From e3800e295db14dca39956b28352099a6f52d7f04 Mon Sep 17 00:00:00 2001
From: "johnny@pittpc.com" <admin@app.pittpc.com>
Date: Wed, 18 Sep 2019 18:13:14 -0400
Subject: [PATCH] Mysql escaped notes and itew name and descriptions when you
 copy an invoice to a recurring invoice as well as fix the cron.php when it
 converts Recurring into regular invoices

---
 client_tickets.php | 4 ++--
 cron.php           | 8 ++++----
 post.php           | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/client_tickets.php b/client_tickets.php
index a9b7c5df..f892a590 100644
--- a/client_tickets.php
+++ b/client_tickets.php
@@ -35,8 +35,8 @@ if(isset($_GET['o'])){
     $disp = "ASC";
   }
 }else{
-  $o = "ASC";
-  $disp = "DESC";
+  $o = "DESC";
+  $disp = "ASC";
 }
 
 $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM tickets 
diff --git a/cron.php b/cron.php
index de9f76a9..f753dd66 100644
--- a/cron.php
+++ b/cron.php
@@ -130,10 +130,10 @@ while($row = mysqli_fetch_array($sql_companies)){
       $recurring_last_sent = $row['recurring_last_sent'];
       $recurring_next_date = $row['recurring_next_date'];
       $recurring_amount = $row['recurring_amount'];
-      $recurring_note = $row['recurring_note'];
+      $recurring_note = mysqli_real_escape_string($mysqli,$row['recurring_note']); //Escape SQL
       $category_id = $row['category_id'];
       $client_id = $row['client_id'];
-      $client_name = $row['client_name'];
+      $client_name = mysqli_real_escape_string($mysqli,$row['client_name']); //Escape SQL just in case a name is like Safran's etc
       $client_net_terms = $row['client_net_terms'];
 
       //Get the last Invoice Number and add 1 for the new invoice number
@@ -153,8 +153,8 @@ while($row = mysqli_fetch_array($sql_companies)){
 
       while($row = mysqli_fetch_array($sql_invoice_items)){
         $item_id = $row['item_id'];
-        $item_name = $row['item_name'];
-        $item_description = $row['item_description'];
+        $item_name = mysqli_real_escape_string($mysqli,$row['item_name']); //SQL Escape incase of ,
+        $item_description = mysqli_real_escape_string($mysqli,$row['item_description']); //SQL Escape incase of ,
         $item_quantity = $row['item_quantity'];
         $item_price = $row['item_price'];
         $item_subtotal = $row['item_price'];
diff --git a/post.php b/post.php
index 9cab6d42..46bc769e 100644
--- a/post.php
+++ b/post.php
@@ -1348,7 +1348,7 @@ if(isset($_POST['add_invoice_recurring'])){
     $row = mysqli_fetch_array($sql);
     $invoice_date = $row['invoice_date'];
     $invoice_amount = $row['invoice_amount'];
-    $invoice_note = $row['invoice_note'];
+    $invoice_note = mysqli_real_escape_string($mysqli,$row['invoice_note']); //SQL Escape in case notes have , them
     $client_id = $row['client_id'];
     $category_id = $row['category_id'];