);
-            $service_category = $row['service_category'];
+            $service_category = htmlentities($row['service_category']);
-            $service_importance = $row['service_importance'];
+            $service_importance = htmlentities($row['service_importance']);
-            $service_backup = $row['service_backup'];
+            $service_backup = htmlentities($row['service_backup']);
-            $service_notes = $row['service_notes'];
+            $service_notes = htmlentities($row['service_notes']);
            $service_updated_at = $row['service_updated_at'];
            $service_review_due = $row['service_review_due'];
@@ -109,32 +109,36 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
            // Associated Assets (and their logins/networks/locations)
            $sql_assets = mysqli_query($mysqli, "SELECT * FROM service_assets 
-                                                            LEFT JOIN assets 
+              LEFT JOIN assets 
-                                                              ON service_assets.asset_id = assets.asset_id
+                ON service_assets.asset_id = assets.asset_id
-                                                            LEFT JOIN logins
+              LEFT JOIN logins
-                                                              ON service_assets.asset_id = logins.login_asset_id
+                ON service_assets.asset_id = logins.login_asset_id
-                                                            LEFT JOIN networks
+              LEFT JOIN networks
-                                                              ON assets.asset_network_id = networks.network_id
+                ON assets.asset_network_id = networks.network_id
-                                                            LEFT JOIN locations
+              LEFT JOIN locations
-                                                              ON assets.asset_location_id = locations.location_id
+                ON assets.asset_location_id = locations.location_id
-                                                            WHERE service_id = '$service_id'");
+              WHERE service_id = '$service_id'"
            );
            // Associated logins
            $sql_logins = mysqli_query($mysqli, "SELECT * FROM service_logins
-                                                            LEFT JOIN logins
+              LEFT JOIN logins
-                                                              ON service_logins.login_id = logins.login_id
+                ON service_logins.login_id = logins.login_id
-                                                            WHERE service_id = '$service_id'");
+              WHERE service_id = '$service_id'"
            );
            // Associated Domains
            $sql_domains = mysqli_query($mysqli, "SELECT * FROM service_domains
-                                                          LEFT JOIN domains
+              LEFT JOIN domains
-                                                            ON service_domains.domain_id = domains.domain_id
+                ON service_domains.domain_id = domains.domain_id
-                                                          WHERE service_id = '$service_id'");
+              WHERE service_id = '$service_id'"
            );
            // Associated Certificates
            $sql_certificates = mysqli_query($mysqli, "SELECT * FROM service_certificates
-                                                          LEFT JOIN certificates
+              LEFT JOIN certificates
-                                                            ON service_certificates.certificate_id = certificates.certificate_id
+                ON service_certificates.certificate_id = certificates.certificate_id
-                                                          WHERE service_id = '$service_id'");
+              WHERE service_id = '$service_id'"
            );
            // Associated URLs ---- REMOVED for now
            //$sql_urls = mysqli_query($mysqli, "SELECT * FROM service_urls
@@ -142,21 +146,24 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
            // Associated Vendors
            $sql_vendors = mysqli_query($mysqli, "SELECT * FROM service_vendors
-                                                          LEFT JOIN vendors
+              LEFT JOIN vendors
-                                                            ON service_vendors.vendor_id = vendors.vendor_id
+                ON service_vendors.vendor_id = vendors.vendor_id
-                                                          WHERE service_id = '$service_id'");
+              WHERE service_id = '$service_id'"
            );
            // Associated Contacts
            $sql_contacts = mysqli_query($mysqli, "SELECT * FROM service_contacts
-                                                          LEFT JOIN contacts
+              LEFT JOIN contacts
-                                                            ON service_contacts.contact_id = contacts.contact_id
+                ON service_contacts.contact_id = contacts.contact_id
-                                                          WHERE service_id = '$service_id'");
+              WHERE service_id = '$service_id'"
            );
            // Associated Documents
            $sql_docs = mysqli_query($mysqli, "SELECT * FROM service_documents
-                                                          LEFT JOIN documents
+              LEFT JOIN documents
-                                                            ON service_documents.document_id = documents.document_id
+                ON service_documents.document_id = documents.document_id
-                                                          WHERE service_id = '$service_id'");
+              WHERE service_id = '$service_id'"
            );
            include("client_service_edit_modal.php");
            include("client_service_view_modal.php");
--- a/client_shared_items.php
+++ b/client_shared_items.php
@@ -69,30 +69,30 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $item_id = $row['item_id'];
-            $item_active = $row['item_active'];
+            $item_active = htmlentities($row['item_active']);
-            $item_key = $row['item_key'];
+            $item_key = htmlentities($row['item_key']);
-            $item_type = $row['item_type'];
+            $item_type = htmlentities($row['item_type']);
            $item_related_id = $row['item_related_id'];
-            $item_note = $row['item_note'];
+            $item_note = htmlentities($row['item_note']);
-            $item_views = $row['item_views'];
+            $item_views = htmlentities($row['item_views']);
-            $item_view_limit = $row['item_view_limit'];
+            $item_view_limit = htmlentities($row['item_view_limit']);
            $item_created_at = $row['item_created_at'];
            $item_expire_at = $row['item_expire_at'];
            if($item_type == 'Login'){
              $share_item_sql = mysqli_query($mysqli, "SELECT login_name FROM logins WHERE login_id = '$item_related_id' AND login_client_id = '$client_id'");
              $share_item = mysqli_fetch_array($share_item_sql);
-              $item_name = $share_item['login_name'];
+              $item_name = htmlentities($share_item['login_name']);
            }
            elseif($item_type == 'Document'){
              $share_item_sql = mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_related_id' AND document_client_id = '$client_id'");
              $share_item = mysqli_fetch_array($share_item_sql);
-              $item_name = $share_item['document_name'];
+              $item_name = htmlentities($share_item['document_name']);
            }
            elseif($item_type == 'File'){
              $share_item_sql = mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id'");
              $share_item = mysqli_fetch_array($share_item_sql);
-              $item_name = $share_item['file_name'];
+              $item_name = htmlentities($share_item['file_name']);
            }
--- a/client_software.php
+++ b/client_software.php
@@ -68,20 +68,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){    
            $software_id = $row['software_id'];
-            $software_name = $row['software_name'];
+            $software_name = htmlentities($row['software_name']);
-            $software_version = $row['software_version'];
+            $software_version = htmlentities($row['software_version']);
-            $software_type = $row['software_type'];
+            $software_type = htmlentities($row['software_type']);
-            $software_license_type = $row['software_license_type'];
+            $software_license_type = htmlentities($row['software_license_type']);
-            $software_key = $row['software_key'];
+            $software_key = htmlentities($row['software_key']);
-            $software_seats = $row['software_seats'];
+            $software_seats = htmlentities($row['software_seats']);
            $software_purchase = $row['software_purchase'];
            $software_expire = $row['software_expire'];
-            $software_notes = $row['software_notes'];
+            $software_notes = htmlentities($row['software_notes']);
            // Get Login
            $login_id = $row['login_id'];
-            $login_username = $row['login_username'];
+            $login_username = htmlentities($row['login_username']);
-            $login_password = decryptLoginEntry($row['login_password']);
+            $login_password = htmlentities(decryptLoginEntry($row['login_password']));
            $seat_count = 0;
--- a/client_software_add_modal.php
+++ b/client_software_add_modal.php
@@ -140,9 +140,9 @@
                while($row = mysqli_fetch_array($sql)){
                  $asset_id = $row['asset_id'];
-                  $asset_name = $row['asset_name'];
+                  $asset_name = htmlentities($row['asset_name']);
-                  $asset_type = $row['asset_type'];
+                  $asset_type = htmlentities($row['asset_type']);
-                  $contact_name = $row['contact_name'];
+                  $contact_name = htmlentities($row['contact_name']);
                ?>
                  <li class="list-group-item">
@@ -173,8 +173,8 @@
                while($row = mysqli_fetch_array($sql)){
                  $contact_id = $row['contact_id'];
-                  $contact_name = $row['contact_name'];
+                  $contact_name = htmlentities($row['contact_name']);
-                  $contact_email = $row['contact_email'];
+                  $contact_email = htmlentities($row['contact_email']);
                ?>
                  <li class="list-group-item">
--- a/client_software_edit_modal.php
+++ b/client_software_edit_modal.php
@@ -140,9 +140,9 @@
                while($row = mysqli_fetch_array($sql_assets_select)){
                  $asset_id_select = $row['asset_id'];
-                  $asset_name_select = $row['asset_name'];
+                  $asset_name_select = htmlentities($row['asset_name']);
-                  $asset_type_select = $row['asset_type'];
+                  $asset_type_select = htmlentities($row['asset_type']);
-                  $contact_name_select = $row['contact_name'];
+                  $contact_name_select = htmlentities($row['contact_name']);
                ?>
                  <li class="list-group-item">
@@ -173,8 +173,8 @@
                while($row = mysqli_fetch_array($sql_contacts_select)){
                  $contact_id_select = $row['contact_id'];
-                  $contact_name_select = $row['contact_name'];
+                  $contact_name_select = htmlentities($row['contact_name']);
-                  $contact_email_select = $row['contact_email'];
+                  $contact_email_select = htmlentities($row['contact_email']);
                ?>
                  <li class="list-group-item">
--- a/client_tickets.php
+++ b/client_tickets.php
@@ -82,12 +82,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $ticket_id = $row['ticket_id'];
-            $ticket_prefix = $row['ticket_prefix'];
+            $ticket_prefix = htmlentities($row['ticket_prefix']);
-            $ticket_number = $row['ticket_number'];
+            $ticket_number = htmlentities($row['ticket_number']);
-            $ticket_subject = $row['ticket_subject'];
+            $ticket_subject = htmlentities($row['ticket_subject']);
            $ticket_details = $row['ticket_details'];
-            $ticket_priority = $row['ticket_priority'];
+            $ticket_priority = htmlentities($row['ticket_priority']);
-            $ticket_status = $row['ticket_status'];
+            $ticket_status = htmlentities($row['ticket_status']);
            $ticket_created_at = $row['ticket_created_at'];
            $ticket_updated_at = $row['ticket_updated_at'];
              if (empty($ticket_updated_at)) {
@@ -128,26 +128,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
                      $ticket_assigned_to_display = "<p class='text-danger'>Not Assigned</p>";
                  }
              } else {
-                  $ticket_assigned_to_display = $row['user_name'];
+                  $ticket_assigned_to_display = htmlentities($row['user_name']);
              }
            $contact_id = $row['contact_id'];
-            $contact_name = $row['contact_name'];
+            $contact_name = htmlentities($row['contact_name']);
            if(empty($contact_name)){
              $contact_display = "-";
            }else{
              $contact_display = "$contact_name<br><small class='text-secondary'>$contact_email</small>";
            }
-            $contact_title = $row['contact_title'];
+            $contact_title = htmlentities($row['contact_title']);
-            $contact_email = $row['contact_email'];
+            $contact_email = htmlentities($row['contact_email']);
-            $contact_phone = $row['contact_phone'];
+            $contact_phone = formatPhoneNumber($row['contact_phone']);
-            if(strlen($contact_phone)>2){ 
+            $contact_extension = htmlentities($row['contact_extension']);
-              $contact_phone = substr($row['contact_phone'],0,3)."-".substr($row['contact_phone'],3,3)."-".substr($row['contact_phone'],6,4);
+            $contact_mobile = formatPhoneNumber($row['contact_mobile']);
            }
            $contact_extension = $row['contact_extension'];
            $contact_mobile = $row['contact_mobile'];
            if(strlen($contact_mobile)>2){ 
              $contact_mobile = substr($row['contact_mobile'],0,3)."-".substr($row['contact_mobile'],3,3)."-".substr($row['contact_mobile'],6,4);
            }
          ?>
--- a/client_trips.php
+++ b/client_trips.php
@@ -88,12 +88,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $trip_id = $row['trip_id'];
            $trip_date = $row['trip_date'];
-            $trip_purpose = $row['trip_purpose'];
+            $trip_purpose = htmlentities($row['trip_purpose']);
-            $trip_source = $row['trip_source'];
+            $trip_source = htmlentities($row['trip_source']);
-            $trip_destination = $row['trip_destination'];
+            $trip_destination = htmlentities($row['trip_destination']);
-            $trip_miles = $row['trip_miles'];
+            $trip_miles = htmlentities($row['trip_miles']);
            $trip_user_id = $row['trip_user_id'];
-            $round_trip = $row['round_trip'];
+            $round_trip = htmlentities($row['round_trip']);
            $client_id = $row['trip_client_id'];
            if($round_trip == 1){
@@ -101,7 +101,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
            }else{
              $round_trip_display = "";
            }
-            $user_name = $row['user_name'];
+            $user_name = htmlentities($row['user_name']);
            if(empty($user_name)){
              $user_name_display = "-";
            }else{
--- a/client_vendors.php
+++ b/client_vendors.php
@@ -77,28 +77,28 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $vendor_id = $row['vendor_id'];
-            $vendor_name = $row['vendor_name'];
+            $vendor_name = htmlentities($row['vendor_name']);
-            $vendor_description = $row['vendor_description'];
+            $vendor_description = htmlentities($row['vendor_description']);
            if(empty($vendor_description)){
              $vendor_description_display = "-";
            }else{
              $vendor_description_display = $vendor_description;
            }
-            $vendor_account_number = $row['vendor_account_number'];
+            $vendor_account_number = htmlentities($row['vendor_account_number']);
-            $vendor_contact_name = $row['vendor_contact_name'];
+            $vendor_contact_name = htmlentities($row['vendor_contact_name']);
            if(empty($vendor_contact_name)){
              $vendor_contact_name_display = "-";
            }else{
              $vendor_contact_name_display = $vendor_contact_name;
            }
            $vendor_phone = formatPhoneNumber($row['vendor_phone']);
-            $vendor_extension = $row['vendor_extension'];
+            $vendor_extension = htmlentities($row['vendor_extension']);
-            $vendor_email = $row['vendor_email'];
+            $vendor_email = htmlentities($row['vendor_email']);
-            $vendor_website = $row['vendor_website'];
+            $vendor_website = htmlentities($row['vendor_website']);
-            $vendor_hours = $row['vendor_hours'];
+            $vendor_hours = htmlentities($row['vendor_hours']);
-            $vendor_sla = $row['vendor_sla'];
+            $vendor_sla = htmlentities($row['vendor_sla']);
-            $vendor_code = $row['vendor_code'];
+            $vendor_code = htmlentities($row['vendor_code']);
-            $vendor_notes = $row['vendor_notes'];
+            $vendor_notes = htmlentities($row['vendor_notes']);
            $vendor_template_id = $row['vendor_template_id'];
          ?>
--- a/clients.php
+++ b/clients.php
@@ -177,31 +177,31 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $client_id = $row['client_id'];
-            $client_name = $row['client_name'];
+            $client_name = htmlentities($row['client_name']);
-            $client_type = $row['client_type'];
+            $client_type = htmlentities($row['client_type']);
            $location_id = $row['location_id'];
-            $location_country = $row['location_country'];
+            $location_country = htmlentities($row['location_country']);
-            $location_address = $row['location_address'];
+            $location_address = htmlentities($row['location_address']);
-            $location_city = $row['location_city'];
+            $location_city = htmlentities($row['location_city']);
-            $location_state = $row['location_state'];
+            $location_state = htmlentities($row['location_state']);
-            $location_zip = $row['location_zip'];
+            $location_zip = htmlentities($row['location_zip']);
            if(empty($location_address) && empty($location_city) && empty($location_state) && empty($location_zip)){
              $location_address_display = "-";
            }else{
              $location_address_display = "$location_address<br>$location_city $location_state $location_zip";
            }
            $contact_id = $row['contact_id'];
-            $contact_name = $row['contact_name'];
+            $contact_name = htmlentities($row['contact_name']);
-            $contact_title = $row['contact_title'];
+            $contact_title = htmlentities($row['contact_title']);
            $contact_phone = formatPhoneNumber($row['contact_phone']);
-            $contact_extension = $row['contact_extension'];
+            $contact_extension = htmlentities($row['contact_extension']);
            $contact_mobile = formatPhoneNumber($row['contact_mobile']);
-            $contact_email = $row['contact_email'];
+            $contact_email = htmlentities($row['contact_email']);
-            $client_website = $row['client_website'];
