diff --git a/endpoints/categories/category.php b/endpoints/categories/category.php
index 9b47b44..b611949 100644
--- a/endpoints/categories/category.php
+++ b/endpoints/categories/category.php
@@ -1,6 +1,13 @@
 <?php
 require_once '../../includes/connect_endpoint.php';
 session_start();
+function validate($value) {
+    $value = trim($value);
+    $value = stripslashes($value);
+    $value = htmlspecialchars($value);
+    $value = htmlentities($value);
+    return $value;
+}
 if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
     if (isset($_GET['action']) && $_GET['action'] == "add") {
         $categoryName = "Category";
@@ -26,7 +33,7 @@ if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
     } else if (isset($_GET['action']) && $_GET['action'] == "edit") {
         if (isset($_GET['categoryId']) && $_GET['categoryId'] != "" && isset($_GET['name']) && $_GET['name'] != "") {
             $categoryId = $_GET['categoryId'];
-            $name = $_GET['name'];
+            $name = validate($_GET['name']);
             $sql = "UPDATE categories SET name = :name WHERE id = :categoryId";
             $stmt = $db->prepare($sql);
             $stmt->bindParam(':name', $name, SQLITE3_TEXT);
@@ -102,4 +109,4 @@ if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
     echo translate('error', $i18n);
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/endpoints/currency/currency.php b/endpoints/currency/currency.php
index b9aa2e4..f1bba72 100644
--- a/endpoints/currency/currency.php
+++ b/endpoints/currency/currency.php
@@ -1,6 +1,13 @@
 <?php
 require_once '../../includes/connect_endpoint.php';
 session_start();
+function validate($value) {
+    $value = trim($value);
+    $value = stripslashes($value);
+    $value = htmlspecialchars($value);
+    $value = htmlentities($value);
+    return $value;
+}
 if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
     if (isset($_GET['action']) && $_GET['action'] == "add") {
         $currencyName = "Currency";
@@ -24,9 +31,9 @@ if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
     } else if (isset($_GET['action']) && $_GET['action'] == "edit") {
         if (isset($_GET['currencyId']) && $_GET['currencyId'] != "" && isset($_GET['name']) && $_GET['name'] != "" && isset($_GET['symbol']) && $_GET['symbol'] != "") {
             $currencyId = $_GET['currencyId'];
-            $name = $_GET['name'];
-            $symbol = $_GET['symbol'];
-            $code = $_GET['code'];
+            $name = validate($_GET['name']);
+            $symbol = validate($_GET['symbol']);
+            $code = validate($_GET['code']);
             $sql = "UPDATE currencies SET name = :name, symbol = :symbol, code = :code WHERE id = :currencyId";
             $stmt = $db->prepare($sql);
             $stmt->bindParam(':name', $name, SQLITE3_TEXT);
@@ -120,4 +127,4 @@ if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
     echo json_encode($response);
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/endpoints/household/household.php b/endpoints/household/household.php
index b685176..d93e1ca 100644
--- a/endpoints/household/household.php
+++ b/endpoints/household/household.php
@@ -1,6 +1,13 @@
 <?php
 require_once '../../includes/connect_endpoint.php';
 session_start();
+function validate($value) {
+    $value = trim($value);
+    $value = stripslashes($value);
+    $value = htmlspecialchars($value);
+    $value = htmlentities($value);
+    return $value;
+}
 if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
     if (isset($_GET['action']) && $_GET['action'] == "add") {
         $householdName = "Member";
@@ -26,7 +33,7 @@ if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
     } else if (isset($_GET['action']) && $_GET['action'] == "edit") {
         if (isset($_GET['memberId']) && $_GET['memberId'] != "" && isset($_GET['name']) && $_GET['name'] != "") {
             $memberId = $_GET['memberId'];
-            $name = $_GET['name'];
+            $name = validate($_GET['name']);
             $sql = "UPDATE household SET name = :name WHERE id = :memberId";
             $stmt = $db->prepare($sql);
             $stmt->bindParam(':name', $name, SQLITE3_TEXT);
@@ -102,4 +109,4 @@ if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
     echo translate('error', $i18n);
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/endpoints/subscription/add.php b/endpoints/subscription/add.php
index bab1d81..dfa8d3e 100644
--- a/endpoints/subscription/add.php
+++ b/endpoints/subscription/add.php
@@ -9,6 +9,13 @@
         return $filename;
     }
 
