SQL Injection

[cridenour]

There is no real sanitization happening in your DB calls. The frontend is great but I almost feel the need to scrap your backend entirely. When I tried to run an event import, it corrupted the entire site because one of the events had a apostrophe.

We're likely going to integrate the front end into an existing site so we won't use PHP, but if we do, I'll try and submit a pull request fixing these issues.

[abenzer]

Actually I'm doing some basic sanitizing using parseInput() in add.php. I'll move that to header.php and use it in events_get.php on the next push.

But do let me know if you have any suggestions on improving parseInput()