+            $client_website = htmlentities($row['client_website']);
-            $client_currency_code = $row['client_currency_code'];
+            $client_currency_code = htmlentities($row['client_currency_code']);
-            $client_net_terms = $row['client_net_terms'];
+            $client_net_terms = htmlentities($row['client_net_terms']);
-            $client_referral = $row['client_referral'];
+            $client_referral = htmlentities($row['client_referral']);
-            $client_notes = $row['client_notes'];
+            $client_notes = htmlentities($row['client_notes']);
            $client_created_at = $row['client_created_at'];
            $client_updated_at = $row['client_updated_at'];
            $client_archive_at = $row['client_archived_at'];
@@ -214,9 +214,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
            while($row = mysqli_fetch_array($sql_client_tags)){
              $client_tag_id = $row['tag_id'];
-              $client_tag_name = $row['tag_name'];
+              $client_tag_name = htmlentities($row['tag_name']);
-              $client_tag_color = $row['tag_color'];
+              $client_tag_color = htmlentities($row['tag_color']);
-              $client_tag_icon = $row['tag_icon'];
+              $client_tag_icon = htmlentities($row['tag_icon']);
              if(empty($client_tag_icon)){
                $client_tag_icon = "tag";
              }
--- a/companies.php
+++ b/companies.php
@@ -52,20 +52,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $company_id = $row['company_id'];
-            $company_name = $row['company_name'];
+            $company_name = htmlentities($row['company_name']);
-            $company_country = $row['company_country'];
+            $company_country = htmlentities($row['company_country']);
-            $company_address = $row['company_address'];
+            $company_address = htmlentities($row['company_address']);
-            $company_city = $row['company_city'];
+            $company_city = htmlentities($row['company_city']);
-            $company_state = $row['company_state'];
+            $company_state = htmlentities($row['company_state']);
-            $company_zip = $row['company_zip'];
+            $company_zip = htmlentities($row['company_zip']);
            $company_phone = formatPhoneNumber($row['company_phone']);
-            $company_email = $row['company_email'];
+            $company_email = htmlentities($row['company_email']);
-            $company_website = $row['company_website'];
+            $company_website = htmlentities($row['company_website']);
-            $company_logo = $row['company_logo'];
+            $company_logo = htmlentities($row['company_logo']);
-            $company_locale = $row['company_locale'];
+            $company_locale = htmlentities($row['company_locale']);
-            $company_currency = $row['company_currency'];
+            $company_currency = htmlentities($row['company_currency']);
-            $company_initials = initials($company_name);
+            $company_initials = htmlentities(initials($company_name));
--- a/dashboard_financial.php
+++ b/dashboard_financial.php
@@ -334,7 +334,7 @@ $vendors_added = $row['vendors_added'];
          	<?php
          	while($row = mysqli_fetch_array($sql_accounts)){
 	            $account_id = $row['account_id'];
-	            $account_name = $row['account_name'];
+	            $account_name = htmlentities($row['account_name']);
 	            $opening_balance = $row['opening_balance'];
 	          ?>
@@ -394,10 +394,10 @@ $vendors_added = $row['vendors_added'];
            <?php
          	while($row = mysqli_fetch_array($sql_latest_invoice_payments)){
 	            $payment_date = $row['payment_date'];
-	            $payment_amount = $row['payment_amount'];
+	            $payment_amount = htmlentities($row['payment_amount']);
-	            $invoice_prefix = $row['invoice_prefix'];
+	            $invoice_prefix = htmlentities($row['invoice_prefix']);
-              $invoice_number = $row['invoice_number'];
+              $invoice_number = htmlentities($row['invoice_number']);
-	            $client_name = $row['client_name'];
+	            $client_name = htmlentities($row['client_name']);
 		        ?>
            <tr>
              <td><?php echo $payment_date; ?></td>
@@ -437,9 +437,9 @@ $vendors_added = $row['vendors_added'];
          	<?php
          	while($row = mysqli_fetch_array($sql_latest_expenses)){
 	            $expense_date = $row['expense_date'];
-	            $expense_amount = $row['expense_amount'];
+	            $expense_amount = htmlentities($row['expense_amount']);
-	            $vendor_name = $row['vendor_name'];
+	            $vendor_name = htmlentities($row['vendor_name']);
-	            $category_name = $row['category_name'];
+	            $category_name = htmlentities($row['category_name']);
 		        ?>
            <tr>
@@ -741,8 +741,8 @@ var myPieChart = new Chart(ctx, {
      <?php
        $sql_categories = mysqli_query($mysqli,"SELECT DISTINCT category_name, category_id FROM categories, invoices WHERE invoice_category_id = category_id AND invoice_status = 'Paid' AND YEAR(invoice_date) = $year AND categories.company_id = $session_company_id");
        while($row = mysqli_fetch_array($sql_categories)){
-          $category_name = $row['category_name'];
+          $category_name = json_encode($row['category_name']);
-          echo "\"$category_name\",";
+          echo "$category_name,";
        }
      ?>
@@ -768,8 +768,8 @@ var myPieChart = new Chart(ctx, {
        <?php
           $sql_categories = mysqli_query($mysqli,"SELECT DISTINCT category_name, category_id, category_color FROM categories, invoices WHERE invoice_category_id = category_id AND YEAR(invoice_date) = $year AND categories.company_id = $session_company_id");
          while($row = mysqli_fetch_array($sql_categories)){
-            $category_color = $row['category_color'];
+            $category_color = json_encode($row['category_color']);
-            echo "\"$category_color\",";
+            echo "$category_color,";
          }
        ?>
@@ -798,8 +798,8 @@ var myPieChart = new Chart(ctx, {
      <?php
        $sql_categories = mysqli_query($mysqli,"SELECT DISTINCT category_name, categories.category_id FROM categories, expenses WHERE expense_category_id = category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year AND categories.company_id = $session_company_id");
        while($row = mysqli_fetch_array($sql_categories)){
-          $category_name = $row['category_name'];
+          $category_name = json_encode($row['category_name']);
-          echo "\"$category_name\",";
+          echo "$category_name,";
        }
      ?>
@@ -825,8 +825,8 @@ var myPieChart = new Chart(ctx, {
        <?php
          $sql_categories = mysqli_query($mysqli,"SELECT DISTINCT category_name, category_color FROM categories, expenses WHERE expense_category_id = categories.category_id AND expense_vendor_id > 0 AND YEAR(expense_date) = $year AND categories.company_id = $session_company_id");
          while($row = mysqli_fetch_array($sql_categories)){
-            $category_color = $row['category_color'];
+            $category_color = json_encode($row['category_color']);
-            echo "\"$category_color\",";
+            echo "$category_color,";
          }
        ?>
@@ -851,8 +851,8 @@ var myPieChart = new Chart(ctx, {
      <?php
        $sql_vendors = mysqli_query($mysqli,"SELECT DISTINCT vendor_name, vendor_id FROM vendors, expenses WHERE expense_vendor_id = vendor_id AND YEAR(expense_date) = $year AND vendors.company_id = $session_company_id");
        while($row = mysqli_fetch_array($sql_vendors)){
-          $vendor_name = $row['vendor_name'];
+          $vendor_name = json_encode($row['vendor_name']);
-          echo "\"$vendor_name\",";
+          echo "$vendor_name,";
        }
      ?>
@@ -878,8 +878,8 @@ var myPieChart = new Chart(ctx, {
        <?php
          $sql_categories = mysqli_query($mysqli,"SELECT DISTINCT category_name, category_color FROM categories, expenses WHERE expense_category_id = category_id AND YEAR(expense_date) = $year AND categories.company_id = $session_company_id");
          while($row = mysqli_fetch_array($sql_categories)){
-            $category_color = $row['category_color'];
+            $category_color = json_encode($row['category_color']);
-            echo "\"$category_color\",";
+            echo "$category_color,";
          }
        ?>
--- a/expense_add_modal.php
+++ b/expense_add_modal.php
@@ -46,8 +46,8 @@
                  $sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE account_archived_at IS NULL AND company_id = $session_company_id ORDER BY account_name ASC"); 
                  while($row = mysqli_fetch_array($sql)){
                    $account_id = $row['account_id'];
-                    $account_name = $row['account_name'];
+                    $account_name = htmlentities($row['account_name']);
-                    $opening_balance = $row['opening_balance'];
+                    $opening_balance = htmlentities($row['opening_balance']);
                    $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
                    $row = mysqli_fetch_array($sql_payments);
@@ -86,7 +86,7 @@
                  $sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_client_id = 0 AND vendor_archived_at IS NULL AND company_id = $session_company_id ORDER BY vendor_name ASC"); 
                  while($row = mysqli_fetch_array($sql)){
                    $vendor_id = $row['vendor_id'];
-                    $vendor_name = $row['vendor_name'];
+                    $vendor_name = htmlentities($row['vendor_name']);
                  ?>
                    <option value="<?php echo $vendor_id; ?>"><?php echo $vendor_name; ?></option>
@@ -121,7 +121,7 @@
                  $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Expense' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC"); 
                  while($row = mysqli_fetch_array($sql)){
                    $category_id = $row['category_id'];
-                    $category_name = $row['category_name'];
+                    $category_name = htmlentities($row['category_name']);
                  ?>
                    <option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
--- a/expense_copy_modal.php
+++ b/expense_copy_modal.php
@@ -47,8 +47,8 @@
                  $sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id ORDER BY account_name ASC"); 
                  while($row = mysqli_fetch_array($sql_accounts)){
                    $account_id_select = $row['account_id'];
-                    $account_name_select = $row['account_name'];
+                    $account_name_select = htmlentities($row['account_name']);
-                    $opening_balance = $row['opening_balance'];
+                    $opening_balance = htmlentities($row['opening_balance']);
                    $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id_select");
                    $row = mysqli_fetch_array($sql_payments);
@@ -85,7 +85,7 @@
                  $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE company_id = $session_company_id ORDER BY vendor_name ASC"); 
                  while($row = mysqli_fetch_array($sql_vendors)){
                    $vendor_id_select = $row['vendor_id'];
-                    $vendor_name_select = $row['vendor_name'];
+                    $vendor_name_select = htmlentities($row['vendor_name']);
                  ?>
                  <option <?php if($expense_vendor_id == $vendor_id_select){ ?> selected <?php } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
                  <?php
@@ -117,7 +117,7 @@
                  $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Expense' AND company_id = $session_company_id ORDER BY category_name ASC"); 
                  while($row = mysqli_fetch_array($sql_categories)){
                    $category_id_select = $row['category_id'];
-                    $category_name_select = $row['category_name'];
+                    $category_name_select = htmlentities($row['category_name']);
                  ?>
                  <option <?php if($expense_category_id == $category_id_select){ ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
                  <?php
--- a/expense_edit_modal.php
+++ b/expense_edit_modal.php
@@ -49,8 +49,8 @@
                  $sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts WHERE (account_archived_at > '$expense_created_at' OR account_archived_at IS NULL) AND company_id = $session_company_id ORDER BY account_name ASC"); 
                  while($row = mysqli_fetch_array($sql_accounts)){
                    $account_id_select = $row['account_id'];
-                    $account_name_select = $row['account_name'];
+                    $account_name_select = htmlentities($row['account_name']);
-                    $opening_balance = $row['opening_balance'];
+                    $opening_balance = htmlentities($row['opening_balance']);
                    $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id_select");
                    $row = mysqli_fetch_array($sql_payments);
@@ -88,7 +88,7 @@
                  $sql_select = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_client_id = 0 AND (vendor_archived_at > '$expense_created_at' OR vendor_archived_at IS NULL) AND company_id = $session_company_id ORDER BY vendor_name ASC"); 
                  while($row = mysqli_fetch_array($sql_select)){
                    $vendor_id_select = $row['vendor_id'];
-                    $vendor_name_select = $row['vendor_name'];
+                    $vendor_name_select = htmlentities($row['vendor_name']);
                  ?>
                  <option <?php if($expense_vendor_id == $vendor_id_select){ ?> selected <?php } ?> value="<?php echo $vendor_id_select; ?>"><?php echo $vendor_name_select; ?></option>
                  <?php
@@ -123,7 +123,7 @@
                  $sql_select = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Expense' AND (category_archived_at > '$expense_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC"); 
                  while($row = mysqli_fetch_array($sql_select)){
                    $category_id_select = $row['category_id'];
-                    $category_name_select = $row['category_name'];
+                    $category_name_select = htmlentities($row['category_name']);
                  ?>
                  <option <?php if($expense_category_id == $category_id_select){ ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
                  <?php
--- a/expenses.php
+++ b/expenses.php
@@ -149,17 +149,17 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $expense_id = $row['expense_id'];
            $expense_date = $row['expense_date'];
-            $expense_amount = $row['expense_amount'];
+            $expense_amount = htmlentities($row['expense_amount']);
-            $expense_currency_code = $row['expense_currency_code'];
+            $expense_currency_code = htmlentities($row['expense_currency_code']);
-            $expense_description = $row['expense_description'];
+            $expense_description = htmlentities($row['expense_description']);
-            $expense_receipt = $row['expense_receipt'];
+            $expense_receipt = htmlentities($row['expense_receipt']);
-            $expense_reference = $row['expense_reference'];
+            $expense_reference = htmlentities($row['expense_reference']);
            $expense_created_at = $row['expense_created_at'];
            $expense_vendor_id = $row['expense_vendor_id'];
-            $vendor_name = $row['vendor_name'];
+            $vendor_name = htmlentities($row['vendor_name']);
            $expense_category_id = $row['expense_category_id'];
-            $category_name = $row['category_name'];
+            $category_name = htmlentities($row['category_name']);
-            $account_name = $row['account_name'];
+            $account_name = htmlentities($row['account_name']);
            $expense_account_id = $row['expense_account_id'];
            if(empty($expense_receipt)){
--- a/global_search.php
+++ b/global_search.php
@@ -48,9 +48,9 @@ if(isset($_GET['query'])){
                while($row = mysqli_fetch_array($sql_clients)){
                    $client_id = $row['client_id'];
-                    $client_name = $row['client_name'];
+                    $client_name = htmlentities($row['client_name']);
                    $location_phone = formatPhoneNumber($row['location_phone']);
-                    $client_website = $row['client_website'];
+                    $client_website = htmlentities($row['client_website']);
                    ?>
                    <tr>
@@ -94,15 +94,15 @@ if(isset($_GET['query'])){
                while($row = mysqli_fetch_array($sql_contacts)){
                    $contact_id = $row['contact_id'];
-                    $contact_name = $row['contact_name'];
+                    $contact_name = htmlentities($row['contact_name']);
-                    $contact_title = $row['contact_title'];
+                    $contact_title = htmlentities($row['contact_title']);
                    $contact_phone = formatPhoneNumber($row['contact_phone']);
-                    $contact_extension = $row['contact_extension'];
+                    $contact_extension = htmlentities($row['contact_extension']);
                    $contact_mobile = formatPhoneNumber($row['contact_mobile']);
-                    $contact_email = $row['contact_email'];
+                    $contact_email = htmlentities($row['contact_email']);
                    $client_id = $row['client_id'];
-                    $client_name = $row['client_name'];
+                    $client_name = htmlentities($row['client_name']);
-                    $contact_department = $row['contact_department'];
+                    $contact_department = htmlentities($row['contact_department']);
                    ?>
                    <tr>
@@ -147,8 +147,8 @@ if(isset($_GET['query'])){
                <?php
                while($row = mysqli_fetch_array($sql_vendors)){
-                    $vendor_name = $row['vendor_name'];
+                    $vendor_name = htmlentities($row['vendor_name']);
-                    $vendor_description = $row['vendor_description'];
+                    $vendor_description = htmlentities($row['vendor_description']);
                    $vendor_phone = formatPhoneNumber($row['vendor_phone']);
                    ?>
                    <tr>
@@ -189,8 +189,8 @@ if(isset($_GET['query'])){
                        <?php
                        while($row = mysqli_fetch_array($sql_products)){
-                            $product_name = $row['product_name'];
+                            $product_name = htmlentities($row['product_name']);
-                            $product_description = $row['product_description'];
+                            $product_description = htmlentities($row['product_description']);
                            ?>
                            <tr>
                                <td><a href="products.php?q=<?php echo $q ?>"><?php echo $product_name; ?></a></td>
@@ -230,9 +230,9 @@ if(isset($_GET['query'])){
                        <?php
                        while($row = mysqli_fetch_array($sql_documents)){
-                            $document_name = $row['document_name'];
+                            $document_name = htmlentities($row['document_name']);
                            $document_client_id = $row['document_client_id'];
-                            $document_client = $row['client_name'];
+                            $document_client = htmlentities($row['client_name']);
                            $document_updated = $row['document_updated_at'];
                            ?>
@@ -276,9 +276,9 @@ if(isset($_GET['query'])){
                        while($row = mysqli_fetch_array($sql_tickets)){
                            $ticket_id = $row['ticket_id'];
