- move file path sanitizing to endpoint main function
- use single quotes where possible - explicitly initialize mysql bind variables - change the sync_command() to one file per call - sanitize inputs for export_result endpoint - add JSON decode error handling