diff --git a/autoload/front/controls/class.Articles.php b/autoload/front/controls/class.Articles.php
index c8b0c3c..b93b248 100644
--- a/autoload/front/controls/class.Articles.php
+++ b/autoload/front/controls/class.Articles.php
@@ -6,16 +6,16 @@ class Articles
   {
     return \front\factory\Articles::pixieset_save_favorite_images( $hash );
   }
-  
+
   public static function pixieset_image_favorite( $image_id, $hash )
   {
     return \front\factory\Articles::pixieset_image_favorite( $image_id, $hash );
   }
-  
+
   public static function images_download( $hash )
   {
     global $mdb;
-    
+
     $results = $mdb -> query( 'SELECT * FROM ('
                                   . 'SELECT id, MD5( CONCAT( id, date_add ) ) AS hash FROM pp_articles ) AS q1'
                                 . ' WHERE hash = \'' . $hash . '\'' ) -> fetchAll( \PDO::FETCH_ASSOC );
@@ -23,37 +23,37 @@ class Articles
     {
       $zip = new \ZipArchive;
       $tmp_file = 'temp/' . $hash . '.zip';
-      
+
       if ( file_exists( $tmp_file ) )
         return $tmp_file;
-      
-      if ( $zip -> open( $tmp_file, \ZipArchive::CREATE ) ) 
+
+      if ( $zip -> open( $tmp_file, \ZipArchive::CREATE ) )
       {
         $results2 = $mdb -> select( 'pp_articles_images', 'src', [ 'article_id' => $row['id'] ] );
-        if ( is_array( $results2 ) and count( $results2 ) ) foreach ( $results2 as $row2 ) 
+        if ( is_array( $results2 ) and count( $results2 ) ) foreach ( $results2 as $row2 )
         {
           $file = substr( $row2, 1, strlen( $row2 ) );
           $zip -> addFile( $file, basename( $file ) );
         }
-        
+
         $zip -> close();
-        
+
         return $tmp_file;
       }
     }
   }
-  
+
   public static function image()
   {
     global $mdb;
-    
+
     $results = $mdb -> query( 'SELECT * FROM ('
                                   . 'SELECT id, src, MD5( CONCAT( id, src ) ) AS hash FROM pp_articles_images ) AS q1'
                                 . ' WHERE hash = \'' . \S::get( 'hash' ) . '\'' ) -> fetchAll( \PDO::FETCH_ASSOC );
     if ( is_array( $results ) and count( $results ) )
     {
       $file = substr( $results[0]['src'], 1, strlen( $results[0]['src'] ) );
-      
+
       header('Content-Description: File Transfer');
       header('Content-Type: application/octet-stream');
       header('Content-Disposition: attachment; filename="' . basename( $file ) . '"');
@@ -67,7 +67,7 @@ class Articles
     }
     exit;
   }
-  
+
   public static function article_unlock( $password, $article_id )
   {
     if ( $password == \front\factory\Articles::article_password( $article_id ) )
diff --git a/autoload/front/factory/class.GlobelusAdverts.php b/autoload/front/factory/class.GlobelusAdverts.php
index 7a9bc07..a742244 100644
--- a/autoload/front/factory/class.GlobelusAdverts.php
+++ b/autoload/front/factory/class.GlobelusAdverts.php
@@ -300,6 +300,8 @@ class GlobelusAdverts
   {
     global $mdb;
 
+    $advert_id = (int)$advert_id;
+
     $email = $mdb -> get( 'globelus_adverts', 'email', [ 'id' => $advert_id ] );
 
     if ( !$email )
@@ -312,6 +314,17 @@ class GlobelusAdverts
   {
     global $mdb;
 