-                            $ticket_subject = $row['ticket_subject'];
+                            $ticket_subject = htmlentities($row['ticket_subject']);
-                            $ticket_client = $row['client_name'];
+                            $ticket_client = htmlentities($row['client_name']);
-                            $ticket_status = $row['ticket_status'];
+                            $ticket_status = htmlentities($row['ticket_status']);
                            ?>
                            <tr>
@@ -321,10 +321,10 @@ if(isset($_GET['query'])){
                        <?php
                        while($row = mysqli_fetch_array($sql_logins)){
-                            $login_name = $row['login_name'];
+                            $login_name = htmlentities($row['login_name']);
                            $login_client_id = $row['login_client_id'];
-                            $login_username = $row['login_username'];
+                            $login_username = htmlentities($row['login_username']);
-                            $login_password = decryptLoginEntry($row['login_password']);
+                            $login_password = htmlentities(decryptLoginEntry($row['login_password']));
                            ?>
                            <tr>
--- a/guest_view_invoice.php
+++ b/guest_view_invoice.php
@@ -21,45 +21,45 @@ if(isset($_GET['invoice_id'], $_GET['url_key'])){
    $row = mysqli_fetch_array($sql);
    $invoice_id = $row['invoice_id'];
-    $invoice_prefix = $row['invoice_prefix'];
+    $invoice_prefix = htmlentities($row['invoice_prefix']);
-    $invoice_number = $row['invoice_number'];
+    $invoice_number = htmlentities($row['invoice_number']);
-    $invoice_status = $row['invoice_status'];
+    $invoice_status = htmlentities($row['invoice_status']);
    $invoice_date = $row['invoice_date'];
    $invoice_due = $row['invoice_due'];
-    $invoice_amount = $row['invoice_amount'];
+    $invoice_amount = htmlentities($row['invoice_amount']);
-    $invoice_currency_code = $row['invoice_currency_code'];
+    $invoice_currency_code = htmlentities($row['invoice_currency_code']);
-    $invoice_note = $row['invoice_note'];
+    $invoice_note = htmlentities($row['invoice_note']);
    $invoice_category_id = $row['invoice_category_id'];
    $client_id = $row['client_id'];
-    $client_name = $row['client_name'];
+    $client_name = htmlentities($row['client_name']);
-    $location_address = $row['location_address'];
+    $location_address = htmlentities($row['location_address']);
-    $location_city = $row['location_city'];
+    $location_city = htmlentities($row['location_city']);
-    $location_state = $row['location_state'];
+    $location_state = htmlentities($row['location_state']);
-    $location_zip = $row['location_zip'];
+    $location_zip = htmlentities($row['location_zip']);
-    $contact_email = $row['contact_email'];
+    $contact_email = htmlentities($row['contact_email']);
    $contact_phone = formatPhoneNumber($row['contact_phone']);
-    $contact_extension = $row['contact_extension'];
+    $contact_extension = htmlentities($row['contact_extension']);
    $contact_mobile = formatPhoneNumber($row['contact_mobile']);
-    $client_website = $row['client_website'];
+    $client_website = htmlentities($row['client_website']);
-    $client_currency_code = $row['client_currency_code'];
+    $client_currency_code = htmlentities($row['client_currency_code']);
-    $client_net_terms = $row['client_net_terms'];
+    $client_net_terms = htmlentities($row['client_net_terms']);
    if($client_net_terms == 0){
      $client_net_terms = $config_default_net_terms;
    }
    $company_id = $row['company_id'];
-    $company_name = $row['company_name'];
+    $company_name = htmlentities($row['company_name']);
-    $company_address = $row['company_address'];
+    $company_address = htmlentities($row['company_address']);
-    $company_city = $row['company_city'];
+    $company_city = htmlentities($row['company_city']);
-    $company_state = $row['company_state'];
+    $company_state = htmlentities($row['company_state']);
-    $company_zip = $row['company_zip'];
+    $company_zip = htmlentities($row['company_zip']);
    $company_phone = formatPhoneNumber($row['company_phone']);
-    $company_email = $row['company_email'];
+    $company_email = htmlentities($row['company_email']);
-    $company_logo = $row['company_logo'];
+    $company_logo = htmlentities($row['company_logo']);
    if(!empty($company_logo)){
      $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
    }
-    $company_locale = $row['company_locale'];
+    $company_locale = htmlentities($row['company_locale']);
-    $config_invoice_footer = $row['config_invoice_footer'];
+    $config_invoice_footer = htmlentities($row['config_invoice_footer']);
    $config_stripe_enable = $row['config_stripe_enable'];
    $config_stripe_publishable = $row['config_stripe_publishable'];
    $config_stripe_secret = $row['config_stripe_secret'];
@@ -216,8 +216,8 @@ if(isset($_GET['invoice_id'], $_GET['url_key'])){
                  while($row = mysqli_fetch_array($sql_invoice_items)){
                    $item_id = $row['item_id'];
-                    $item_name = $row['item_name'];
+                    $item_name = htmlentities($row['item_name']);
-                    $item_description = $row['item_description'];
+                    $item_description = htmlentities($row['item_description']);
                    $item_quantity = $row['item_quantity'];
                    $item_price = $row['item_price'];
                    $item_subtotal = $row['item_price'];
@@ -300,8 +300,8 @@ if(isset($_GET['invoice_id'], $_GET['url_key'])){
 var docDefinition = {
 	info: {
-		title: '<?php echo "$company_name - Invoice"; ?>',
+		title: <?php echo json_encode(html_entity_decode($company_name) . "- Invoice") ?>,
-		author: '<?php echo $company_name; ?>'
+		author: <?php echo json_encode(html_entity_decode($company_name)) ?>
 	},
 	//watermark: {text: '<?php echo $invoice_status; ?>', color: 'lightgrey', opacity: 0.3, bold: true, italics: false},
@@ -312,7 +312,7 @@ var docDefinition = {
 			columns: [
 				<?php if(!empty($company_logo_base64)){ ?>
 				{
-					image: '<?php echo "data:image;base64,$company_logo_base64"; ?>',
+					image: <?php echo json_encode("data:image;base64,$company_logo_base64") ?>,
 					width: 120
 				},
 				<?php } ?>
@@ -324,7 +324,7 @@ var docDefinition = {
 						width: '*'
 					},
 					{
-						text: '<?php echo "$invoice_prefix$invoice_number"; ?>', 
+						text: <?php echo json_encode(html_entity_decode("$invoice_prefix$invoice_number")) ?>, 
 						style: 'invoiceNumber',
 						width: '*'
 					},
@@ -335,12 +335,12 @@ var docDefinition = {
 		{
 			columns: [
 				{
-		    	text: <?php echo json_encode($company_name); ?>,
+		    	text: <?php echo json_encode(html_entity_decode($company_name)) ?>,
-		      style:'invoiceBillingTitle',
+		      style: 'invoiceBillingTitle',
 		    },
 		    {
-		      text: <?php echo json_encode($client_name); ?>,
+		      text: <?php echo json_encode(html_entity_decode($client_name)) ?>,
-		      style:'invoiceBillingTitleClient',        
+		      style: 'invoiceBillingTitleClient',        
 		    },
 			]
 		},
@@ -348,11 +348,11 @@ var docDefinition = {
 		{
 			columns: [
 		  	{
-		      text: <?php echo json_encode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website"); ?>,
+		      text: <?php echo json_encode(html_entity_decode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website")) ?>,
 		      style: 'invoiceBillingAddress'
 		    },
 		    {
-		      text: <?php echo json_encode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone"); ?>,
+		      text: <?php echo json_encode(html_entity_decode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone")) ?>,
 		      style: 'invoiceBillingAddressClient'
 		    },
 		  ]
@@ -369,7 +369,7 @@ var docDefinition = {
 		    	// Total
 		      [ 
 		      	{
-		      		text:'',
+		      		text: '',
 		      		rowSpan: 3
 		      	},
 		      	{}, 
@@ -378,23 +378,23 @@ var docDefinition = {
 		      [ 
 		      	{},
 		      	{
-							text:'Invoice Date',
+							text: 'Invoice Date',
-							style:'invoiceDateTitle',
+							style: 'invoiceDateTitle'
 						}, 
 						{
-							text:'<?php echo $invoice_date ?>',
+							text: <?php echo json_encode($invoice_date) ?>,
-							style:'invoiceDateValue',
+							style: 'invoiceDateValue'
 						},
 		      ],
 		      [ 
 		      	{},
 		      	{
-							text:'Due Date',
+							text: 'Due Date',
-							style:'invoiceDateTitle',
+							style: 'invoiceDateTitle'
 						}, 
 						{
-							text:'<?php echo $invoice_due ?>',
+							text: <?php echo json_encode($invoice_due) ?>,
-							style:'invoiceDateValue',
+							style: 'invoiceDateValue'
 						},
 		      ],
 		    ]
@@ -459,29 +459,29 @@ var docDefinition = {
 		      [	 
 		        [
 		        	{
-		          	text: <?php echo json_encode($item_name); ?>,
+		          	text: <?php echo json_encode($item_name) ?>,
 		            style:'itemTitle'
 		          },
 		          {
-		            text: <?php echo json_encode($item_description); ?>,
+		            text: <?php echo json_encode($item_description) ?>,
 		            style:'itemDescription'       
 		          }
 		        ], 
 		        {
-		        	text:'<?php echo $item_quantity; ?>',
+		        	text: <?php echo json_encode($item_quantity) ?>,
-		          style:'itemQty'
+		          style: 'itemQty'
 		        }, 
 		        {
-		        	text:'<?php echo numfmt_format_currency($currency_format, $item_price, $invoice_currency_code); ?>',
+		        	text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_price, $invoice_currency_code)) ?>,
-		         	style:'itemNumber'
+		         	style: 'itemNumber'
 		        }, 
 		        {
-		          text:'<?php echo numfmt_format_currency($currency_format, $item_tax, $invoice_currency_code); ?>',
+		          text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_tax, $invoice_currency_code)) ?>,
-		          style:'itemNumber'
+		          style: 'itemNumber'
 		        }, 
 		        {
-		          text: '<?php echo numfmt_format_currency($currency_format, $item_total, $invoice_currency_code); ?>',
+		          text:  <?php echo json_encode(numfmt_format_currency($currency_format, $item_total, $invoice_currency_code)) ?>,
-		          style:'itemNumber'
+		          style: 'itemNumber'
 		        } 
 		    	],
@@ -506,7 +506,7 @@ var docDefinition = {
 		      [ 
 		      	{
 		      		text: 'Notes',
-		  				style:'notesTitle'
+		  				style: 'notesTitle'
 		  			},
 		      	{},
 		      	{}
@@ -514,61 +514,61 @@ var docDefinition = {
 		      [ 
 		      	{
 		      		rowSpan: 5,
-							text: <?php echo json_encode($invoice_note); ?>,
+							text: <?php echo json_encode(html_entity_decode($invoice_note)) ?>,
-		  				style:'notesText'
+		  				style: 'notesText'
 		  			},
 		      	{
-		        	text:'Subtotal',
+		        	text: 'Subtotal',
-		          style:'itemsFooterSubTitle'
+		          style: 'itemsFooterSubTitle'
 		        }, 
 		        { 
-		         	text:'<?php echo numfmt_format_currency($currency_format, $sub_total, $invoice_currency_code); ?>',
+		         	text: <?php echo json_encode(numfmt_format_currency($currency_format, $sub_total, $invoice_currency_code)) ?>,
-		          style:'itemsFooterSubValue'
+		          style: 'itemsFooterSubValue'
 		        }
 		      ],
 		      [ 
 		      	{},    	
 		      	{
-		        	text:'Tax',
+		        	text: 'Tax',
-		          style:'itemsFooterSubTitle'
+		          style: 'itemsFooterSubTitle'
 		        },
 		        {
-		         	text: '<?php echo numfmt_format_currency($currency_format, $total_tax, $invoice_currency_code); ?>',
+		         	text: <?php echo json_encode(numfmt_format_currency($currency_format, $total_tax, $invoice_currency_code)) ?>,
-		          style:'itemsFooterSubValue'
+		          style: 'itemsFooterSubValue'
 		        }
 		      ],
 		      [ 
 		      	{},
 		      	{
-		        	text:'Total',
+		        	text: 'Total',
-		          style:'itemsFooterSubTitle'
+		          style: 'itemsFooterSubTitle'
 		        }, 
 		        {
-		         	text: '<?php echo numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code); ?>',
+		         	text: <?php echo json_encode(numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code)) ?>,
-		          style:'itemsFooterSubValue'
+		          style: 'itemsFooterSubValue'
 		        }
 		      ],
 		      [ 
 		      	{},
 		      	{
-		        	text:'Paid',
+		        	text: 'Paid',
-		          style:'itemsFooterSubTitle'
+		          style: 'itemsFooterSubTitle'
 		        },
 		        {
-		          text: '<?php echo numfmt_format_currency($currency_format, $amount_paid, $invoice_currency_code); ?>',
+		          text: <?php echo json_encode(numfmt_format_currency($currency_format, $amount_paid, $invoice_currency_code)) ?>,
-		          style:'itemsFooterSubValue'
+		          style: 'itemsFooterSubValue'
 		        }
 		      ],
 		      [ 
 		      	{},
 		      	{
-		        	text:'Balance',
+		        	text: 'Balance',
-		          style:'itemsFooterTotalTitle'
+		          style: 'itemsFooterTotalTitle'
 		        },
 		        {
-		        	text: '<?php echo numfmt_format_currency($currency_format, $balance, $invoice_currency_code); ?>',
+		        	text: <?php echo json_encode(numfmt_format_currency($currency_format, $balance, $invoice_currency_code)) ?>,
-		          style:'itemsFooterTotalTitle'
+		          style: 'itemsFooterTotalTitle'
 		        }
 		      ],
 		    ]
@@ -577,7 +577,7 @@ var docDefinition = {
 		},
    // TERMS / FOOTER
    {
-      text: <?php echo json_encode("$config_invoice_footer"); ?>,
+      text: <?php echo json_encode(html_entity_decode($config_invoice_footer)) ?>,
      style: 'documentFooterCenter'  
    }
 	], //End Content,
@@ -586,32 +586,32 @@ var docDefinition = {
 		documentFooterCenter: {
 			fontSize: 9,
 		  margin: [10,50,10,10],
-		  alignment:'center'
+		  alignment: 'center'
 		},
 		// Invoice Title
 		invoiceTitle: {
 			fontSize: 18,
 			bold: true,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,0,0,3]
+			margin: [0,0,0,3]
 		},
 		// Invoice Number
 		invoiceNumber: {
 			fontSize: 14,
-			alignment:'right'
+			alignment: 'right'
 		},
 		// Billing Headers
 		invoiceBillingTitle: {
 			fontSize: 14,
 			bold: true,
-			alignment:'left',
+			alignment: 'left',
-			margin:[0,20,0,5]
+			margin: [0,20,0,5]
 		},
 		invoiceBillingTitleClient: {
 			fontSize: 14,
 			bold: true,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,20,0,5]
+			margin: [0,20,0,5]
 		},
 		// Billing Details
 		invoiceBillingAddress: {
@@ -621,26 +621,26 @@ var docDefinition = {
 		invoiceBillingAddressClient: {
 			fontSize: 10,
 			lineHeight: 1.2,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,0,0,30]
+			margin: [0,0,0,30]
 		},
 		// Invoice Dates
 		invoiceDateTitle: {
 			fontSize: 10,
-			alignment:'left',
+			alignment: 'left',
-			margin:[0,5,0,5]
+			margin: [0,5,0,5]
 		},
 		invoiceDateValue: {
 			fontSize: 10,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,5,0,5]
+			margin: [0,5,0,5]
 		},
 		// Items Header
 		itemsHeader: {
 			fontSize: 10,
 			margin: [0,5,0,5],
 			bold: true,
-			alignment:'right'
+			alignment: 'right'
 		},
 		// Item Title
 		itemTitle: {
@@ -657,61 +657,61 @@ var docDefinition = {
 		itemQty: {
 			fontSize: 10,
 			margin: [0,5,0,5],
-			alignment: 'center',
+			alignment: 'center'
 		},
 		itemNumber: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
-		  alignment: 'right',
+		  alignment: 'right'
 		},
 		itemTotal: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: true,
-		  alignment: 'right',
+		  alignment: 'right'
 		},
 		// Items Footer (Subtotal, Total, Tax, etc)
 		itemsFooterSubTitle: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
-		  alignment:'right',
+		  alignment: 'right'
 		},
 		itemsFooterSubValue: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: false,
-		  alignment:'right',
+		  alignment: 'right'
 		},
 		itemsFooterTotalTitle: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: true,
-		  alignment:'right',
+		  alignment: 'right'
 		},
 		itemsFooterTotalValue: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: true,
-		  alignment:'right',
+		  alignment: 'right'
 		},
 		notesTitle: {
 			fontSize: 10,
 			bold: true,  
-			margin: [0,5,0,5],
+			margin: [0,5,0,5]
 		},
 		notesText: {
 			fontSize: 9,
 			margin: [0,5,50,5]
 		},
 		left: {
-			alignment:'left',
+			alignment: 'left'
 		},
 		center: {
-			alignment:'center',
+			alignment: 'center'
 		},
 	},
 	defaultStyle: {
-		columnGap: 20,
+		columnGap: 20
 	}
 }
 </script>
@@ -744,13 +744,13 @@ var docDefinition = {
            while($row = mysqli_fetch_array($sql)){
              $invoice_id = $row['invoice_id'];
-              $invoice_prefix = $row['invoice_prefix'];
+              $invoice_prefix = htmlentities($row['invoice_prefix']);
-              $invoice_number = $row['invoice_number'];
+              $invoice_number = htmlentities($row['invoice_number']);
              $invoice_date = $row['invoice_date'];
              $invoice_due = $row['invoice_due'];
-              $invoice_amount = $row['invoice_amount'];
+              $invoice_amount = htmlentities($row['invoice_amount']);
-              $invoice_currency_code = $row['invoice_currency_code'];
+              $invoice_currency_code = htmlentities($row['invoice_currency_code']);
-              $invoice_url_key = $row['invoice_url_key'];
+              $invoice_url_key = htmlentities($row['invoice_url_key']);
              $invoice_tally_total = $invoice_amount + $invoice_tally_total;
              $difference = time() - strtotime($invoice_due);
              $days = floor($difference / (60*60*24) );
@@ -804,13 +804,13 @@ var docDefinition = {
            while($row = mysqli_fetch_array($sql)){
              $invoice_id = $row['invoice_id'];
-              $invoice_prefix = $row['invoice_prefix'];
+              $invoice_prefix = htmlentities($row['invoice_prefix']);
-              $invoice_number = $row['invoice_number'];
+              $invoice_number = htmlentities($row['invoice_number']);
              $invoice_date = $row['invoice_date'];
              $invoice_due = $row['invoice_due'];
-              $invoice_amount = $row['invoice_amount'];
+              $invoice_amount = htmlentities($row['invoice_amount']);
-              $invoice_currency_code = $row['invoice_currency_code'];
+              $invoice_currency_code = htmlentities($row['invoice_currency_code']);
-              $invoice_url_key = $row['invoice_url_key'];
+              $invoice_url_key = htmlentities($row['invoice_url_key']);
              $invoice_tally_total = $invoice_amount + $invoice_tally_total;
              $difference = strtotime($invoice_due) - time();
              $days = floor($difference / (60*60*24) );
@@ -865,13 +865,13 @@ var docDefinition = {
            while($row = mysqli_fetch_array($sql)){
              $invoice_id = $row['invoice_id'];
-              $invoice_prefix = $row['invoice_prefix'];
+              $invoice_prefix = htmlentities($row['invoice_prefix']);
-              $invoice_number = $row['invoice_number'];
+              $invoice_number = htmlentities($row['invoice_number']);
              $invoice_date = $row['invoice_date'];
              $invoice_due = $row['invoice_due'];
-              $invoice_amount = $row['invoice_amount'];
+              $invoice_amount = htmlentities($row['invoice_amount']);
-              $invoice_currency_code = $row['invoice_currency_code'];
+              $invoice_currency_code = htmlentities($row['invoice_currency_code']);
-              $invoice_url_key = $row['invoice_url_key'];
+              $invoice_url_key = htmlentities($row['invoice_url_key']);
              $invoice_tally_total = $invoice_amount + $invoice_tally_total;
