Escape potential HTML characters in client name

2026-03-03 04:14:54 +00:00 · 2023-01-02 14:41:14 +00:00
parent 447f20c91c
commit dcf0bb67d1
1 changed files with 1 additions and 1 deletions
--- a/api_key_add_modal.php
+++ b/api_key_add_modal.php
@@ -65,7 +65,7 @@ $key = bin2hex(random_bytes(78));
                $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC");
                while($row = mysqli_fetch_array($sql)){
                  $client_id = $row['client_id'];
-                  $client_name = $row['client_name'];
+                  $client_name = htmlentities($row['client_name']);
                  ?>
                  <option value="<?php echo $client_id; ?>"><?php echo "$client_name  (Client ID: $client_id)"; ?></option>