From fcdeee63214182c53d173a143489c0fc5bcb89bc Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Mon, 2 Jan 2023 15:06:51 +0000
Subject: [PATCH] SQL Escape client name field to prevent potentially breaking
 SQL queries

---
 cron.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cron.php b/cron.php
index a5aba64f..a83ec512 100644
--- a/cron.php
+++ b/cron.php
@@ -225,7 +225,7 @@ while($row = mysqli_fetch_array($sql_companies)){
         $invoice_amount = $row['invoice_amount'];
         $invoice_currency_code = $row['invoice_currency_code'];
         $client_id = $row['client_id'];
-        $client_name = $row['client_name'];
+        $client_name = mysqli_real_escape_string($mysqli,$row['client_name']);
         $contact_name = $row['contact_name'];
         $contact_email = $row['contact_email'];