            ?>
@@ -894,10 +894,10 @@ var docDefinition = {
              while($row = mysqli_fetch_array($sql_payments)){
                $payment_id = $row['payment_id'];
                $payment_date = $row['payment_date'];
-                $payment_amount = $row['payment_amount'];
+                $payment_amount = htmlentities($row['payment_amount']);
-                $payment_currency_code = $row['payment_currency_code'];
+                $payment_currency_code = htmlentities($row['payment_currency_code']);
-                $payment_method = $row['payment_method'];
+                $payment_method = htmlentities($row['payment_method']);
-                $payment_reference = $row['payment_reference'];
+                $payment_reference = htmlentities($row['payment_reference']);
                if(strtotime($payment_date) > strtotime($invoice_due)){
                  $payment_note = "Late";
                  $difference = strtotime($payment_date) - strtotime($invoice_due);
--- a/guest_view_item.php
+++ b/guest_view_item.php
@@ -41,10 +41,10 @@ if($row['item_active'] !== "1" || $row['item_views'] >= $row['item_view_limit'])
 echo "<div class=\"alert alert-warning\" role=\"alert\">You may only be able to view this information for a limited time! Be sure to copy/download what you need.</div>";
-$item_type = $row['item_type'];
+$item_type = htmlentities($row['item_type']);
 $item_related_id = $row['item_related_id'];
-$item_encrypted_credential = $row['item_encrypted_credential'];
+$item_encrypted_credential = htmlentities($row['item_encrypted_credential']);
-$item_note = $row['item_note'];
+$item_note = htmlentities($row['item_note']);
 $item_views = intval($row['item_views']);
 $item_created = $row['item_created_at'];
 $item_expire = $row['item_expire_at'];
@@ -60,7 +60,7 @@ if($item_type == "Document"){
        exit();
    }
-    $doc_title = $doc_row['document_name'];
+    $doc_title = htmlentities($doc_row['document_name']);
    $doc_content = $doc_row['document_content'];
    echo "<h3>A document has been shared with you</h3>";
@@ -89,7 +89,7 @@ elseif($item_type == "File"){
        exit();
    }
-    $file_name = $file_row['file_name'];
+    $file_name = htmlentities($file_row['file_name']);
    echo "<h3>A file has been shared with you</h3>";
    if(!empty($item_note)){
@@ -110,14 +110,14 @@ elseif($item_type == "Login"){
        exit();
    }
-    $login_name = $login_row['login_name'];
+    $login_name = htmlentities($login_row['login_name']);
-    $login_uri = $login_row['login_uri'];
+    $login_uri = htmlentities($login_row['login_uri']);
-    $login_username = $login_row['login_username'];
+    $login_username = htmlentities($login_row['login_username']);
    $login_iv = substr($row['item_encrypted_credential'], 0, 16);
    $login_ciphertext = substr($row['item_encrypted_credential'], 16);
    $login_password = openssl_decrypt($login_ciphertext, 'aes-128-cbc', $encryption_key,0, $login_iv);
    $login_otp = $login_row['login_otp_secret'];
-    $login_notes = $login_row['login_note'];
+    $login_notes = htmlentities($login_row['login_note']);
    echo "<h3>A login entry has been shared with you</h3>";
    if(!empty($item_note)){
--- a/guest_view_quote.php
+++ b/guest_view_quote.php
@@ -22,44 +22,44 @@ if(isset($_GET['quote_id'], $_GET['url_key'])){
    $row = mysqli_fetch_array($sql);
    $quote_id = $row['quote_id'];
-    $quote_prefix = $row['quote_prefix'];
+    $quote_prefix = htmlentities($row['quote_prefix']);
-    $quote_number = $row['quote_number'];
+    $quote_number = htmlentities($row['quote_number']);
-    $quote_status = $row['quote_status'];
+    $quote_status = htmlentities($row['quote_status']);
    $quote_date = $row['quote_date'];
-    $quote_amount = $row['quote_amount'];
+    $quote_amount = htmlentities($row['quote_amount']);
-    $quote_currency_code = $row['quote_currency_code'];
+    $quote_currency_code = htmlentities($row['quote_currency_code']);
-    $quote_note = $row['quote_note'];
+    $quote_note = htmlentities($row['quote_note']);
    $category_id = $row['category_id'];
    $client_id = $row['client_id'];
-    $client_name = $row['client_name'];
+    $client_name = htmlentities($row['client_name']);
-    $location_address = $row['location_address'];
+    $location_address = htmlentities($row['location_address']);
-    $location_city = $row['location_city'];
+    $location_city = htmlentities($row['location_city']);
-    $location_state = $row['location_state'];
+    $location_state = htmlentities($row['location_state']);
-    $location_zip = $row['location_zip'];
+    $location_zip = htmlentities($row['location_zip']);
-    $contact_email = $row['contact_email'];
+    $contact_email = htmlentities($row['contact_email']);
    $contact_phone = formatPhoneNumber($row['contact_phone']);
-    $contact_extension = $row['contact_extension'];
+    $contact_extension = htmlentities($row['contact_extension']);
    $contact_mobile = formatPhoneNumber($row['contact_mobile']);
-    $client_website = $row['client_website'];
+    $client_website = htmlentities($row['client_website']);
-    $client_currency_code = $row['client_currency_code'];
+    $client_currency_code = htmlentities($row['client_currency_code']);
-    $client_net_terms = $row['client_net_terms'];
+    $client_net_terms = htmlentities($row['client_net_terms']);
    if($client_net_terms == 0){
      $client_net_terms = $config_default_net_terms;
    }
    $company_id = $row['company_id'];
-    $company_name = $row['company_name'];
+    $company_name = htmlentities($row['company_name']);
-    $company_address = $row['company_address'];
+    $company_address = htmlentities($row['company_address']);
-    $company_city = $row['company_city'];
+    $company_city = htmlentities($row['company_city']);
-    $company_state = $row['company_state'];
+    $company_state = htmlentities($row['company_state']);
-    $company_zip = $row['company_zip'];
+    $company_zip = htmlentities($row['company_zip']);
    $company_phone = formatPhoneNumber($row['company_phone']);
-    $company_email = $row['company_email'];
+    $company_email = htmlentities($row['company_email']);
-    $company_logo = $row['company_logo'];
+    $company_logo = htmlentities($row['company_logo']);
    if(!empty($company_logo)){
      $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
    }
-    $company_locale = $row['company_locale'];
+    $company_locale = htmlentities($row['company_locale']);
-    $config_quote_footer = $row['config_quote_footer'];
+    $config_quote_footer = htmlentities($row['config_quote_footer']);
    //Set Currency Format
  	$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
@@ -170,8 +170,8 @@ if(isset($_GET['quote_id'], $_GET['url_key'])){
 	                while($row = mysqli_fetch_array($sql_items)){
 	                  $item_id = $row['item_id'];
-	                  $item_name = $row['item_name'];
+	                  $item_name = htmlentities($row['item_name']);
-	                  $item_description = $row['item_description'];
+	                  $item_description = htmlentities($row['item_description']);
 	                  $item_quantity = $row['item_quantity'];
 	                  $item_price = $row['item_price'];
 	                  $item_subtotal = $row['item_price'];
@@ -255,8 +255,8 @@ if(isset($_GET['quote_id'], $_GET['url_key'])){
 var docDefinition = {
 	info: {
-		title: '<?php echo "$company_name - Quote"; ?>',
+		title: <?php echo json_encode(html_entity_decode($company_name) . "- Quote") ?>,
-		author: '<?php echo $company_name; ?>'
+		author: <?php echo json_encode(html_entity_decode($company_name)) ?>
 	},
 	//watermark: {text: '<?php echo $quote_status; ?>', color: 'lightgrey', opacity: 0.3, bold: true, italics: false},
@@ -267,7 +267,7 @@ var docDefinition = {
 			columns: [
 				<?php if(!empty($company_logo_base64)){ ?>
 				{
-					image: '<?php echo "data:image;base64,$company_logo_base64"; ?>',
+					image: <?php echo json_encode("data:image;base64,$company_logo_base64") ?>,
 					width: 120
 				},
 				<?php } ?>
@@ -279,7 +279,7 @@ var docDefinition = {
 						width: '*'
 					},
 					{
-						text: '<?php echo "$quote_prefix$quote_number"; ?>', 
+						text: <?php echo json_encode(html_entity_decode("$quote_prefix$quote_number")) ?>, 
 						style: 'invoiceNumber',
 						width: '*'
 					},
@@ -290,12 +290,12 @@ var docDefinition = {
 		{
 			columns: [
 				{
-		    	text: <?php echo json_encode($company_name); ?>,
+		    	text: <?php echo json_encode(html_entity_decode($company_name)) ?>,
-		      style:'invoiceBillingTitle',
+		      style: 'invoiceBillingTitle'
 		    },
 		    {
-		      text: <?php echo json_encode($client_name); ?>,
+		      text: <?php echo json_encode(html_entity_decode($client_name)) ?>,
-		      style:'invoiceBillingTitleClient',        
+		      style: 'invoiceBillingTitleClient'        
 		    },
 			]
 		},
@@ -303,11 +303,11 @@ var docDefinition = {
 		{
 			columns: [
 		  	{
-		      text: <?php echo json_encode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website"); ?>,
+		      text: <?php echo json_encode(html_entity_decode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website")) ?>,
 		      style: 'invoiceBillingAddress'
 		    },
 		    {
-		      text: <?php echo json_encode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone"); ?>,
+		      text: <?php echo json_encode(html_entity_decode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone")) ?>,
 		      style: 'invoiceBillingAddressClient'
 		    },
 		  ]
@@ -324,7 +324,7 @@ var docDefinition = {
 		    	// Total
 		      [ 
 		      	{
-		      		text:'',
+		      		text: '',
 		      		rowSpan: 2
 		      	},
 		      	{}, 
@@ -333,12 +333,12 @@ var docDefinition = {
 		      [ 
 		      	{},
 		      	{
-							text:'Quote Date',
+							text: 'Quote Date',
-							style:'invoiceDateTitle',
+							style: 'invoiceDateTitle'
 						}, 
 						{
-							text:'<?php echo $quote_date ?>',
+							text: <?php echo json_encode($quote_date) ?>,
-							style:'invoiceDateValue',
+							style: 'invoiceDateValue'
 						},
 		      ],
 		    ]
@@ -403,29 +403,29 @@ var docDefinition = {
 		      [	 
 		        [
 		        	{
-		          	text: <?php echo json_encode($item_name); ?>,
+		          	text: <?php echo json_encode($item_name) ?>,
-		            style:'itemTitle'
+		            style: 'itemTitle'
 		          },
 		          {
-		            text: <?php echo json_encode($item_description); ?>,
+		            text: <?php echo json_encode($item_description) ?>,
-		            style:'itemDescription'       
+		            style: 'itemDescription'       
 		          }
 		        ], 
 		        {
-		        	text:'<?php echo $item_quantity; ?>',
+		        	text: <?php echo $item_quantity ?>,
-		          style:'itemQty'
+		          style: 'itemQty'
 		        }, 
 		        {
-		        	text:'<?php echo numfmt_format_currency($currency_format, $item_price, $quote_currency_code); ?>',
+		        	text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_price, $quote_currency_code)) ?>,
-		         	style:'itemNumber'
+		         	style: 'itemNumber'
 		        }, 
 		        {
-		          text:'<?php echo numfmt_format_currency($currency_format, $item_tax, $quote_currency_code); ?>',
+		          text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_tax, $quote_currency_code)) ?>,
-		          style:'itemNumber'
+		          style: 'itemNumber'
 		        }, 
 		        {
-		          text: '<?php echo numfmt_format_currency($currency_format, $item_total, $quote_currency_code); ?>',
+		          text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_total, $quote_currency_code)) ?>,
-		          style:'itemNumber'
+		          style: 'itemNumber'
 		        } 
 		    	],
@@ -458,38 +458,38 @@ var docDefinition = {
 		      [ 
 		      	{
 		      		rowSpan: 3,
-							text: <?php echo json_encode($quote_note); ?>,
+							text: <?php echo json_encode(html_entity_decode($quote_note)) ?>,
-		  				style:'notesText'
+		  				style: 'notesText'
 		  			},
 		      	{
-		        	text:'Subtotal',
+		        	text: 'Subtotal',
-		          style:'itemsFooterSubTitle'
+		          style: 'itemsFooterSubTitle'
 		        }, 
 		        { 
-		         	text:'<?php echo numfmt_format_currency($currency_format, $sub_total, $quote_currency_code); ?>',
+		         	text: <?php echo json_encode(numfmt_format_currency($currency_format, $sub_total, $quote_currency_code)) ?>,
-		          style:'itemsFooterSubValue'
+		          style: 'itemsFooterSubValue'
 		        }
 		      ],
 		      [ 
 		      	{},    	
 		      	{
-		        	text:'Tax',
+		        	text: 'Tax',
-		          style:'itemsFooterSubTitle'
+		          style: 'itemsFooterSubTitle'
 		        },
 		        {
-		         	text: '<?php echo numfmt_format_currency($currency_format, $total_tax, $quote_currency_code); ?>',
+		         	text: <?php echo json_encode(numfmt_format_currency($currency_format, $total_tax, $quote_currency_code)) ?>,
-		          style:'itemsFooterSubValue'
+		          style: 'itemsFooterSubValue'
 		        }
 		      ],
 		      [ 
 		      	{},
 		      	{
-		        	text:'Total',
+		        	text: 'Total',
-		          style:'itemsFooterSubTitle'
+		          style: 'itemsFooterSubTitle'
 		        }, 
 		        {
-		         	text: '<?php echo numfmt_format_currency($currency_format, $quote_amount, $quote_currency_code); ?>',
+		         	text: <?php echo json_encode(numfmt_format_currency($currency_format, $quote_amount, $quote_currency_code)) ?>,
-		          style:'itemsFooterSubValue'
+		          style: 'itemsFooterSubValue'
 		        }
 		      ],
 		    ]
@@ -507,32 +507,32 @@ var docDefinition = {
 		documentFooterCenter: {
 			fontSize: 9,
 		  margin: [10,50,10,10],
-		  alignment:'center'
+		  alignment: 'center'
 		},
 		// Invoice Title
 		invoiceTitle: {
 			fontSize: 18,
 			bold: true,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,0,0,3]
+			margin: [0,0,0,3]
 		},
 		// Invoice Number
 		invoiceNumber: {
 			fontSize: 14,
-			alignment:'right'
+			alignment: 'right'
 		},
 		// Billing Headers
 		invoiceBillingTitle: {
 			fontSize: 14,
 			bold: true,
-			alignment:'left',
+			alignment: 'left',
-			margin:[0,20,0,5]
+			margin: [0,20,0,5]
 		},
 		invoiceBillingTitleClient: {
 			fontSize: 14,
 			bold: true,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,20,0,5]
+			margin: [0,20,0,5]
 		},
 		// Billing Details
 		invoiceBillingAddress: {
@@ -542,26 +542,26 @@ var docDefinition = {
 		invoiceBillingAddressClient: {
 			fontSize: 10,
 			lineHeight: 1.2,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,0,0,30]
+			margin: [0,0,0,30]
 		},
 		// Invoice Dates
 		invoiceDateTitle: {
 			fontSize: 10,
-			alignment:'left',
+			alignment: 'left',
-			margin:[0,5,0,5]
+			margin: [0,5,0,5]
 		},
 		invoiceDateValue: {
 			fontSize: 10,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,5,0,5]
+			margin: [0,5,0,5]
 		},
 		// Items Header
 		itemsHeader: {
 			fontSize: 10,
 			margin: [0,5,0,5],
 			bold: true,
-			alignment:'right'
+			alignment: 'right'
 		},
 		// Item Title
 		itemTitle: {
@@ -578,57 +578,57 @@ var docDefinition = {
 		itemQty: {
 			fontSize: 10,
 			margin: [0,5,0,5],
-			alignment: 'center',
+			alignment: 'center'
 		},
 		itemNumber: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
-		  alignment: 'right',
+		  alignment: 'right'
 		},
 		itemTotal: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: true,
-		  alignment: 'right',
+		  alignment: 'right'
 		},
 		// Items Footer (Subtotal, Total, Tax, etc)
 		itemsFooterSubTitle: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
-		  alignment:'right',
+		  alignment: 'right'
 		},
 		itemsFooterSubValue: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: false,
-		  alignment:'right',
+		  alignment: 'right'
 		},
 		itemsFooterTotalTitle: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: true,
-		  alignment:'right',
+		  alignment: 'right'
 		},
 		itemsFooterTotalValue: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: true,
-		  alignment:'right',
+		  alignment: 'right'
 		},
 		notesTitle: {
 			fontSize: 10,
 			bold: true,  
-			margin: [0,5,0,5],
+			margin: [0,5,0,5]
 		},
 		notesText: {
 			fontSize: 9,
 			margin: [0,5,50,5]
 		},
 		left: {
-			alignment:'left',
+			alignment: 'left'
 		},
 		center: {
-			alignment:'center',
+			alignment: 'center'
 		},
 	},
 	defaultStyle: {
--- a/inc_all_client.php
+++ b/inc_all_client.php
@@ -27,33 +27,33 @@ if(isset($_GET['client_id'])){
  }else{
    $row = mysqli_fetch_array($sql);
-    $client_name = $row['client_name'];
+    $client_name = htmlentities($row['client_name']);
-    $client_type = $row['client_type'];
+    $client_type = htmlentities($row['client_type']);
-    $client_website = $row['client_website'];
+    $client_website = htmlentities($row['client_website']);
-    $client_referral = $row['client_referral'];
+    $client_referral = htmlentities($row['client_referral']);
-    $client_currency_code = $row['client_currency_code'];
+    $client_currency_code = htmlentities($row['client_currency_code']);
    $client_net_terms = $row['client_net_terms'];
    if($client_net_terms == 0){
      $client_net_terms = $config_default_net_terms;
    }
-    $client_notes = $row['client_notes'];
+    $client_notes = htmlentities($row['client_notes']);
    $client_created_at = $row['client_created_at'];
    $primary_contact = $row['primary_contact'];
    $primary_location = $row['primary_location'];
    $contact_id = $row['contact_id'];
-    $contact_name = $row['contact_name'];
+    $contact_name = htmlentities($row['contact_name']);
-    $contact_title = $row['contact_title'];
+    $contact_title = htmlentities($row['contact_title']);
-    $contact_email = $row['contact_email'];
+    $contact_email = htmlentities($row['contact_email']);
    $contact_phone = $row['contact_phone'];
    $contact_extension = $row['contact_extension'];
    $contact_mobile = $row['contact_mobile'];
    $location_id = $row['location_id'];
-    $location_name = $row['location_name'];
+    $location_name = htmlentities($row['location_name']);
-    $location_address = $row['location_address'];
+    $location_address = htmlentities($row['location_address']);
-    $location_city = $row['location_city'];
+    $location_city = htmlentities($row['location_city']);
-    $location_state = $row['location_state'];
+    $location_state = htmlentities($row['location_state']);
-    $location_zip = $row['location_zip'];
+    $location_zip = htmlentities($row['location_zip']);
-    $location_country = $row['location_country'];
+    $location_country = htmlentities($row['location_country']);
    $location_phone = $row['location_phone'];
    //Client Tags
@@ -64,9 +64,9 @@ if(isset($_GET['client_id'])){
    while($row = mysqli_fetch_array($sql_client_tags)){
      $client_tag_id = $row['tag_id'];
-      $client_tag_name = $row['tag_name'];
+      $client_tag_name = htmlentities($row['tag_name']);
-      $client_tag_color = $row['tag_color'];
+      $client_tag_color = htmlentities($row['tag_color']);
-      $client_tag_icon = $row['tag_icon'];
+      $client_tag_icon = htmlentities($row['tag_icon']);
      if(empty($client_tag_icon)){
        $client_tag_icon = "tag";
      }
--- a/inc_client_top_head.php
+++ b/inc_client_top_head.php
@@ -103,15 +103,14 @@ $location_phone = formatPhoneNumber($location_phone);
              <i class="fas fa-fw fa-ellipsis-v"></i>
            </button>
            <div class="dropdown-menu">
-              <a class="dropdown-item" href="client_print.php?client_id=<?php echo $client_id; ?>">Print</a>
+              <a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>" target="_blank">Export Data PDF<br><small class="text-secondary">(without passwords)</small></a>
