diff --git a/includes/insert_event.php b/includes/insert_event.php
index 94b331d..8b5b022 100644
--- a/includes/insert_event.php
+++ b/includes/insert_event.php
@@ -4,12 +4,13 @@ $conn = mysqli_connect($servername, $username, $password, $db);
$unit = mysqli_real_escape_string($conn, $_POST['unit']);
$start_date_time = mysqli_real_escape_string($conn, $_POST['start_date_time']);
-$description = $_POST['description'];
+$description = mysqli_real_escape_string($conn, $_POST['description']);
$is_ongoing = mysqli_real_escape_string($conn, $_POST['is_ongoing']);
$end_date_time = mysqli_real_escape_string($conn, $_POST['end_date_time']);
$alert = mysqli_real_escape_string($conn, $_POST['alert']);
$user = mysqli_real_escape_string($conn, $_POST['user']);
+$description_for_email = nl2br($_POST['description']);
//Insert event to events table
$event = "INSERT INTO events (unit_id, date_time_start, description, is_ongoing, date_time_end, alert_id, user) VALUES ('$unit','$start_date_time', '$description', '$is_ongoing', '$end_date_time', '$alert', '$user')";
@@ -34,8 +35,29 @@ if($result){
//Set Email Info
$to = "TO-EMAIL@DOMAIN.COM";
$subject = "New BMS Alert: ".$unitname." ".$alertname."";
- $headers = "From: FROM-EMAIL@DOMAIN.COM";
- $message = "BMS Unit: ".$unitname." \n Type of Alert: ".$alertname." \n Start Date / Time: ".$start_date_time." \n End Date / Time: ".$end_date_time." \n Description: ".$description." \n Created by: ".$user." \n Event Link: https://DOMAIN.com/bms/viewevent.php?eventid=$event_id \n \n This message generated by https://DOMAIN.com/bms";
+ $headers = "MIME-Version: 1.0" . "\r\n";
+ $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
+ $headers .= "From: FROM-EMAIL@DOMAIN.COM";
+ $message = "
+
+
+ BMS Unit: ".$unitname."
+
+ Type of Alert: ".$alertname."
+
+ Start Date / Time: ".$start_date_time."
+
+ End Date / Time: ".$end_date_time."
+
+ Description: ".$description_for_email."
+
+ Created by: ".$user."
+
+ Event Link: https://DOMAIN.COM/bms/viewevent.php?eventid=$event_id
+
+ This message generated by https://DOMAIN.COM/bms
+
+ ";
//WordWrap the message
$message_wrapped = wordwrap($message, 70, "\n", true);
//Send the email
diff --git a/includes/update_event.php b/includes/update_event.php
index dbb91e7..500a83d 100644
--- a/includes/update_event.php
+++ b/includes/update_event.php
@@ -3,11 +3,12 @@
$conn = mysqli_connect($servername, $username, $password, $db);
$event_id = mysqli_real_escape_string($conn, $_POST['event']);
-$description = $_POST['description'];
+$description = mysqli_real_escape_string($conn, $_POST['description']);
$is_ongoing = mysqli_real_escape_string($conn, $_POST['is_ongoing']);
$end_date_time = mysqli_real_escape_string($conn, $_POST['end_date_time']);
$user = mysqli_real_escape_string($conn, $_POST['user']);
+$description_for_email = nl2br($_POST['description']);
//Insert event to events table
$event = "UPDATE events SET description='$description', is_ongoing='$is_ongoing', date_time_end='$end_date_time', user='$user' WHERE event_id='$event_id'";
@@ -36,8 +37,29 @@ if($result){
//Set Email Info
$to = "TO-EMAIL@DOMAIN.COM";
$subject = "Updated BMS Alert: ".$unitname." ".$alertname."";
- $headers = "From: FROM-EMAIL@DOMAIN.COM";
- $message = "BMS Unit: ".$unitname." \n Type of Alert: ".$alertname." \n Start Date / Time: ".$start_date_time." \n End Date / Time: ".$end_date_time." \n Description: ".$description." \n Updated by: ".$user." \n Event Link: https://DOMAIN.com/bms/viewevent.php?eventid=$event_id \n \n This message generated by https://DOMAIN.com/bms";
+ $headers = "MIME-Version: 1.0" . "\r\n";
+ $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
+ $headers .= "From: FROM-EMAIL@DOMAIN.COM";
+ $message = "
+
+
+ BMS Unit: ".$unitname."
+
+ Type of Alert: ".$alertname."
+
+ Start Date / Time: ".$start_date_time."
+
+ End Date / Time: ".$end_date_time."
+
+ Description: ".$description_for_email."
+
+ Updated by: ".$user."
+
+ Event Link: https://DOMAIN.com/bms/viewevent.php?eventid=$event_id
+
+ This message generated by https://DOMAIN.com/bms
+
+ ";
//WordWrap the message
$message_wrapped = wordwrap($message, 70, "\n", true);
//Send the email