security issues

[andrewreisner]

We should escape input before querying and also before bringing to frontend. Maybe use smarty for a template engine to get rid of frontend problem and mysqli prepared statements for database querying.

[owen2]

probably overkill, but a good idea. I'm assigning this to you. It might be a good idea to wait until after this year so that we don't introduce more bugs right before the big month.