-              <a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>" target="_blank">Export PDF<br><small class="text-secondary">(without passwords)</small></a>
+              <a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>&passwords" target="_blank">Export Data PDF<br><small class="text-secondary">(with passwords)</small></a>
              <a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>&passwords" target="_blank">Export PDF<br><small class="text-secondary">(with passwords)</small></a>
              <div class="dropdown-divider"></div>
-              <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">Edit</a>
+              <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">Edit Client</a>
              <div class="dropdown-divider"></div>
-              <a class="dropdown-item text-danger" href="post.php?archive_client=<?php echo $client_id; ?>">Archive</a>
+              <a class="dropdown-item text-danger" href="post.php?archive_client=<?php echo $client_id; ?>">Archive Client</a>
              <div class="dropdown-divider"></div>
-              <a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">Delete</a>
+              <a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">Delete Client</a>
            </div>
          </div>
        <?php } ?>
--- a/invoice.php
+++ b/invoice.php
@@ -20,45 +20,45 @@ if(isset($_GET['invoice_id'])){
  $row = mysqli_fetch_array($sql);
  $invoice_id = $row['invoice_id'];
-  $invoice_prefix = $row['invoice_prefix'];
+  $invoice_prefix = htmlentities($row['invoice_prefix']);
-  $invoice_number = $row['invoice_number'];
+  $invoice_number = htmlentities($row['invoice_number']);
-  $invoice_scope = $row['invoice_scope'];
+  $invoice_scope = htmlentities($row['invoice_scope']);
-  $invoice_status = $row['invoice_status'];
+  $invoice_status = htmlentities($row['invoice_status']);
  $invoice_date = $row['invoice_date'];
  $invoice_due = $row['invoice_due'];
-  $invoice_amount = $row['invoice_amount'];
+  $invoice_amount = htmlentities($row['invoice_amount']);
-  $invoice_currency_code = $row['invoice_currency_code'];
+  $invoice_currency_code = htmlentities($row['invoice_currency_code']);
-  $invoice_note = $row['invoice_note'];
+  $invoice_note = htmlentities($row['invoice_note']);
-  $invoice_url_key = $row['invoice_url_key'];
+  $invoice_url_key = htmlentities($row['invoice_url_key']);
  $invoice_created_at = $row['invoice_created_at'];
  $category_id = $row['invoice_category_id'];
  $client_id = $row['client_id'];
-  $client_name = $row['client_name'];
+  $client_name = htmlentities($row['client_name']);
-  $location_address = $row['location_address'];
+  $location_address = htmlentities($row['location_address']);
-  $location_city = $row['location_city'];
+  $location_city = htmlentities($row['location_city']);
-  $location_state = $row['location_state'];
+  $location_state = htmlentities($row['location_state']);
-  $location_zip = $row['location_zip'];
+  $location_zip = htmlentities($row['location_zip']);
-  $contact_email = $row['contact_email'];
+  $contact_email = htmlentities($row['contact_email']);
  $contact_phone = formatPhoneNumber($row['contact_phone']);
-  $contact_extension = $row['contact_extension'];
+  $contact_extension = htmlentities($row['contact_extension']);
  $contact_mobile = formatPhoneNumber($row['contact_mobile']);
-  $client_website = $row['client_website'];
+  $client_website = htmlentities($row['client_website']);
-  $client_currency_code = $row['client_currency_code'];
+  $client_currency_code = htmlentities($row['client_currency_code']);
-  $client_net_terms = $row['client_net_terms'];
+  $client_net_terms = htmlentities($row['client_net_terms']);
  if($client_net_terms == 0){
    $client_net_terms = $config_default_net_terms;
  }
  $company_id = $row['company_id'];
-  $company_name = $row['company_name'];
+  $company_name = htmlentities($row['company_name']);
-  $company_country = $row['company_country'];
+  $company_country = htmlentities($row['company_country']);
-  $company_address = $row['company_address'];
+  $company_address = htmlentities($row['company_address']);
-  $company_city = $row['company_city'];
+  $company_city = htmlentities($row['company_city']);
-  $company_state = $row['company_state'];
+  $company_state = htmlentities($row['company_state']);
-  $company_zip = $row['company_zip'];
+  $company_zip = htmlentities($row['company_zip']);
  $company_phone = formatPhoneNumber($row['company_phone']);
-  $company_email = $row['company_email'];
+  $company_email = htmlentities($row['company_email']);
-  $company_website = $row['company_website'];
+  $company_website = htmlentities($row['company_website']);
-  $company_logo = $row['company_logo'];
+  $company_logo = htmlentities($row['company_logo']);
  if(!empty($company_logo)){
  	$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
 	}
@@ -257,13 +257,13 @@ if(isset($_GET['invoice_id'])){
                while($row = mysqli_fetch_array($sql_invoice_items)){
                  $item_id = $row['item_id'];
-                  $item_name = $row['item_name'];
+                  $item_name = htmlentities($row['item_name']);
-                  $item_description = $row['item_description'];
+                  $item_description = htmlentities($row['item_description']);
-                  $item_quantity = $row['item_quantity'];
+                  $item_quantity = htmlentities($row['item_quantity']);
-                  $item_price = $row['item_price'];
+                  $item_price = htmlentities($row['item_price']);
-                  $item_subtotal = $row['item_price'];
+                  $item_subtotal = htmlentities($row['item_price']);
-                  $item_tax = $row['item_tax'];
+                  $item_tax = htmlentities($row['item_tax']);
-                  $item_total = $row['item_total'];
+                  $item_total = htmlentities($row['item_total']);
                  $item_created_at = $row['item_created_at'];
                  $tax_id = $row['item_tax_id'];
                  $total_tax = $item_tax + $total_tax;
@@ -308,8 +308,8 @@ if(isset($_GET['invoice_id'])){
                        $taxes_sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE company_id = $session_company_id ORDER BY tax_name ASC"); 
                        while($row = mysqli_fetch_array($taxes_sql)){
                          $tax_id = $row['tax_id'];
-                          $tax_name = $row['tax_name'];
+                          $tax_name = htmlentities($row['tax_name']);
-                          $tax_percent = $row['tax_percent'];
+                          $tax_percent = htmlentities($row['tax_percent']);
                        ?>
                          <option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
@@ -378,7 +378,7 @@ if(isset($_GET['invoice_id'])){
    <hr class="d-none d-print-block mt-5">
-    <center class="d-none d-print-block" style="white-space:pre-line"><?php echo $config_invoice_footer; ?></center>
+    <center class="d-none d-print-block" style="white-space:pre-line"><?php echo htmlentities($config_invoice_footer); ?></center>
  </div>
 </div>
@@ -410,8 +410,8 @@ if(isset($_GET['invoice_id'])){
            while($row = mysqli_fetch_array($sql_history)){
              $history_created_at = $row['history_created_at'];
-              $history_status = $row['history_status'];
+              $history_status = htmlentities($row['history_status']);
-              $history_description = $row['history_description'];
+              $history_description = htmlentities($row['history_description']);
            ?>
            <tr>
@@ -459,10 +459,10 @@ if(isset($_GET['invoice_id'])){
              while($row = mysqli_fetch_array($sql_payments)){
                $payment_id = $row['payment_id'];
                $payment_date = $row['payment_date'];
-                $payment_amount = $row['payment_amount'];
+                $payment_amount = htmlentities($row['payment_amount']);
-                $payment_currency_code = $row['payment_currency_code'];
+                $payment_currency_code = htmlentities($row['payment_currency_code']);
-                $payment_reference = $row['payment_reference'];
+                $payment_reference = htmlentities($row['payment_reference']);
-                $account_name = $row['account_name'];
+                $account_name = htmlentities($row['account_name']);
              ?>
              <tr>
@@ -524,8 +524,8 @@ include("footer.php");
 var docDefinition = {
 	info: {
-		title: '<?php echo "$company_name - Invoice"; ?>',
+		title: <?php echo json_encode(html_entity_decode($company_name) . "- Invoice") ?>,
-		author: '<?php echo $company_name; ?>'
+		author: <?php echo json_encode(html_entity_decode($company_name)) ?>
 	},
 	//watermark: {text: '<?php echo $invoice_status; ?>', color: 'lightgrey', opacity: 0.3, bold: true, italics: false},
@@ -536,7 +536,7 @@ var docDefinition = {
 			columns: [
 				<?php if(!empty($company_logo_base64)){ ?>
 				{
-					image: '<?php echo "data:image;base64,$company_logo_base64"; ?>',
+					image: <?php echo json_encode("data:image;base64,$company_logo_base64") ?>,
 					width: 120
 				},
 				<?php } ?>
@@ -548,7 +548,7 @@ var docDefinition = {
 						width: '*'
 					},
 					{
-						text: <?php echo json_encode("$invoice_prefix$invoice_number"); ?>, 
+						text: <?php echo json_encode(html_entity_decode("$invoice_prefix$invoice_number")) ?>, 
 						style: 'invoiceNumber',
 						width: '*'
 					},
@@ -559,12 +559,12 @@ var docDefinition = {
 		{
 			columns: [
 				{
-		    	text: <?php echo json_encode($company_name); ?>,
+		    	text: <?php echo json_encode(html_entity_decode($company_name)) ?>,
-		      style:'invoiceBillingTitle',
+		      style: 'invoiceBillingTitle',
 		    },
 		    {
-		      text: <?php echo json_encode($client_name); ?>,
+		      text: <?php echo json_encode(html_entity_decode($client_name)) ?>,
-		      style:'invoiceBillingTitleClient',        
+		      style: 'invoiceBillingTitleClient',        
 		    },
 			]
 		},
@@ -572,11 +572,11 @@ var docDefinition = {
 		{
 			columns: [
 		  	{
-		      text: <?php echo json_encode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website"); ?>,
+		      text: <?php echo json_encode(html_entity_decode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website")) ?>,
 		      style: 'invoiceBillingAddress'
 		    },
 		    {
-		      text: <?php echo json_encode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone"); ?>,
+		      text: <?php echo json_encode(html_entity_decode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone")) ?>,
 		      style: 'invoiceBillingAddressClient'
 		    },
 		  ]
@@ -593,7 +593,7 @@ var docDefinition = {
 		    	// Total
 		      [ 
 		      	{
-		      		text:'',
+		      		text: '',
 		      		rowSpan: 3
 		      	},
 		      	{}, 
@@ -602,23 +602,23 @@ var docDefinition = {
 		      [ 
 		      	{},
 		      	{
-							text:'Invoice Date',
+							text: 'Invoice Date',
-							style:'invoiceDateTitle',
+							style: 'invoiceDateTitle'
 						}, 
 						{
-							text:<?php echo json_encode($invoice_date); ?>,
+							text: <?php echo json_encode($invoice_date) ?>,
-							style:'invoiceDateValue',
+							style: 'invoiceDateValue'
 						},
 		      ],
 		      [ 
 		      	{},
 		      	{
-							text:'Due Date',
+							text: 'Due Date',
-							style:'invoiceDateTitle',
+							style: 'invoiceDateTitle'
 						}, 
 						{
-							text:<?php echo json_encode($invoice_due); ?>,
+							text: <?php echo json_encode($invoice_due) ?>,
-							style:'invoiceDateValue',
+							style: 'invoiceDateValue'
 						},
 		      ],
 		    ]
@@ -683,29 +683,29 @@ var docDefinition = {
 		      [	 
 		        [
 		        	{
-		          	text: <?php echo json_encode($item_name); ?>,
+		          	text: <?php echo json_encode($item_name) ?>,
-		            style:'itemTitle'
+		            style: 'itemTitle'
 		          },
 		          {
-		            text: <?php echo json_encode($item_description); ?>,
+		            text: <?php echo json_encode($item_description) ?>,
-		            style:'itemDescription'       
+		            style: 'itemDescription'       
 		          }
 		        ], 
 		        {
-		        	text:'<?php echo $item_quantity; ?>',
+		        	text: <?php echo json_encode($item_quantity) ?>,
-		          style:'itemQty'
+		          style: 'itemQty'
 		        }, 
 		        {
-		        	text:'<?php echo numfmt_format_currency($currency_format, $item_price, $invoice_currency_code); ?>',
+		        	text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_price, $invoice_currency_code)) ?>,
-		         	style:'itemNumber'
+		         	style: 'itemNumber'
 		        }, 
 		        {
-		          text:'<?php echo numfmt_format_currency($currency_format, $item_tax, $invoice_currency_code); ?>',
+		          text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_tax, $invoice_currency_code)) ?>,
-		          style:'itemNumber'
+		          style: 'itemNumber'
 		        }, 
 		        {
-		          text: '<?php echo numfmt_format_currency($currency_format, $item_total, $invoice_currency_code); ?>',
+		          text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_total, $invoice_currency_code)) ?>,
-		          style:'itemNumber'
+		          style: 'itemNumber'
 		        } 
 		    	],
@@ -730,7 +730,7 @@ var docDefinition = {
 		      [ 
 		      	{
 		      		text: 'Notes',
-		  				style:'notesTitle'
+		  				style: 'notesTitle'
 		  			},
 		      	{},
 		      	{}
@@ -738,61 +738,61 @@ var docDefinition = {
 		      [ 
 		      	{
 		      		rowSpan: 5,
-							text: <?php echo json_encode($invoice_note); ?>,
+							text: <?php echo json_encode(html_entity_decode($invoice_note)) ?>,
-		  				style:'notesText'
+		  				style: 'notesText'
 		  			},
 		      	{
-		        	text:'Subtotal',
+		        	text: 'Subtotal',
-		          style:'itemsFooterSubTitle'
+		          style: 'itemsFooterSubTitle'
 		        }, 
 		        { 
-		         	text:'<?php echo numfmt_format_currency($currency_format, $sub_total, $invoice_currency_code); ?>',
+		         	text: <?php echo json_encode(numfmt_format_currency($currency_format, $sub_total, $invoice_currency_code)) ?>,
-		          style:'itemsFooterSubValue'
+		          style: 'itemsFooterSubValue'
 		        }
 		      ],
 		      [ 
 		      	{},    	
 		      	{
-		        	text:'Tax',
+		        	text: 'Tax',
-		          style:'itemsFooterSubTitle'
+		          style: 'itemsFooterSubTitle'
 		        },
 		        {
-		         	text: '<?php echo numfmt_format_currency($currency_format, $total_tax, $invoice_currency_code); ?>',
+		         	text: <?php echo json_encode(numfmt_format_currency($currency_format, $total_tax, $invoice_currency_code)) ?>,
-		          style:'itemsFooterSubValue'
+		          style: 'itemsFooterSubValue'
 		        }
 		      ],
 		      [ 
 		      	{},
 		      	{
-		        	text:'Total',
+		        	text: 'Total',
-		          style:'itemsFooterSubTitle'
+		          style: 'itemsFooterSubTitle'
 		        }, 
 		        {
-		         	text: '<?php echo numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code); ?>',
+		         	text: <?php echo json_encode(numfmt_format_currency($currency_format, $invoice_amount, $invoice_currency_code)) ?>,
-		          style:'itemsFooterSubValue'
+		          style: 'itemsFooterSubValue'
 		        }
 		      ],
 		      [ 
 		      	{},
 		      	{
-		        	text:'Paid',
+		        	text: 'Paid',
-		          style:'itemsFooterSubTitle'
+		          style: 'itemsFooterSubTitle'
 		        },
 		        {
-		          text: '<?php echo numfmt_format_currency($currency_format, $amount_paid, $invoice_currency_code); ?>',
+		          text: <?php echo json_encode(numfmt_format_currency($currency_format, $amount_paid, $invoice_currency_code)) ?>,
-		          style:'itemsFooterSubValue'
+		          style: 'itemsFooterSubValue'
 		        }
 		      ],
 		      [ 
 		      	{},
 		      	{
-		        	text:'Balance',
+		        	text: 'Balance',
-		          style:'itemsFooterTotalTitle'
+		          style: 'itemsFooterTotalTitle'
 		        },
 		        {
-		        	text: '<?php echo numfmt_format_currency($currency_format, $balance, $invoice_currency_code); ?>',
+		        	text: <?php echo json_encode(numfmt_format_currency($currency_format, $balance, $invoice_currency_code)) ?>,
-		          style:'itemsFooterTotalTitle'
+		          style: 'itemsFooterTotalTitle'
 		        }
 		      ],
 		    ]
@@ -801,7 +801,7 @@ var docDefinition = {
 		},
    // TERMS / FOOTER
    {
-      text: <?php echo json_encode("$config_invoice_footer"); ?>,
+      text: <?php echo json_encode($config_invoice_footer) ?>,
      style: 'documentFooterCenter'  
    }
 	], //End Content,
@@ -810,32 +810,32 @@ var docDefinition = {
 		documentFooterCenter: {
 			fontSize: 9,
 		  margin: [10,50,10,10],
-		  alignment:'center',
+		  alignment: 'center',
 		},
 		// Invoice Title
 		invoiceTitle: {
 			fontSize: 18,
 			bold: true,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,0,0,3]
+			margin: [0,0,0,3]
 		},
 		// Invoice Number
 		invoiceNumber: {
 			fontSize: 14,
-			alignment:'right'
+			alignment: 'right'
 		},
 		// Billing Headers
 		invoiceBillingTitle: {
 			fontSize: 14,
 			bold: true,
-			alignment:'left',
+			alignment: 'left',
-			margin:[0,20,0,5]
+			margin: [0,20,0,5]
 		},
 		invoiceBillingTitleClient: {
 			fontSize: 14,
 			bold: true,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,20,0,5]
+			margin: [0,20,0,5]
 		},
 		// Billing Details
 		invoiceBillingAddress: {
@@ -845,26 +845,26 @@ var docDefinition = {
 		invoiceBillingAddressClient: {
 			fontSize: 10,
 			lineHeight: 1.2,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,0,0,30]
+			margin: [0,0,0,30]
 		},
 		// Invoice Dates
 		invoiceDateTitle: {
 			fontSize: 10,
-			alignment:'left',
+			alignment: 'left',
-			margin:[0,5,0,5]
+			margin: [0,5,0,5]
 		},
 		invoiceDateValue: {
 			fontSize: 10,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,5,0,5]
+			margin: [0,5,0,5]
 		},
 		// Items Header
 		itemsHeader: {
 			fontSize: 10,
 			margin: [0,5,0,5],
 			bold: true,
-			alignment:'right'
+			alignment: 'right'
 		},
 		// Item Title
 		itemTitle: {
@@ -881,61 +881,61 @@ var docDefinition = {
 		itemQty: {
 			fontSize: 10,
 			margin: [0,5,0,5],
-			alignment: 'center',
+			alignment: 'center'
 		},
 		itemNumber: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
-		  alignment: 'right',
+		  alignment: 'right'
 		},
 		itemTotal: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: true,
-		  alignment: 'right',
+		  alignment: 'right'
 		},
 		// Items Footer (Subtotal, Total, Tax, etc)
 		itemsFooterSubTitle: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
-		  alignment:'right',
+		  alignment:'right'
 		},
 		itemsFooterSubValue: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: false,
-		  alignment:'right',
+		  alignment: 'right'
 		},
 		itemsFooterTotalTitle: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: true,
-		  alignment:'right',
+		  alignment: 'right'
 		},
 		itemsFooterTotalValue: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: true,
-		  alignment:'right',
+		  alignment: 'right'
 		},
 		notesTitle: {
 			fontSize: 10,
 			bold: true,  
-			margin: [0,5,0,5],
+			margin: [0,5,0,5]
 		},
 		notesText: {
 			fontSize: 9,
 			margin: [0,5,50,5]
 		},
 		left: {
-			alignment:'left',
+			alignment: 'left'
 		},
 		center: {
-			alignment:'center',
+			alignment: 'center'
 		},
 	},
 	defaultStyle: {
-		columnGap: 20,
+		columnGap: 20
 	}
 }
 </script>
--- a/invoice_add_modal.php
+++ b/invoice_add_modal.php
@@ -27,7 +27,7 @@
                $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC"); 
                while($row = mysqli_fetch_array($sql)){
                  $client_id = $row['client_id'];
-                  $client_name = $row['client_name'];
+                  $client_name = htmlentities($row['client_name']);
