diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000..5008ddf
Binary files /dev/null and b/.DS_Store differ
diff --git a/.gitignore b/.gitignore
index cba1984..a7b0538 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,7 @@
 package-lock.json
 .VSCodeCounter/
 
+
 # Custom folders
 # gifs/*
 # pastas/*
@@ -80,6 +81,8 @@ typings/
 # dotenv environment variables file
 .env
 .env.test
+.env.dev
+.env.prod
 
 # parcel-bundler cache (https://parceljs.org/)
 .cache
diff --git a/functions.js b/functions.js
index 7566a0b..0b89e2e 100644
--- a/functions.js
+++ b/functions.js
@@ -336,28 +336,28 @@ const functions = {
 	},
 	upload: {
 		request(commandData, client) {
-			const query = `INSERT INTO requests (author, request, status) VALUES ('${commandData.author}','${commandData.args}','Active')`;
+			const query = `INSERT INTO requests (author, request, status) VALUES ('${db.escape(commandData.author)}','${db.escape(commandData.args)}','Active')`;
 			db.query(query, (err, rows, fields) => {
 				if (err) throw err;
 				functions.download.requests(client);
 			});
 		},
 		pasta(pastaData, client) {
-			const query = `INSERT INTO pastas (name, content) VALUES ('${pastaData.name}','${pastaData.content}')`;
+			const query = `INSERT INTO pastas (name, content) VALUES ('${db.escape(pastaData.name)}','${db.escape(pastaData.content)}')`;
 			db.query(query, (err, rows, fields) => {
 				if (err) throw err;
 				functions.download.pastas(client);
 			});
 		},
 		joint(content, client) {
-			const query = `INSERT INTO joints (content) VALUES ('${content}')`;
+			const query = `INSERT INTO joints (content) VALUES ('${db.escape(content)}')`;
 			db.query(query, (err, rows, fields) => {
 				if (err) throw err;
 				functions.download.joints(client);
 			});
 		},
 		gif(gifData, client) {
-			const query = `INSERT INTO gifs (name, embed_url) VALUES ('${gifData.name}', '${gifData.embed_url}')`;
+			const query = `INSERT INTO gifs (name, embed_url) VALUES ('${db.escape(gifData.name)}', '${db.escape(gifData.embed_url)}')`;
 			db.query(query, (err, rows, fields) => {
 				if (err) throw err;
 				functions.download.gifs(client);
@@ -395,7 +395,7 @@ const functions = {
 		},
 		strain(commandData, message) {
 			const { strainName } = commandData;
-			const query = `SELECT id, name, type, effects, ailment, flavor FROM strains WHERE name = '${strainName}'`;
+			const query = `SELECT id, name, type, effects, ailment, flavor FROM strains WHERE name = '${db.escape(strainName)}'`;
 			db.query(query, (err, rows, fields) => {
 				if (rows != undefined) {
 					commandData.strainInfo = {
@@ -436,7 +436,7 @@ const functions = {
 	},
 	// Parent-Level functions (miscellaneuous)
 	closeRequest(requestId, client) {
-		const query = `UPDATE requests SET status = 'Closed' WHERE id = ${requestId}`;
+		const query = `UPDATE requests SET status = 'Closed' WHERE id = ${db.escape(requestId)}`;
 		db.query(query, (err, rows, fields) => {
 			if (err) throw err;
 			functions.download.requests(client);