htmlspecialchars is called on strings before inserting into the database

[pchote]

OpenRAMasterServer/ping.php

Lines 34 to 39 in 14c6266

	switch ($type)
	{
	case PDO::PARAM_INT: $value = intval($value); break;
	case PDO::PARAM_BOOL: $value = intval(filter_var($value, FILTER_VALIDATE_BOOLEAN)); break;
	case PDO::PARAM_STR: $value = htmlspecialchars($value); break;
	}

There is no need to encode data that will be returned as yaml, and possibly likewise for JSON (I'd expect that to have its own sanitize function that could be done on display). We probably want to remove this to avoid issues like: