Security Added some mysql escapes to some get vars in api and guest view invoice and quote

api.php

@@ -3,7 +3,7 @@
 <?php
 //Check Key 
 if(isset($_GET['api_key'])){
-    $config_api_key = $_GET['api_key'];
+    $config_api_key = mysqli_real_escape_string($mysqli,$_GET['api_key']);
 
     $sql = mysqli_query($mysqli,"SELECT * FROM settings, companies WHERE settings.company_id = companies.company_id AND settings.config_api_key = '$config_api_key'");
 

guest_view_invoice.php

@@ -4,7 +4,7 @@
 
 if(isset($_GET['invoice_id'], $_GET['url_key'])){
 
-  $url_key = $_GET['url_key'];
+  $url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']);
   $invoice_id = intval($_GET['invoice_id']);
 
   $sql = mysqli_query($mysqli,"SELECT * FROM invoices, clients

guest_view_quote.php

@@ -4,7 +4,7 @@
 
 if(isset($_GET['quote_id'], $_GET['url_key'])){
 
-  $url_key = $_GET['url_key'];
+  $url_key = mysqli_real_escape_string($mysqli,$_GET['url_key']);
   $quote_id = intval($_GET['quote_id']);
 
   $sql = mysqli_query($mysqli,"SELECT * FROM quotes, clients