                ?>
                  <option value="<?php echo $client_id; ?>"><?php echo "$client_name"; ?></option>
@@ -63,7 +63,7 @@
                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC"); 
                while($row = mysqli_fetch_array($sql)){
                  $category_id = $row['category_id'];
-                  $category_name = $row['category_name'];
+                  $category_name = htmlentities($row['category_name']);
                ?>
                <option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
--- a/invoice_edit_modal.php
+++ b/invoice_edit_modal.php
@@ -45,7 +45,7 @@
                $sql_income_category = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$invoice_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC"); 
                while($row = mysqli_fetch_array($sql_income_category)){
                  $category_id_select= $row['category_id'];
-                  $category_name_select = $row['category_name'];
+                  $category_name_select = htmlentities($row['category_name']);
                ?>
                <option <?php if($category_id == $category_id_select){ echo "selected"; } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
--- a/invoices.php
+++ b/invoices.php
@@ -267,26 +267,26 @@
          while($row = mysqli_fetch_array($sql)){
            $invoice_id = $row['invoice_id'];
-            $invoice_prefix = $row['invoice_prefix'];
+            $invoice_prefix = htmlentities($row['invoice_prefix']);
-            $invoice_number = $row['invoice_number'];
+            $invoice_number = htmlentities($row['invoice_number']);
-            $invoice_scope = $row['invoice_scope'];
+            $invoice_scope = htmlentities($row['invoice_scope']);
            if(empty($invoice_scope)){
              $invoice_scope_display = "-";
            }else{
              $invoice_scope_display = $invoice_scope;
            }
-            $invoice_status = $row['invoice_status'];
+            $invoice_status = htmlentities($row['invoice_status']);
            $invoice_date = $row['invoice_date'];
            $invoice_due = $row['invoice_due'];
-            $invoice_amount = $row['invoice_amount'];
+            $invoice_amount = htmlentities($row['invoice_amount']);
-            $invoice_currency_code = $row['invoice_currency_code'];
+            $invoice_currency_code = htmlentities($row['invoice_currency_code']);
            $invoice_created_at = $row['invoice_created_at'];
            $client_id = $row['client_id'];
-            $client_name = $row['client_name'];
+            $client_name = htmlentities($row['client_name']);
            $category_id = $row['category_id'];
-            $category_name = $row['category_name'];
+            $category_name = htmlentities($row['category_name']);
-            $client_currency_code = $row['client_currency_code'];
+            $client_currency_code = htmlentities($row['client_currency_code']);
-            $client_net_terms = $row['client_net_terms'];
+            $client_net_terms = htmlentities($row['client_net_terms']);
            if($client_net_terms == 0){
              $client_net_terms = $config_default_net_terms;
            }
--- a/logs.php
+++ b/logs.php
@@ -136,20 +136,20 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $log_id = $row['log_id'];
-            $log_type = $row['log_type'];
+            $log_type = htmlentities($row['log_type']);
-            $log_action = $row['log_action'];
+            $log_action = htmlentities($row['log_action']);
            $log_description = htmlentities($row['log_description']);
            $log_ip = htmlentities($row['log_ip']);
-            $log_user_agent = $row['log_user_agent'];
+            $log_user_agent = htmlentities($row['log_user_agent']);
            $log_created_at = $row['log_created_at'];
            $user_id = $row['user_id'];
-            $user_name = $row['user_name'];
+            $user_name = htmlentities($row['user_name']);
            if(empty($user_name)){
              $user_name_display = "-";
            }else{
              $user_name_display = $user_name;
            }
-            $client_name = $row['client_name'];
+            $client_name = htmlentities($row['client_name']);
            $client_id = $row['client_id'];
            if(empty($client_name)){
              $client_name_display = "-";
--- a/notifications.php
+++ b/notifications.php
@@ -34,10 +34,10 @@ $sql = mysqli_query($mysqli,"SELECT * FROM notifications LEFT JOIN clients ON no
          while($row = mysqli_fetch_array($sql)){
            $notification_id = $row['notification_id'];
-            $notification_type = $row['notification_type'];
+            $notification_type = htmlentities($row['notification_type']);
-            $notification = $row['notification'];
+            $notification = htmlentities($row['notification']);
            $notification_timestamp = $row['notification_timestamp'];
-            $client_name = $row['client_name'];
+            $client_name = htmlentities($row['client_name']);
            $client_id = $row['client_id'];
            if(empty($client_name)){
              $client_name_display = "-";
--- a/notifications_dismissed.php
+++ b/notifications_dismissed.php
@@ -90,11 +90,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $notification_id = $row['notification_id'];
            $notification_timestamp = $row['notification_timestamp'];
-            $notification_type = $row['notification_type'];
+            $notification_type = htmlentities($row['notification_type']);
-            $notification = $row['notification'];
+            $notification = htmlentities($row['notification']);
            $notification_dismissed_at = $row['notification_dismissed_at'];
-            $user_name = $row['user_name'];
+            $user_name = htmlentities($row['user_name']);
-            $client_name = $row['client_name'];
+            $client_name = htmlentities($row['client_name']);
            $client_id = $row['client_id'];
            if(empty($client_name)){
              $client_name_display = "-";
--- a/payments.php
+++ b/payments.php
@@ -139,23 +139,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $invoice_id = $row['invoice_id'];
-            $invoice_prefix = $row['invoice_prefix'];
+            $invoice_prefix = htmlentities($row['invoice_prefix']);
-            $invoice_number = $row['invoice_number'];
+            $invoice_number = htmlentities($row['invoice_number']);
-            $invoice_status = $row['invoice_status'];
+            $invoice_status = htmlentities($row['invoice_status']);
            $invoice_date = $row['invoice_date'];
            $payment_date = $row['payment_date'];
-            $payment_method = $row['payment_method'];
+            $payment_method = htmlentities($row['payment_method']);
-            $payment_amount = $row['payment_amount'];
+            $payment_amount = htmlentities($row['payment_amount']);
-            $payment_currency_code = $row['payment_currency_code'];
+            $payment_currency_code = htmlentities($row['payment_currency_code']);
-            $payment_reference = $row['payment_reference'];
+            $payment_reference = htmlentities($row['payment_reference']);
            if(empty($payment_reference)){
              $payment_reference_display = "-";
            }else{
              $payment_reference_display = $payment_reference;
            }
            $client_id = $row['client_id'];
-            $client_name = $row['client_name'];
+            $client_name = htmlentities($row['client_name']);
-            $account_name = $row['account_name'];
+            $account_name = htmlentities($row['account_name']);
          ?>
--- a/plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/CSS/4.14.0,4114918a13a428a8482a8a449792a5a8747582b5,1.ser
+++ b/plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/CSS/4.14.0,4114918a13a428a8482a8a449792a5a8747582b5,1.ser
--- a/plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/URI/4.14.0,b359e061fc6632c745df51b43504cb541c9339de,1.ser
+++ b/plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/URI/4.14.0,b359e061fc6632c745df51b43504cb541c9339de,1.ser
--- a/product_add_modal.php
+++ b/product_add_modal.php
@@ -27,7 +27,7 @@
                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL AND company_id = $session_company_id"); 
                while($row = mysqli_fetch_array($sql)){
                  $category_id = $row['category_id'];
-                  $category_name = $row['category_name'];
+                  $category_name = htmlentities($row['category_name']);
                ?>
                  <option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
@@ -64,8 +64,8 @@
                $taxes_sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE tax_archived_at IS NULL AND company_id = $session_company_id ORDER BY tax_name ASC"); 
                while($row = mysqli_fetch_array($taxes_sql)){
                  $tax_id = $row['tax_id'];
-                  $tax_name = $row['tax_name'];
+                  $tax_name = htmlentities($row['tax_name']);
-                  $tax_percent = $row['tax_percent'];
+                  $tax_percent = htmlentities($row['tax_percent']);
                ?>
                  <option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
--- a/product_edit_modal.php
+++ b/product_edit_modal.php
@@ -27,7 +27,7 @@
                $sql_select = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$product_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id"); 
                while($row = mysqli_fetch_array($sql_select)){
                  $category_id_select = $row['category_id'];
-                  $category_name_select = $row['category_name'];
+                  $category_name_select = htmlentities($row['category_name']);
                ?>
                <option <?php if($category_id == $category_id_select){ echo "selected"; } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
                <?php
@@ -64,8 +64,8 @@
                $taxes_sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE (tax_archived_at > '$product_created_at' OR tax_archived_at IS NULL) AND company_id = $session_company_id ORDER BY tax_name ASC"); 
                while($row = mysqli_fetch_array($taxes_sql)){
                  $tax_id_select = $row['tax_id'];
-                  $tax_name = $row['tax_name'];
+                  $tax_name = htmlentities($row['tax_name']);
-                  $tax_percent = $row['tax_percent'];
+                  $tax_percent = htmlentities($row['tax_percent']);
                ?>
                  <option <?php if($tax_id_select == $product_tax_id){ echo "selected"; } ?> value="<?php echo $tax_id_select; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
--- a/products.php
+++ b/products.php
@@ -64,11 +64,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
            }else{
              $product_description_display = "<div style='white-space:pre-line'>$product_description</div>";
            }
-            $product_price = $row['product_price'];
+            $product_price = htmlentities($row['product_price']);
-            $product_currency_code = $row['product_currency_code'];
+            $product_currency_code = htmlentities($row['product_currency_code']);
            $product_created_at = $row['product_created_at'];
            $category_id = $row['category_id'];
-            $category_name = $row['category_name'];
+            $category_name = htmlentities($row['category_name']);
            $product_tax_id = $row['product_tax_id'];
          ?>
--- a/quote.php
+++ b/quote.php
@@ -16,44 +16,44 @@ if(isset($_GET['quote_id'])){
  $row = mysqli_fetch_array($sql);
  $quote_id = $row['quote_id'];
-  $quote_prefix = $row['quote_prefix'];
+  $quote_prefix = htmlentities($row['quote_prefix']);
-  $quote_number = $row['quote_number'];
+  $quote_number = htmlentities($row['quote_number']);
-  $quote_scope = $row['quote_scope'];
+  $quote_scope = htmlentities($row['quote_scope']);
-  $quote_status = $row['quote_status'];
+  $quote_status = htmlentities($row['quote_status']);
  $quote_date = $row['quote_date'];
-  $quote_amount = $row['quote_amount'];
+  $quote_amount = htmlentities($row['quote_amount']);
-  $quote_currency_code = $row['quote_currency_code'];
+  $quote_currency_code = htmlentities($row['quote_currency_code']);
-  $quote_note = $row['quote_note'];
+  $quote_note = htmlentities($row['quote_note']);
-  $quote_url_key = $row['quote_url_key'];
+  $quote_url_key = htmlentities($row['quote_url_key']);
  $quote_created_at = $row['quote_created_at'];
  $category_id = $row['quote_category_id'];
  $client_id = $row['client_id'];
-  $client_name = $row['client_name'];
+  $client_name = htmlentities($row['client_name']);
-  $location_address = $row['location_address'];
+  $location_address = htmlentities($row['location_address']);
-  $location_city = $row['location_city'];
+  $location_city = htmlentities($row['location_city']);
-  $location_state = $row['location_state'];
+  $location_state = htmlentities($row['location_state']);
-  $location_zip = $row['location_zip'];
+  $location_zip = htmlentities($row['location_zip']);
-  $contact_email = $row['contact_email'];
+  $contact_email = htmlentities($row['contact_email']);
  $contact_phone = formatPhoneNumber($row['contact_phone']);
-  $contact_extension = $row['contact_extension'];
+  $contact_extension = htmlentities($row['contact_extension']);
  $contact_mobile = formatPhoneNumber($row['contact_mobile']);
-  $client_website = $row['client_website'];
+  $client_website = htmlentities($row['client_website']);
-  $client_currency_code = $row['client_currency_code'];
+  $client_currency_code = htmlentities($row['client_currency_code']);
-  $client_net_terms = $row['client_net_terms'];
+  $client_net_terms = htmlentities($row['client_net_terms']);
  if($client_net_terms == 0){
    $client_net_terms = $config_default_net_terms;
  }
  $company_id = $row['company_id'];
-  $company_name = $row['company_name'];
+  $company_name = htmlentities($row['company_name']);
-  $company_country = $row['company_country'];
+  $company_country = htmlentities($row['company_country']);
-  $company_address = $row['company_address'];
+  $company_address = htmlentities($row['company_address']);
-  $company_city = $row['company_city'];
+  $company_city = htmlentities($row['company_city']);
-  $company_state = $row['company_state'];
+  $company_state = htmlentities($row['company_state']);
-  $company_zip = $row['company_zip'];
+  $company_zip = htmlentities($row['company_zip']);
  $company_phone = formatPhoneNumber($row['company_phone']);
-  $company_email = $row['company_email'];
+  $company_email = htmlentities($row['company_email']);
-  $company_website = $row['company_website'];
+  $company_website = htmlentities($row['company_website']);
-  $company_logo = $row['company_logo'];
+  $company_logo = htmlentities($row['company_logo']);
  if(!empty($company_logo)){
    $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
  }
@@ -221,13 +221,13 @@ if(isset($_GET['quote_id'])){
                while($row = mysqli_fetch_array($sql_items)){
                  $item_id = $row['item_id'];
-                  $item_name = $row['item_name'];
+                  $item_name = htmlentities($row['item_name']);
-                  $item_description = $row['item_description'];
+                  $item_description = htmlentities($row['item_description']);
-                  $item_quantity = $row['item_quantity'];
+                  $item_quantity = htmlentities($row['item_quantity']);
-                  $item_price = $row['item_price'];
+                  $item_price = htmlentities($row['item_price']);
-                  $item_subtotal = $row['item_price'];
+                  $item_subtotal = htmlentities($row['item_price']);
-                  $item_tax = $row['item_tax'];
+                  $item_tax = htmlentities($row['item_tax']);
-                  $item_total = $row['item_total'];
+                  $item_total = htmlentities($row['item_total']);
                  $item_created_at = $row['item_created_at'];
                  $tax_id = $row['item_tax_id'];
                  $total_tax = $item_tax + $total_tax;
@@ -272,8 +272,8 @@ if(isset($_GET['quote_id'])){
                        $taxes_sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE company_id = $session_company_id ORDER BY tax_name ASC"); 
                        while($row = mysqli_fetch_array($taxes_sql)){
                          $tax_id = $row['tax_id'];
-                          $tax_name = $row['tax_name'];
+                          $tax_name = htmlentities($row['tax_name']);
-                          $tax_percent = $row['tax_percent'];
+                          $tax_percent = htmlentities($row['tax_percent']);
                        ?>
                          <option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
@@ -337,7 +337,7 @@ if(isset($_GET['quote_id'])){
    <hr class="d-none d-print-block mt-5">
-    <center class="d-none d-print-block" style="white-space:pre-line"><?php echo $config_quote_footer; ?></center>
+    <center class="d-none d-print-block" style="white-space:pre-line"><?php echo htmlentities($config_quote_footer); ?></center>
  </div>
 </div>
@@ -369,8 +369,8 @@ if(isset($_GET['quote_id'])){
            while($row = mysqli_fetch_array($sql_history)){
              $history_created_at = $row['history_created_at'];
-              $history_status = $row['history_status'];
+              $history_status = htmlentities($row['history_status']);
-              $history_description = $row['history_description'];
+              $history_description = htmlentities($row['history_description']);
            ?>
            <tr>
@@ -429,8 +429,8 @@ include("footer.php");
 var docDefinition = {
 	info: {
-		title: '<?php echo "$company_name - Quote"; ?>',
+		title: <?php echo json_encode(html_entity_decode($company_name) . "- Quote") ?>,
-		author: '<?php echo $company_name; ?>'
+		author: <?php echo json_encode(html_entity_decode($company_name)) ?>
 	},
 	//watermark: {text: '<?php echo $quote_status; ?>', color: 'lightgrey', opacity: 0.3, bold: true, italics: false},
@@ -441,7 +441,7 @@ var docDefinition = {
 			columns: [
 				<?php if(!empty($company_logo_base64)){ ?>
 				{
-					image: '<?php echo "data:image;base64,$company_logo_base64"; ?>',
+					image: <?php echo json_encode("data:image;base64,$company_logo_base64") ?>,
 					width: 120
 				},
 				<?php } ?>
@@ -453,7 +453,7 @@ var docDefinition = {
 						width: '*'
 					},
 					{
-						text: '<?php echo "$quote_prefix$quote_number"; ?>', 
+						text: <?php echo json_encode("$quote_prefix$quote_number") ?>, 
 						style: 'invoiceNumber',
 						width: '*'
 					},
@@ -464,12 +464,12 @@ var docDefinition = {
 		{
 			columns: [
 				{
-		    	text: <?php echo json_encode($company_name); ?>,
+		    	text: <?php echo json_encode(html_entity_decode($company_name)) ?>,
-		      style:'invoiceBillingTitle',
+		      style: 'invoiceBillingTitle'
 		    },
 		    {
-		      text: <?php echo json_encode($client_name); ?>,
+		      text: <?php echo json_encode(html_entity_decode($client_name)) ?>,
-		      style:'invoiceBillingTitleClient',        
+		      style: 'invoiceBillingTitleClient'    
 		    },
 			]
 		},
@@ -477,11 +477,11 @@ var docDefinition = {
 		{
 			columns: [
 		  	{
-		      text: <?php echo json_encode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website"); ?>,
+		      text: <?php echo json_encode(html_entity_decode("$company_address \n $company_city $company_state $company_zip \n $company_phone \n $company_website")) ?>,
 		      style: 'invoiceBillingAddress'
 		    },
 		    {
-		      text: <?php echo json_encode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone"); ?>,
+		      text: <?php echo json_encode(html_entity_decode("$location_address \n $location_city $location_state $location_zip \n $contact_email \n $contact_phone")) ?>,
