diff --git a/api/chat.php b/api/chat.php
index cbdb4dcff20b17ba247a94115ad83ce25a340ae1..6178bcd95307fb1d53173738031cf9e0b505cecd 100644
--- a/api/chat.php
+++ b/api/chat.php
@@ -3,6 +3,7 @@ include '../includes/common.php';
$mod=$_GET['mod'];
if($_SESSION['islogin']==1){}else exit("");
$ltsid=$_GET['ltsid'];
+$ltsid=intval($ltsid);
$sql="select * from Chat where id = ".$ltsid;
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_assoc($result);
diff --git a/api/chatadmin.php b/api/chatadmin.php
index 5c33b14c3a85f482a87cb33549d98986a2aa397c..0284747f0bd9973239a369ce4c6b8407fce4b553 100644
--- a/api/chatadmin.php
+++ b/api/chatadmin.php
@@ -3,6 +3,7 @@ include '../includes/common.php';
$mod=$_GET['mod'];
if($_SESSION['islogin']==1){}else exit("");
$ltsid=$_GET['ltsid'];
+$ltsid=intval($ltsid);
$id=$_GET['id'];
$id1=$_GET['id1'];
$id2=$_GET['id2'];
diff --git a/api/pwd.php b/api/pwd.php
index f54e1cf72dbfc7417b2217695c0849ed09335d8d..394e35a6f88422cc9b6845dac8682e3d7b893741 100644
--- a/api/pwd.php
+++ b/api/pwd.php
@@ -2,6 +2,7 @@
include '../includes/common.php';
if($_SESSION['islogin']==1){}else exit("");
$ltsid=$_GET['ltsid'];
+$ltsid=intval($ltsid);
$pwd=$_POST['pwd'];
$sql="select * from Chat where id = ".$ltsid;
$result = mysqli_query($conn,$sql);
diff --git a/chat.php b/chat.php
index 796adce7a5f8a231ea0f560fe437ee213fbff8eb..02d47cdd32807d7fda180b0c82a71f7889d25f4c 100644
--- a/chat.php
+++ b/chat.php
@@ -2,6 +2,7 @@
include './includes/common.php';
if($_SESSION['islogin']==1){}else exit("");
$ltsid=$_GET['ltsid'];
+$ltsid=intval($ltsid);
$sql="select * from Chat where id = ".$ltsid;
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_assoc($result);
diff --git a/chatadmin.php b/chatadmin.php
index ca2cf8f1ae039162f3380db2cf9f64cc821444fb..ff43e4aadab12b10b3d7726c3c6218a51d8fa899 100644
--- a/chatadmin.php
+++ b/chatadmin.php
@@ -2,6 +2,7 @@
include './includes/common.php';
if($_SESSION['islogin']==1){}else exit("");
$ltsid=$_GET['ltsid'];
+$ltsid=intval($ltsid);
$sql="select * from Chat where id = ".$ltsid;
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_assoc($result);
diff --git a/includes/common.php b/includes/common.php
index 5d60fadc907d1f066e20afd14d89e366555a57f8..a56e32bf6ead49dcf3358d630aa1ca22ea688ad8 100644
--- a/includes/common.php
+++ b/includes/common.php
@@ -4,6 +4,18 @@ define('SYSTEM_ROOT', dirname(__FILE__).'/');
define('ROOT', dirname(SYSTEM_ROOT).'/');
include_once(SYSTEM_ROOT."function.php");
include_once(SYSTEM_ROOT."version.php");
+function addslashes_deep($value)
+{
+ if (empty($value))
+ return $value;
+ else
+ return is_array($value) ? array_map('addslashes_deep', $value) : addslashes(trim($value));
+}
+
+$_GET = addslashes_deep($_GET);
+$_POST = addslashes_deep($_POST);
+$_COOKIE = addslashes_deep($_COOKIE);
+$_REQUEST = addslashes_deep($_REQUEST);
session_start();
$install=$_GET['install'];
if(file_exists(ROOT.'config.php')){
diff --git a/msg.php b/msg.php
index f48025a4d084f3650d0a93d4a6bb9d861e033833..671ce5e8a0c7fa42e36e2e23d1256aa5a21f6829 100644
--- a/msg.php
+++ b/msg.php
@@ -2,6 +2,7 @@
include './includes/common.php';
if($_SESSION['islogin']==1){}else exit("");
$ltsid=$_GET['ltsid'];
+$ltsid=intval($ltsid);
$pwd=$_GET['pwd'];
$sql="select * from Chat where id = ".$ltsid;
$result = mysqli_query($conn,$sql);
diff --git a/pwd.php b/pwd.php
index 0ed53d83b44ff4c2ec9e56ea57cfed4f51c88c42..a758a081c14d835f67acbeecb7e63b503f1df0a2 100644
--- a/pwd.php
+++ b/pwd.php
@@ -2,6 +2,7 @@
include './includes/common.php';
if($_SESSION['islogin']==1){}else exit("");
$ltsid=$_GET['ltsid'];
+$ltsid=intval($ltsid);
$sql="select * from Chat where id = ".$ltsid;
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_assoc($result);