diff --git a/modules/billing/create_servers.php b/modules/billing/create_servers.php
index 3efff784..0e3a9ad9 100644
--- a/modules/billing/create_servers.php
+++ b/modules/billing/create_servers.php
@@ -303,7 +303,11 @@ function exec_ogp_module()
 				}
 			else{
 			//this is a renewel, start from end of previous order
-				$end_date = strtotime('+'.$order['qty'].' day',strtotime($order['end_date'])); 		
+				$current_end = strtotime($order['end_date']);
+				if ($current_end === false) {
+					$current_end = time(); // fallback to now if date is invalid
+				}
+				$end_date = strtotime('+'.$order['qty'].' day', $current_end); 		
 				}	
 				
 			}
@@ -316,7 +320,11 @@ function exec_ogp_module()
 				}
 			else{
 			//this is a renewel, start from end of previous order
-                $end_date = strtotime('+'.$order['qty'].' month',strtotime($order['end_date'])); 
+				$current_end = strtotime($order['end_date']);
+				if ($current_end === false) {
+					$current_end = time(); // fallback to now if date is invalid
+				}
+                $end_date = strtotime('+'.$order['qty'].' month', $current_end); 
 				}	
 			}
 			elseif ($order['invoice_duration'] == "year")
@@ -327,7 +335,11 @@ function exec_ogp_module()
 				}
 			else{
 			//this is a renewel, start from end of previous order
-                $end_date = strtotime('+'.$order['qty'].' year',strtotime($order['end_date'])); 
+				$current_end = strtotime($order['end_date']);
+				if ($current_end === false) {
+					$current_end = time(); // fallback to now if date is invalid
+				}
+                $end_date = strtotime('+'.$order['qty'].' year', $current_end); 
 				
 				}	
 				
diff --git a/modules/billing/renew_server.php b/modules/billing/renew_server.php
index cad4cdd7..ac10eb4c 100644
--- a/modules/billing/renew_server.php
+++ b/modules/billing/renew_server.php
@@ -128,11 +128,11 @@ if ($service_stmt) {
 // Create invoice for renewal
 $qty = 1;
 $price_formatted = number_format($price_val, 2, '.', '');
-$home_name = mysqli_real_escape_string($db, $order['home_name'] ?? 'Server Renewal');
+$home_name = $order['home_name'] ?? 'Server Renewal';
 $ip = intval($order['ip'] ?? 0);
 $max_players = intval($order['max_players'] ?? 0);
-$rcon_pw = mysqli_real_escape_string($db, $order['remote_control_password'] ?? '');
-$ftp_pw = mysqli_real_escape_string($db, $order['ftp_password'] ?? '');
+$rcon_pw = $order['remote_control_password'] ?? '';
+$ftp_pw = $order['ftp_password'] ?? '';
 $description = "Renewal: " . $service_name . " - " . $home_name . " (" . $duration . ")";
 $now = date('Y-m-d H:i:s');
 $due_date = date('Y-m-d H:i:s', strtotime('+7 days')); // Due in 7 days