 		      style: 'invoiceBillingAddressClient'
 		    },
 		  ]
@@ -498,7 +498,7 @@ var docDefinition = {
 		    	// Total
 		      [ 
 		      	{
-		      		text:'',
+		      		text: '',
 		      		rowSpan: 2
 		      	},
 		      	{}, 
@@ -507,12 +507,12 @@ var docDefinition = {
 		      [ 
 		      	{},
 		      	{
-							text:'Quote Date',
+							text: 'Quote Date',
-							style:'invoiceDateTitle',
+							style: 'invoiceDateTitle'
 						}, 
 						{
-							text:'<?php echo $quote_date ?>',
+							text: <?php echo json_encode($quote_date) ?>,
-							style:'invoiceDateValue',
+							style: 'invoiceDateValue'
 						},
 		      ],
 		    ]
@@ -577,29 +577,29 @@ var docDefinition = {
 		      [	 
 		        [
 		        	{
-		          	text: <?php echo json_encode($item_name); ?>,
+		          	text: <?php echo json_encode($item_name) ?>,
-		            style:'itemTitle'
+		            style: 'itemTitle'
 		          },
 		          {
-		            text: <?php echo json_encode($item_description); ?>,
+		            text: <?php echo json_encode($item_description) ?>,
-		            style:'itemDescription'       
+		            style: 'itemDescription'       
 		          }
 		        ], 
 		        {
-		        	text:'<?php echo $item_quantity; ?>',
+		        	text: <?php echo json_encode($item_quantity) ?>,
-		          style:'itemQty'
+		          style: 'itemQty'
 		        }, 
 		        {
-		        	text:'<?php echo numfmt_format_currency($currency_format, $item_price, $quote_currency_code); ?>',
+		        	text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_price, $quote_currency_code)) ?>,
-		         	style:'itemNumber'
+		         	style: 'itemNumber'
 		        }, 
 		        {
-		          text:'<?php echo numfmt_format_currency($currency_format, $item_tax, $quote_currency_code); ?>',
+		          text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_tax, $quote_currency_code)) ?>,
-		          style:'itemNumber'
+		          style: 'itemNumber'
 		        }, 
 		        {
-		          text:'<?php echo numfmt_format_currency($currency_format, $item_total, $quote_currency_code); ?>',
+		          text: <?php echo json_encode(numfmt_format_currency($currency_format, $item_total, $quote_currency_code)) ?>,
-		          style:'itemNumber'
+		          style: 'itemNumber'
 		        } 
 		    	],
@@ -624,7 +624,7 @@ var docDefinition = {
 		      [ 
 		      	{
 		      		text: 'Notes',
-		  				style:'notesTitle'
+		  				style: 'notesTitle'
 		  			},
 		      	{},
 		      	{}
@@ -632,38 +632,38 @@ var docDefinition = {
 		      [ 
 		      	{
 		      		rowSpan: 3,
-							text: <?php echo json_encode($quote_note); ?>,
+							text: <?php echo json_encode(html_entity_decode($quote_note)) ?>,
-		  				style:'notesText'
+		  				style: 'notesText'
 		  			},
 		      	{
-		        	text:'Subtotal',
+		        	text: 'Subtotal',
-		          style:'itemsFooterSubTitle'
+		          style: 'itemsFooterSubTitle'
 		        }, 
 		        { 
-		         	text:'<?php echo numfmt_format_currency($currency_format, $sub_total, $quote_currency_code); ?>',
+		         	text: <?php echo json_encode(numfmt_format_currency($currency_format, $sub_total, $quote_currency_code)) ?>,
-		          style:'itemsFooterSubValue'
+		          style: 'itemsFooterSubValue'
 		        }
 		      ],
 		      [ 
 		      	{},    	
 		      	{
-		        	text:'Tax',
+		        	text: 'Tax',
-		          style:'itemsFooterSubTitle'
+		          style: 'itemsFooterSubTitle'
 		        },
 		        {
-		         	text: '<?php echo numfmt_format_currency($currency_format, $total_tax, $quote_currency_code); ?>',
+		         	text: <?php echo json_encode(numfmt_format_currency($currency_format, $total_tax, $quote_currency_code)) ?>,
-		          style:'itemsFooterSubValue'
+		          style: 'itemsFooterSubValue'
 		        }
 		      ],
 		      [ 
 		      	{},
 		      	{
-		        	text:'Total',
+		        	text: 'Total',
-		          style:'itemsFooterSubTitle'
+		          style: 'itemsFooterSubTitle'
 		        }, 
 		        {
-		         	text: '<?php echo numfmt_format_currency($currency_format, $quote_amount, $quote_currency_code); ?>',
+		         	text: <?php echo json_encode(numfmt_format_currency($currency_format, $quote_amount, $quote_currency_code)) ?>,
-		          style:'itemsFooterSubValue'
+		          style: 'itemsFooterSubValue'
 		        }
 		      ],
 		    ]
@@ -672,7 +672,7 @@ var docDefinition = {
 		},
    // TERMS / FOOTER
    {
-      text: <?php echo json_encode("$config_quote_footer"); ?>,
+      text: <?php echo json_encode($config_quote_footer) ?>,
      style: 'documentFooterCenter'  
    }
 	], //End Content,
@@ -681,14 +681,14 @@ var docDefinition = {
 		documentFooterCenter: {
 			fontSize: 9,
 		  margin: [10,50,10,10],
-		  alignment:'center'
+		  alignment: 'center'
 		},
 		// Invoice Title
 		invoiceTitle: {
 			fontSize: 18,
 			bold: true,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,0,0,3]
+			margin: [0,0,0,3]
 		},
 		// Invoice Number
 		invoiceNumber: {
@@ -699,14 +699,14 @@ var docDefinition = {
 		invoiceBillingTitle: {
 			fontSize: 14,
 			bold: true,
-			alignment:'left',
+			alignment: 'left',
-			margin:[0,20,0,5]
+			margin: [0,20,0,5]
 		},
 		invoiceBillingTitleClient: {
 			fontSize: 14,
 			bold: true,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,20,0,5]
+			margin: [0,20,0,5]
 		},
 		// Billing Details
 		invoiceBillingAddress: {
@@ -716,26 +716,26 @@ var docDefinition = {
 		invoiceBillingAddressClient: {
 			fontSize: 10,
 			lineHeight: 1.2,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,0,0,30]
+			margin: [0,0,0,30]
 		},
 		// Invoice Dates
 		invoiceDateTitle: {
 			fontSize: 10,
-			alignment:'left',
+			alignment: 'left',
-			margin:[0,5,0,5]
+			margin: [0,5,0,5]
 		},
 		invoiceDateValue: {
 			fontSize: 10,
-			alignment:'right',
+			alignment: 'right',
-			margin:[0,5,0,5]
+			margin: [0,5,0,5]
 		},
 		// Items Header
 		itemsHeader: {
 			fontSize: 10,
 			margin: [0,5,0,5],
 			bold: true,
-			alignment:'right'
+			alignment: 'right'
 		},
 		// Item Title
 		itemTitle: {
@@ -752,61 +752,61 @@ var docDefinition = {
 		itemQty: {
 			fontSize: 10,
 			margin: [0,5,0,5],
-			alignment: 'center',
+			alignment: 'center'
 		},
 		itemNumber: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
-		  alignment: 'right',
+		  alignment: 'right'
 		},
 		itemTotal: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: true,
-		  alignment: 'right',
+		  alignment: 'right'
 		},
 		// Items Footer (Subtotal, Total, Tax, etc)
 		itemsFooterSubTitle: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
-		  alignment:'right',
+		  alignment: 'right'
 		},
 		itemsFooterSubValue: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: false,
-		  alignment:'right',
+		  alignment: 'right'
 		},
 		itemsFooterTotalTitle: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: true,
-		  alignment:'right',
+		  alignment: 'right'
 		},
 		itemsFooterTotalValue: {
 		  fontSize: 10,
 		  margin: [0,5,0,5],
 		  bold: true,
-		  alignment:'right',
+		  alignment: 'right'
 		},
 		notesTitle: {
 			fontSize: 10,
 			bold: true,  
-			margin: [0,5,0,5],
+			margin: [0,5,0,5]
 		},
 		notesText: {
 			fontSize: 9,
 			margin: [0,5,50,5]
 		},
 		left: {
-			alignment:'left',
+			alignment: 'left'
 		},
 		center: {
-			alignment:'center',
+			alignment: 'center'
 		},
 	},
 	defaultStyle: {
-		columnGap: 20,
+		columnGap: 20
 	}
 }
 </script>
--- a/quote_add_modal.php
+++ b/quote_add_modal.php
@@ -28,7 +28,7 @@
                $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC"); 
                while($row = mysqli_fetch_array($sql)){
                  $client_id = $row['client_id'];
-                  $client_name = $row['client_name'];
+                  $client_name = htmlentities($row['client_name']);
                ?>
                  <option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option>
@@ -64,7 +64,7 @@
                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC"); 
                while($row = mysqli_fetch_array($sql)){
                  $category_id = $row['category_id'];
-                  $category_name = $row['category_name'];
+                  $category_name = htmlentities($row['category_name']);
                ?>
                <option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
--- a/quote_edit_modal.php
+++ b/quote_edit_modal.php
@@ -35,7 +35,7 @@
                $sql_income_category = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$quote_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC"); 
                while($row = mysqli_fetch_array($sql_income_category)){
                  $category_id_select = $row['category_id'];
-                  $category_name_select = $row['category_name'];
+                  $category_name_select = htmlentities($row['category_name']);
                ?>
                <option <?php if($category_id_select == $category_id){ echo "selected"; } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
--- a/quotes.php
+++ b/quotes.php
@@ -140,25 +140,25 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $quote_id = $row['quote_id'];
-            $quote_prefix = $row['quote_prefix'];
+            $quote_prefix = htmlentities($row['quote_prefix']);
-            $quote_number = $row['quote_number'];
+            $quote_number = htmlentities($row['quote_number']);
-            $quote_scope = $row['quote_scope'];
+            $quote_scope = htmlentities($row['quote_scope']);
            if(empty($quote_scope)){
              $quote_scope_display = "-";
            }else{
              $quote_scope_display = $quote_scope;
            }
-            $quote_status = $row['quote_status'];
+            $quote_status = htmlentities($row['quote_status']);
            $quote_date = $row['quote_date'];
-            $quote_amount = $row['quote_amount'];
+            $quote_amount = htmlentities($row['quote_amount']);
-            $quote_currency_code = $row['quote_currency_code'];
+            $quote_currency_code = htmlentities($row['quote_currency_code']);
            $quote_created_at = $row['quote_created_at'];
            $client_id = $row['client_id'];
            $client_name = htmlentities($row['client_name']);
-            $client_currency_code = $row['client_currency_code'];
+            $client_currency_code = htmlentities($row['client_currency_code']);
            $category_id = $row['category_id'];
-            $category_name = $row['category_name'];
+            $category_name = htmlentities($row['category_name']);
-            $client_net_terms = $row['client_net_terms'];
+            $client_net_terms = htmlentities($row['client_net_terms']);
            if($client_net_terms == 0){
              $client_net_terms = $config_default_net_terms;
            }
--- a/recurring_invoice.php
+++ b/recurring_invoice.php
@@ -16,35 +16,35 @@ if(isset($_GET['recurring_id'])){
  $row = mysqli_fetch_array($sql);
  $recurring_id = $row['recurring_id'];
-  $recurring_prefix = $row['recurring_prefix'];
+  $recurring_prefix = htmlentities($row['recurring_prefix']);
-  $recurring_number = $row['recurring_number'];
+  $recurring_number = htmlentities($row['recurring_number']);
-  $recurring_scope = $row['recurring_scope'];
+  $recurring_scope = htmlentities($row['recurring_scope']);
-  $recurring_frequency = $row['recurring_frequency'];
+  $recurring_frequency = htmlentities($row['recurring_frequency']);
-  $recurring_status = $row['recurring_status'];
+  $recurring_status = htmlentities($row['recurring_status']);
  $recurring_created_at = $row['recurring_created_at'];
  $recurring_last_sent = $row['recurring_last_sent'];
  if($recurring_last_sent == 0){
    $recurring_last_sent = '-';
  }
  $recurring_next_date = $row['recurring_next_date'];
-  $recurring_amount = $row['recurring_amount'];
+  $recurring_amount = htmlentities($row['recurring_amount']);
-  $recurring_currency_code = $row['recurring_currency_code'];
+  $recurring_currency_code = htmlentities($row['recurring_currency_code']);
-  $recurring_note = $row['recurring_note'];
+  $recurring_note = htmlentities($row['recurring_note']);
  $recurring_created_at = $row['recurring_created_at'];
  $category_id = $row['recurring_category_id'];
  $client_id = $row['client_id'];
-  $client_name = $row['client_name'];
+  $client_name = htmlentities($row['client_name']);
-  $location_address = $row['location_address'];
+  $location_address = htmlentities($row['location_address']);
-  $location_city = $row['location_city'];
+  $location_city = htmlentities($row['location_city']);
-  $location_state = $row['location_state'];
+  $location_state = htmlentities($row['location_state']);
-  $location_zip = $row['location_zip'];
+  $location_zip = htmlentities($row['location_zip']);
-  $contact_email = $row['contact_email'];
+  $contact_email = htmlentities($row['contact_email']);
  $contact_phone = formatPhoneNumber($row['contact_phone']);
-  $contact_extension = $row['contact_extension'];
+  $contact_extension = htmlentities($row['contact_extension']);
  $contact_mobile = formatPhoneNumber($row['contact_mobile']);
-  $client_website = $row['client_website'];
+  $client_website = htmlentities($row['client_website']);
-  $client_currency_code = $row['client_currency_code'];
+  $client_currency_code = htmlentities($row['client_currency_code']);
-  $client_net_terms = $row['client_net_terms'];
+  $client_net_terms = htmlentities($row['client_net_terms']);
  if($recurring_status == 1){
    $status = "Active";
@@ -54,16 +54,16 @@ if(isset($_GET['recurring_id'])){
    $status_badge_color = "secondary";
  }
  $company_id = $row['company_id'];
-  $company_name = $row['company_name'];
+  $company_name = htmlentities($row['company_name']);
-  $company_country = $row['company_country'];
+  $company_country = htmlentities($row['company_country']);
-  $company_address = $row['company_address'];
+  $company_address = htmlentities($row['company_address']);
-  $company_city = $row['company_city'];
+  $company_city = htmlentities($row['company_city']);
-  $company_state = $row['company_state'];
+  $company_state = htmlentities($row['company_state']);
-  $company_zip = $row['company_zip'];
+  $company_zip = htmlentities($row['company_zip']);
  $company_phone = formatPhoneNumber($row['company_phone']);
-  $company_email = $row['company_email'];
+  $company_email = htmlentities($row['company_email']);
-  $company_website = $row['company_website'];
+  $company_website = htmlentities($row['company_website']);
-  $company_logo = $row['company_logo'];
+  $company_logo = htmlentities($row['company_logo']);
  $sql_history = mysqli_query($mysqli,"SELECT * FROM history WHERE history_recurring_id = $recurring_id ORDER BY history_id DESC");
@@ -192,13 +192,13 @@ if(isset($_GET['recurring_id'])){
                while($row = mysqli_fetch_array($sql_items)){
                  $item_id = $row['item_id'];
-                  $item_name = $row['item_name'];
+                  $item_name = htmlentities($row['item_name']);
-                  $item_description = $row['item_description'];
+                  $item_description = htmlentities($row['item_description']);
-                  $item_quantity = $row['item_quantity'];
+                  $item_quantity = htmlentities($row['item_quantity']);
-                  $item_price = $row['item_price'];
+                  $item_price = htmlentities($row['item_price']);
-                  $item_subtotal = $row['item_price'];
+                  $item_subtotal = htmlentities($row['item_price']);
-                  $item_tax = $row['item_tax'];
+                  $item_tax = htmlentities($row['item_tax']);
-                  $item_total = $row['item_total'];
+                  $item_total = htmlentities($row['item_total']);
                  $item_created_at = $row['item_created_at'];
                  $tax_id = $row['item_tax_id'];
                  $total_tax = $item_tax + $total_tax;
@@ -243,8 +243,8 @@ if(isset($_GET['recurring_id'])){
                        $taxes_sql = mysqli_query($mysqli,"SELECT * FROM taxes WHERE company_id = $session_company_id ORDER BY tax_name ASC"); 
                        while($row = mysqli_fetch_array($taxes_sql)){
                          $tax_id = $row['tax_id'];
-                          $tax_name = $row['tax_name'];
+                          $tax_name = htmlentities($row['tax_name']);
-                          $tax_percent = $row['tax_percent'];
+                          $tax_percent = htmlentities($row['tax_percent']);
                        ?>
                          <option value="<?php echo $tax_id; ?>"><?php echo "$tax_name $tax_percent%"; ?></option>
@@ -288,17 +288,17 @@ if(isset($_GET['recurring_id'])){
          <tbody>    
            <tr class="border-bottom">
              <td>Subtotal</td>
-              <td class="text-right"><?php echo numfmt_format_currency($currency_format, $sub_total, $recurring_currency_code); ?></td>
+              <td class="text-right"><?php echo htmlentities(numfmt_format_currency($currency_format, $sub_total, $recurring_currency_code)); ?></td>
            </tr>
            <?php if($total_tax > 0){ ?>
            <tr class="border-bottom">
              <td>Tax</td>
-              <td class="text-right"><?php echo numfmt_format_currency($currency_format, $total_tax, $recurring_currency_code); ?></td>        
+              <td class="text-right"><?php echo htmlentities(numfmt_format_currency($currency_format, $total_tax, $recurring_currency_code)); ?></td>        
            </tr>
            <?php } ?>
            <tr class="border-bottom">
              <td><strong>Amount</strong></td>
-              <td class="text-right"><strong><?php echo numfmt_format_currency($currency_format, $recurring_amount, $recurring_currency_code); ?></strong></td>
+              <td class="text-right"><strong><?php echo htmlentities(numfmt_format_currency($currency_format, $recurring_amount, $recurring_currency_code)); ?></strong></td>
            </tr>
          </tbody>
        </table>
@@ -334,8 +334,8 @@ if(isset($_GET['recurring_id'])){
            while($row = mysqli_fetch_array($sql_history)){
              $history_created_at = $row['history_created_at'];
-              $history_status = $row['history_status'];
+              $history_status = htmlentities($row['history_status']);
-              $history_description = $row['history_description'];
+              $history_description = htmlentities($row['history_description']);
            ?>
            <tr>
--- a/recurring_invoice_add_modal.php
+++ b/recurring_invoice_add_modal.php
@@ -27,7 +27,7 @@
                $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC"); 
                while($row = mysqli_fetch_array($sql)){
                  $client_id = $row['client_id'];
-                  $client_name = $row['client_name'];
+                  $client_name = htmlentities($row['client_name']);
                ?>
                  <option value="<?php echo $client_id; ?>"><?php echo "$client_name"; ?></option>
@@ -78,7 +78,7 @@
                $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC"); 
                while($row = mysqli_fetch_array($sql)){
                  $category_id = $row['category_id'];
-                  $category_name = $row['category_name'];
+                  $category_name = htmlentities($row['category_name']);
                ?>
                <option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
--- a/recurring_invoice_edit_modal.php
+++ b/recurring_invoice_edit_modal.php
@@ -42,7 +42,7 @@
                $sql_income_category = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$recurring_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC"); 
                while($row = mysqli_fetch_array($sql_income_category)){
                  $category_id_select= $row['category_id'];