+    $values['categories']   = array_values(array_unique(array_map('intval', (array)$values['categories'] ?? [])));
+    $values['countries']    = array_values(array_unique(array_map('intval', (array)$values['countries'] ?? [])));
+    $voivodeships           = array_values(array_unique(array_map('intval', (array)$voivodeships ?? [])));
+    $values['work_types']   = array_values(array_unique(array_map('intval', (array)$values['work_types'] ?? [])));
+    $values['work_type']    = (int)($values['work_type'] ?? 0);
+    $values['salary']       = (int)($values['salary'] ?? 0);
+    $values['time']         = (int)($values['time'] ?? 0);
+    $values['sort']         = (int)($values['sort'] ?? 0);
+    $values['start']        = max(0, (int)($values['start'] ?? 0));
+    $values['limit']        = max(1, min(100, (int)($values['limit'] ?? 20)));
+
     if ( is_array( $values['categories'] ) and count( $values['categories'] ) )
       $filtr = 'AND category_id IN (' . implode( ',', $values['categories'] ) . ') ';
 
@@ -453,6 +466,17 @@ class GlobelusAdverts
   {
     global $mdb;
 
+    $values['categories']   = array_values(array_unique(array_map('intval', (array)$values['categories'] ?? [])));
+    $values['countries']    = array_values(array_unique(array_map('intval', (array)$values['countries'] ?? [])));
+    $voivodeships           = array_values(array_unique(array_map('intval', (array)$voivodeships ?? [])));
+    $values['work_types']   = array_values(array_unique(array_map('intval', (array)$values['work_types'] ?? [])));
+    $values['work_type']    = (int)($values['work_type'] ?? 0);
+    $values['salary']       = (int)($values['salary'] ?? 0);
+    $values['time']         = (int)($values['time'] ?? 0);
+    $values['sort']         = (int)($values['sort'] ?? 0);
+    $values['start']        = max(0, (int)($values['start'] ?? 0));
+    $values['limit']        = max(1, min(100, (int)($values['limit'] ?? 20)));
+
     if ( $values['start'] < 1 )
        $values['start'] = 0;
     else
@@ -597,17 +621,20 @@ class GlobelusAdverts
   public static function advert_details( $advert_id )
   {
     global $mdb;
-    return $mdb -> query( 'SELECT '
-                              . 'ga.id, title, ga.user_id, category_id, ga.country_id, ga.city, ga.region, text, contact_person, email, ga.phone, gfd.clauses, '
-                              . 'gac.name AS category_name, gc.name AS country_name, gfd.firm_name_profile, date_add, salary, work_type, without_language, '
-                              . 'without_experience, for_couples, from_now, accommodation, accommodation_cost, overtime, overtime_quantity, travel_refund, outside_ue, without_driving_license, ga.old, ga.visible, id_voivodeship, aplication_link, id_position '
-                            . 'FROM '
-                              . 'globelus_adverts AS ga '
-                              . 'LEFT JOIN globelus_adverts_categories AS gac ON gac.id = ga.category_id '
-                              . 'LEFT JOIN globelus_countries AS gc ON gc.id = ga.country_id '
-                              . 'LEFT JOIN globelus_firms_data AS gfd ON gfd.user_id = ga.user_id '
-                            . 'WHERE '
-                              . 'ga.id = ' . (int)$advert_id ) -> fetch( \PDO::FETCH_ASSOC );
+    $sql = 'SELECT
+                ga.id, title, ga.user_id, category_id, ga.country_id, ga.city, ga.region, text, contact_person, email, ga.phone, gfd.clauses,
+                gac.name AS category_name, gc.name AS country_name, gfd.firm_name_profile, date_add, salary, work_type, without_language,
+                without_experience, for_couples, from_now, accommodation, accommodation_cost, overtime, overtime_quantity, travel_refund,
+                outside_ue, without_driving_license, ga.old, ga.visible, id_voivodeship, aplication_link, id_position
+            FROM globelus_adverts AS ga
+            LEFT JOIN globelus_adverts_categories AS gac ON gac.id = ga.category_id
+            LEFT JOIN globelus_countries AS gc ON gc.id = ga.country_id
+            LEFT JOIN globelus_firms_data AS gfd ON gfd.user_id = ga.user_id
+            WHERE ga.id = :advert_id';
+
+    return $mdb -> query( $sql, [
+        ':advert_id' => (int)$advert_id,
+    ] ) -> fetch( \PDO::FETCH_ASSOC );
   }
 
   public static function categories( $user_categories = '' )