+    function validate($value) {
+        $value = trim($value);
+        $value = stripslashes($value);
+        $value = htmlspecialchars($value);
+        $value = htmlentities($value);
+        return $value;
+    }
     function getLogoFromUrl($url, $uploadDir, $name) {
         
         $ch = curl_init($url);
@@ -134,7 +141,7 @@
     if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
         if ($_SERVER["REQUEST_METHOD"] === "POST") {
             $isEdit = isset($_POST['id']) && $_POST['id'] != "";
-            $name = $_POST["name"];
+            $name = validate($_POST["name"]);
             $price = $_POST['price'];
             $currencyId = $_POST["currency_id"];
             $frequency = $_POST["frequency"];
@@ -143,9 +150,9 @@
             $paymentMethodId = $_POST["payment_method_id"];
             $payerUserId = $_POST["payer_user_id"];
             $categoryId = $_POST['category_id'];
-            $notes = $_POST["notes"];
-            $url = $_POST['url'];
-            $logoUrl = $_POST['logo-url'];
+            $notes = validate($_POST["notes"]);
+            $url = validate($_POST['url']);
+            $logoUrl = validate($_POST['logo-url']);
             $logo = "";
             $notify = isset($_POST['notifications']) ? true : false;
 
diff --git a/endpoints/user/save_user.php b/endpoints/user/save_user.php
index 71fd15e..49fc333 100644
--- a/endpoints/user/save_user.php
+++ b/endpoints/user/save_user.php
@@ -2,6 +2,14 @@
     require_once '../../includes/connect_endpoint.php';
     session_start();
 
+    function validate($value) {
+        $value = trim($value);
+        $value = stripslashes($value);
+        $value = htmlspecialchars($value);
+        $value = htmlentities($value);
+        return $value;
+    }
+
     function update_exchange_rate($db) {
         $query = "SELECT api_key FROM fixer";
         $result = $db->query($query);
@@ -72,8 +80,8 @@
 
     if (isset($_SESSION['username']) && isset($_POST['username']) && isset($_POST['email']) && isset($_POST['avatar'])) {
         $oldUsername = $_SESSION['username'];
-        $username = $_POST['username'];
-        $email = $_POST['email'];
+        $username = validate($_POST['username']);
+        $email = validate($_POST['email']);
         $avatar = $_POST['avatar'];
         $main_currency = $_POST['main_currency'];
         $language = $_POST['language'];
diff --git a/registration.php b/registration.php
index e426a33..6efd121 100644
--- a/registration.php
+++ b/registration.php
@@ -8,6 +8,14 @@ require_once 'includes/i18n/' . $lang . '.php';
 
 require_once 'includes/version.php';
 
+function validate($value) {
+    $value = trim($value);
+    $value = stripslashes($value);
+    $value = htmlspecialchars($value);
+    $value = htmlentities($value);
+    return $value;
+}
+
 if ($userCount > 0) {
     header("Location: login.php");
     exit();
@@ -29,8 +37,8 @@ while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
 $passwordMismatch = false;
 $registrationFailed = false;
 if (isset($_POST['username'])) {
-    $username = $_POST['username'];
-    $email = $_POST['email'];
+    $username = validate($_POST['username']);
+    $email = validate($_POST['email']);
     $password = $_POST['password'];
     $confirm_password = $_POST['confirm_password'];
     $main_currency = $_POST['main_currency'];