-                  $category_name_select = $row['category_name'];
+                  $category_name_select = htmlentities($row['category_name']);
                ?>
                <option <?php if($category_id == $category_id_select){ ?> selected <?php } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name_select; ?></option>
--- a/recurring_invoices.php
+++ b/recurring_invoices.php
@@ -143,24 +143,24 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $recurring_id = $row['recurring_id'];
-            $recurring_prefix = $row['recurring_prefix'];
+            $recurring_prefix = htmlentities($row['recurring_prefix']);
-            $recurring_number = $row['recurring_number'];
+            $recurring_number = htmlentities($row['recurring_number']);
-            $recurring_scope = $row['recurring_scope'];
+            $recurring_scope = htmlentities($row['recurring_scope']);
-            $recurring_frequency = $row['recurring_frequency'];
+            $recurring_frequency = htmlentities($row['recurring_frequency']);
-            $recurring_status = $row['recurring_status'];
+            $recurring_status = htmlentities($row['recurring_status']);
            $recurring_last_sent = $row['recurring_last_sent'];
            if($recurring_last_sent == 0){
              $recurring_last_sent = "-";
            }
            $recurring_next_date = $row['recurring_next_date'];
-            $recurring_amount = $row['recurring_amount'];
+            $recurring_amount = htmlentities($row['recurring_amount']);
-            $recurring_currency_code = $row['recurring_currency_code'];
+            $recurring_currency_code = htmlentities($row['recurring_currency_code']);
            $recurring_created_at = $row['recurring_created_at'];
            $client_id = $row['client_id'];
-            $client_name = $row['client_name'];
+            $client_name = htmlentities($row['client_name']);
-            $client_currency_code = $row['client_currency_code'];
+            $client_currency_code = htmlentities($row['client_currency_code']);
            $category_id = $row['category_id'];
-            $category_name = $row['category_name'];
+            $category_name = htmlentities($row['category_name']);
            if($recurring_status == 1){
              $status = "Active";
              $status_badge_color = "success";
--- a/report_expense_by_vendor.php
+++ b/report_expense_by_vendor.php
@@ -55,7 +55,7 @@ $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE company_id = $s
          <?php
          while($row = mysqli_fetch_array($sql_vendors)){
            $vendor_id = $row['vendor_id'];
-            $vendor_name = $row['vendor_name'];
+            $vendor_name = htmlentities($row['vendor_name']);
            $sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(expense_amount) AS amount_paid FROM expenses WHERE YEAR(expense_date) = $year AND expense_vendor_id = $vendor_id");
            $row = mysqli_fetch_array($sql_amount_paid);
--- a/report_expense_summary.php
+++ b/report_expense_summary.php
@@ -74,7 +74,7 @@ $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_
          <?php
          while($row = mysqli_fetch_array($sql_categories)){
            $category_id = $row['category_id'];
-            $category_name = $row['category_name'];
+            $category_name = htmlentities($row['category_name']);
          ?>
            <tr>
--- a/report_income_by_client.php
+++ b/report_income_by_client.php
@@ -55,7 +55,7 @@ $sql_clients = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $s
          <?php
          while($row = mysqli_fetch_array($sql_clients)){
            $client_id = $row['client_id'];
-            $client_name = $row['client_name'];
+            $client_name = htmlentities($row['client_name']);
            $sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payment_invoice_id = invoice_id AND YEAR(payment_date) = $year AND invoice_client_id = $client_id");
            $row = mysqli_fetch_array($sql_amount_paid);
--- a/report_income_summary.php
+++ b/report_income_summary.php
@@ -74,7 +74,7 @@ $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_
          <?php
          while($row = mysqli_fetch_array($sql_categories)){
            $category_id = $row['category_id'];
-            $category_name = $row['category_name'];
+            $category_name = htmlentities($row['category_name']);
          ?>
--- a/report_profit_loss.php
+++ b/report_profit_loss.php
@@ -61,7 +61,7 @@ $sql_categories_expense = mysqli_query($mysqli,"SELECT * FROM categories WHERE c
          <?php
          while($row = mysqli_fetch_array($sql_categories_income)){
            $category_id = $row['category_id'];
-            $category_name = $row['category_name'];
+            $category_name = htmlentities($row['category_name']);
          ?>
            <tr>
@@ -268,7 +268,7 @@ $sql_categories_expense = mysqli_query($mysqli,"SELECT * FROM categories WHERE c
          <?php
          while($row = mysqli_fetch_array($sql_categories_expense)){
            $category_id = $row['category_id'];
-            $category_name = $row['category_name'];
+            $category_name = htmlentities($row['category_name']);
          ?>
            <tr>
--- a/report_tax_summary.php
+++ b/report_tax_summary.php
@@ -54,7 +54,7 @@ $sql_tax = mysqli_query($mysqli,"SELECT * FROM taxes WHERE company_id = $session
          <?php
          while($row = mysqli_fetch_array($sql_tax)){
            $tax_id = $row['tax_id'];
-            $tax_name = $row['tax_name'];
+            $tax_name = htmlentities($row['tax_name']);
          ?>
            <tr>
--- a/revenue_add_modal.php
+++ b/revenue_add_modal.php
@@ -64,8 +64,8 @@
                  $sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE account_archived_at IS NULL AND company_id = $session_company_id ORDER BY account_name ASC"); 
                    while($row = mysqli_fetch_array($sql)){
                      $account_id = $row['account_id'];
-                      $account_name = $row['account_name'];
+                      $account_name = htmlentities($row['account_name']);
-                      $opening_balance = $row['opening_balance'];
+                      $opening_balance = htmlentities($row['opening_balance']);
                      $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
                      $row = mysqli_fetch_array($sql_payments);
@@ -104,7 +104,7 @@
                  $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC"); 
                  while($row = mysqli_fetch_array($sql)){
                    $category_id = $row['category_id'];
-                    $category_name = $row['category_name'];
+                    $category_name = htmlentities($row['category_name']);
                  ?>
                    <option value="<?php echo $category_id; ?>"><?php echo $category_name; ?></option>
@@ -139,7 +139,7 @@
                  $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method' AND category_archived_at IS NULL AND company_id = $session_company_id ORDER BY category_name ASC"); 
                  while($row = mysqli_fetch_array($sql)){
-                    $category_name = $row['category_name'];
+                    $category_name = htmlentities($row['category_name']);
                  ?>
                    <option><?php echo "$category_name"; ?></option>
--- a/revenue_edit_modal.php
+++ b/revenue_edit_modal.php
@@ -65,8 +65,8 @@
                  $sql_accounts = mysqli_query($mysqli,"SELECT * FROM accounts WHERE (account_archived_at > '$revenue_created_at' OR account_archived_at IS NULL) AND company_id = $session_company_id  ORDER BY account_name ASC");
                  while($row = mysqli_fetch_array($sql_accounts)){
                    $account_id_select = $row['account_id'];
-                    $account_name_select = $row['account_name'];
+                    $account_name_select = htmlentities($row['account_name']);
-                    $opening_balance = $row['opening_balance'];
+                    $opening_balance = htmlentities($row['opening_balance']);
                    $sql_payments = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id_select");
                    $row = mysqli_fetch_array($sql_payments);
@@ -105,7 +105,7 @@
                  $sql_category = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Income' AND (category_archived_at > '$revenue_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC"); 
                  while($row = mysqli_fetch_array($sql_category)){
                    $category_id_select = $row['category_id'];
-                    $category_name = $row['category_name'];
+                    $category_name = htmlentities($row['category_name']);
                  ?>
                    <option <?php if($category_id_select == $category_id){ echo "selected"; } ?> value="<?php echo $category_id_select; ?>"><?php echo $category_name; ?></option>
@@ -140,7 +140,7 @@
                  $sql_categories = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method' AND (category_archived_at > '$revenue_created_at' OR category_archived_at IS NULL) AND company_id = $session_company_id ORDER BY category_name ASC"); 
                  while($row = mysqli_fetch_array($sql_categories)){
-                    $category_name_select = $row['category_name'];
+                    $category_name_select = htmlentities($row['category_name']);
                  ?>
                    <option <?php if($revenue_payment_method == $category_name_select){ echo "selected"; } ?>><?php echo "$category_name_select"; ?></option>
--- a/revenues.php
+++ b/revenues.php
@@ -139,22 +139,22 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
          while($row = mysqli_fetch_array($sql)){
            $revenue_id = $row['revenue_id'];
-            $revenue_description = $row['revenue_description'];
+            $revenue_description = htmlentities($row['revenue_description']);
-            $revenue_reference = $row['revenue_reference'];
+            $revenue_reference = htmlentities($row['revenue_reference']);
            if(empty($revenue_reference)){
              $revenue_reference_display = "-";
            }else{
              $revenue_reference_display = $revenue_reference;
            }
            $revenue_date = $row['revenue_date'];
-            $revenue_payment_method = $row['revenue_payment_method'];
+            $revenue_payment_method = htmlentities($row['revenue_payment_method']);
-            $revenue_amount = $row['revenue_amount'];
+            $revenue_amount = htmlentities($row['revenue_amount']);
-            $revenue_currency_code = $row['revenue_currency_code'];
+            $revenue_currency_code = htmlentities($row['revenue_currency_code']);
            $revenue_created_at = $row['revenue_created_at'];
            $account_id = $row['account_id'];
-            $account_name = $row['account_name'];
+            $account_name = htmlentities($row['account_name']);
            $category_id = $row['category_id'];
-            $category_name = $row['category_name'];
+            $category_name = htmlentities($row['category_name']);
          ?>
--- a/scheduled_ticket_add_modal.php
+++ b/scheduled_ticket_add_modal.php
@@ -24,7 +24,7 @@
                                    $sql = mysqli_query($mysqli,"SELECT * FROM contacts WHERE contact_client_id = $client_id ORDER BY contact_name ASC");
                                    while($row = mysqli_fetch_array($sql)){
                                        $contact_id = $row['contact_id'];
-                                        $contact_name = $row['contact_name'];
+                                        $contact_name = htmlentities($row['contact_name']);
                                        ?>
                                        <option value="<?php echo $contact_id; ?>" <?php if($primary_contact == $contact_id){ echo "selected"; } ?>><?php echo "$contact_name"; ?></option>
@@ -48,7 +48,7 @@
                                    $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC");
                                    while($row = mysqli_fetch_array($sql)){
                                        $client_id = $row['client_id'];
-                                        $client_name = $row['client_name'];
+                                        $client_name = htmlentities($row['client_name']);
                                        ?>
                                        <option value="<?php echo $client_id; ?>"><?php echo "$client_name"; ?></option>
@@ -123,7 +123,7 @@
                                $sql_assets = mysqli_query($mysqli,"SELECT * FROM assets WHERE asset_client_id = $client_id ORDER BY asset_name ASC");
                                while($row = mysqli_fetch_array($sql_assets)){
                                    $asset_id_select = $row['asset_id'];
-                                    $asset_name_select = $row['asset_name'];
+                                    $asset_name_select = htmlentities($row['asset_name']);
                                    ?>
                                    <option value="<?php echo $asset_id_select; ?>"><?php echo $asset_name_select; ?></option>
--- a/scheduled_ticket_edit_modal.php
+++ b/scheduled_ticket_edit_modal.php
@@ -9,7 +9,7 @@
      </div>
      <form action="post.php" method="post" autocomplete="off">
        <div class="modal-body bg-white">
-          <input type="hidden" name="ticket_id" id="editTicketId"">
+          <input type="hidden" name="ticket_id" id="editTicketId">
          <input type="hidden" name="client_id" id="editClientId">
          <div class="form-group">
--- a/scheduled_tickets.php
+++ b/scheduled_tickets.php
@@ -66,11 +66,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
        while ($row = mysqli_fetch_array($sql)) {
          $scheduled_ticket_id = $row['scheduled_ticket_id'];
          $scheduled_ticket_client_id = $row['client_id'];
-          $scheduled_ticket_subject = $row['scheduled_ticket_subject'];
+          $scheduled_ticket_subject = htmlentities($row['scheduled_ticket_subject']);
-          $scheduled_ticket_priority = $row['scheduled_ticket_priority'];
+          $scheduled_ticket_priority = htmlentities($row['scheduled_ticket_priority']);
-          $scheduled_ticket_frequency = $row['scheduled_ticket_frequency'];
+          $scheduled_ticket_frequency = htmlentities($row['scheduled_ticket_frequency']);
          $scheduled_ticket_next_run = $row['scheduled_ticket_next_run'];
-          $scheduled_ticket_client_name = $row['client_name'];
+          $scheduled_ticket_client_name = htmlentities($row['client_name']);
          ?>
          <tr>
--- a/settings_alerts.php
+++ b/settings_alerts.php
@@ -30,7 +30,7 @@
          <div class="input-group-prepend">
            <span class="input-group-text"><i class="fa fa-fw fa-bell"></i></span>
          </div>
-          <input type="text" class="form-control" name="config_invoice_overdue_reminders" placeholder="Send After Due Days" value="<?php echo $config_invoice_overdue_reminders; ?>">
+          <input type="text" class="form-control" name="config_invoice_overdue_reminders" placeholder="Send After Due Days" value="<?php echo htmlentities($config_invoice_overdue_reminders); ?>">
        </div>
      </div>
--- a/settings_api.php
+++ b/settings_api.php
@@ -53,8 +53,8 @@
          while($row = mysqli_fetch_array($sql)){
            $api_key_id = $row['api_key_id'];
-            $api_key_name = $row['api_key_name'];
+            $api_key_name = htmlentities($row['api_key_name']);
-            $api_key_secret = "************" . substr($row['api_key_secret'], -4);
+            $api_key_secret = htmlentities("************" . substr($row['api_key_secret'], -4));
            $api_key_created_at = $row['api_key_created_at'];
            $api_key_expire = $row['api_key_expire'];
            if($api_key_expire < date("Y-m-d H:i:s")){
@@ -65,7 +65,7 @@
              $api_key_client = "<i>All Clients</i>";
            }
            else{
-              $api_key_client = $row['client_name'];
+              $api_key_client = htmlentities($row['client_name']);
            }
          ?>
--- a/settings_defaults.php
+++ b/settings_defaults.php
@@ -20,7 +20,7 @@
            $sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id ORDER BY account_name ASC"); 
            while($row = mysqli_fetch_array($sql)){
              $account_id = $row['account_id'];
-              $account_name = $row['account_name'];
+              $account_name = htmlentities($row['account_name']);
            ?>
              <option <?php if($config_default_transfer_from_account == $account_id){ echo "selected"; } ?> value="<?php echo $account_id; ?>"><?php echo $account_name; ?></option>
@@ -45,7 +45,7 @@
            $sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id ORDER BY account_name ASC"); 
            while($row = mysqli_fetch_array($sql)){
              $account_id = $row['account_id'];
-              $account_name = $row['account_name'];
+              $account_name = htmlentities($row['account_name']);
            ?>
              <option <?php if($config_default_transfer_to_account == $account_id){ echo "selected"; } ?> value="<?php echo $account_id; ?>"><?php echo $account_name; ?></option>
@@ -70,7 +70,7 @@
            $sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id ORDER BY account_name ASC"); 
            while($row = mysqli_fetch_array($sql)){
              $account_id = $row['account_id'];
-              $account_name = $row['account_name'];
+              $account_name = htmlentities($row['account_name']);
            ?>
              <option <?php if($config_default_payment_account == $account_id){ echo "selected"; } ?> value="<?php echo $account_id; ?>"><?php echo $account_name; ?></option>
@@ -95,7 +95,7 @@
            $sql = mysqli_query($mysqli,"SELECT * FROM accounts WHERE company_id = $session_company_id ORDER BY account_name ASC"); 
            while($row = mysqli_fetch_array($sql)){
              $account_id = $row['account_id'];
-              $account_name = $row['account_name'];
+              $account_name = htmlentities($row['account_name']);
            ?>
              <option <?php if($config_default_expense_account == $account_id){ echo "selected"; } ?> value="<?php echo $account_id; ?>"><?php echo $account_name; ?></option>
@@ -119,7 +119,7 @@
            $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method' AND company_id = $session_company_id ORDER BY category_name ASC"); 
            while($row = mysqli_fetch_array($sql)){
-              $payment_method = $row['category_name'];
+              $payment_method = htmlentities($row['category_name']);
            ?>
              <option <?php if($config_default_payment_method == $payment_method){ echo "selected"; } ?>><?php echo $payment_method; ?></option>
@@ -143,7 +143,7 @@
            $sql = mysqli_query($mysqli,"SELECT * FROM categories WHERE category_type = 'Payment Method' AND company_id = $session_company_id ORDER BY category_name ASC"); 
            while($row = mysqli_fetch_array($sql)){
-              $payment_method = $row['category_name'];
+              $payment_method = htmlentities($row['category_name']);
            ?>
              <option <?php if($config_default_expense_payment_method == $payment_method){ echo "selected"; } ?>><?php echo $payment_method; ?></option>
@@ -168,7 +168,7 @@
            $sql = mysqli_query($mysqli,"SELECT * FROM calendars WHERE company_id = $session_company_id ORDER BY calendar_name ASC"); 
            while($row = mysqli_fetch_array($sql)){
              $calendar_id = $row['calendar_id'];
-              $calendar_name = $row['calendar_name'];
+              $calendar_name = htmlentities($row['calendar_name']);
            ?>
              <option <?php if($config_default_calendar == $calendar_id){ echo "selected"; } ?> value="<?php echo $calendar_id; ?>"><?php echo $calendar_name; ?></option>
--- a/Show More
+++ b/Show More