FOR SQL INJECTION PROTECTION, ADD THIS CODE BELOW IN THE CONFIG.PHP
$xa = getenv('REMOTE_ADDR');
$badwords = array(";","'","\"","*","union","del","DEL","insert","update",
" =","drop","sele","$");
foreach($_POST as $value)
foreach($badwords as $word)
if(substr_count($value, $word) > 0)...