diff --git a/.gitignore b/.gitignore
index eff3ba3..ad44dd1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,3 +22,4 @@
 *.swp
 .DS_Store
 locales/po/*.mo
+.omc/
diff --git a/includes/arrays.php b/includes/arrays.php
index 46bc50a..32c4681 100644
--- a/includes/arrays.php
+++ b/includes/arrays.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
@@ -73,7 +75,7 @@
 	'mqtt_mqtt'       => __('MQTT plaintext, default port 1883', 'servcheck'),
 );
 
-$service_types_ports = array(
+$service_types_ports = [
 
 	'web_http'        => 80,
 	'web_https'       => 443,
@@ -106,7 +108,7 @@
 
 //	'telnet_telnet'   => 23,
 	'mqtt_mqtt'       => 1883,
-);
+];
 
 
 $graph_interval = array (
@@ -186,10 +188,10 @@
 	10 => __('%d Seconds', 10, 'servcheck'),
 );
 
-$servcheck_notify_formats = array(
+$servcheck_notify_formats = [
 	SERVCHECK_FORMAT_HTML  => 'html',
 	SERVCHECK_FORMAT_PLAIN => 'plain',
-);
+];
 
 if (db_table_exists('plugin_servcheck_contacts')) {
 	$servcheck_contact_users = db_fetch_assoc("SELECT pwc.id, pwc.data, pwc.type, ua.full_name
@@ -198,10 +200,10 @@
 		ON ua.id=pwc.user_id
 		WHERE pwc.data != ''");
 } else {
-	$servcheck_contact_users = array();
+	$servcheck_contact_users = [];
 }
 
-$servcheck_notify_accounts = array();
+$servcheck_notify_accounts = [];
 if (!empty($servcheck_contact_users)) {
 	foreach ($servcheck_contact_users as $servcheck_contact_user) {
 		$servcheck_notify_accounts[$servcheck_contact_user['id']] = $servcheck_contact_user['full_name'] . ' - ' . ucfirst($servcheck_contact_user['type']);
@@ -298,14 +300,14 @@
 		'size' => '40',
 		'default' => ''
 	),
-	'id' => array(
+	'id' => [
 		'method' => 'hidden_zero',
 		'value' => '|arg1:id|'
-	),
-	'save_component_proxy' => array(
+	],
+	'save_component_proxy' => [
 		'method' => 'hidden',
 		'value' => '1'
-	)
+	]
 );
 
 $servcheck_test_fields = array(
@@ -542,10 +544,10 @@
 		'max_length' => '20',
 		'value' => '|arg1:external_id|',
 	),
-	'id' => array(
+	'id' => [
 		'method' => 'hidden_zero',
 		'value' => '|arg1:id|'
-	),
+	],
 );
 
 $curl_error = array(
diff --git a/includes/constants.php b/includes/constants.php
index 8fb7c04..32a5772 100644
--- a/includes/constants.php
+++ b/includes/constants.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
diff --git a/includes/functions.php b/includes/functions.php
index 236043c..7107d99 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
@@ -65,7 +67,7 @@ function servcheck_show_tab($current_tab) {
 function plugin_servcheck_remove_old_users () {
 	$users = db_fetch_assoc('SELECT id FROM user_auth');
 
-	$u = array();
+	$u = [];
 
 	foreach ($users as $user) {
 		$u[] = $user['id'];
@@ -75,7 +77,7 @@ function plugin_servcheck_remove_old_users () {
 
 	foreach ($contacts as $c) {
 		if (!in_array($c['user_id'], $u)) {
-			db_execute_prepared('DELETE FROM plugin_servcheck_contacts WHERE user_id = ?', array($c['user_id']));
+			db_execute_prepared('DELETE FROM plugin_servcheck_contacts WHERE user_id = ?', [$c['user_id']]);
 		}
 	}
 }
@@ -124,7 +126,7 @@ function plugin_servcheck_graph ($id, $interval) {
 		FROM plugin_servcheck_log
 		WHERE test_id = ? AND
 		lastcheck > DATE_SUB(NOW(), INTERVAL ? HOUR)
-		ORDER BY id", array($id, $interval));
+		ORDER BY id", [$id, $interval]);
 
 	if (cacti_sizeof($result) < 5) {
 		print __('No data', 'servcheck');
@@ -144,44 +146,44 @@ function plugin_servcheck_graph ($id, $interval) {
 	// Start chart attributes
 	$chart = array(
 		'bindto' => "#line_$xid",
-		'size' => array(
+		'size' => [
 			'height' => 300,
 			'width'=> 600
-		),
-		'point' => array (
+		],
+		'point' => [
 			'r' => 1.5
-		),
-		'data' => array(
+		],
+		'data' => [
 			'type' => 'area',
 			'x' => 'x',
 			'xFormat' => '%Y-%m-%d %H:%M:%S' // rikam mu, jaky je format te timeserie
-		)
+		]
 	);
 
-	$columns = array();
-	$axis = array();
-	$axes = array();
+	$columns = [];
+	$axis = [];
+	$axes = [];
 
 	// Add the X Axis first
-	$columns[] = array_merge(array('x'), $lastcheck);
-	$columns[] = array_merge(array('Total'), $total_time);
-	$columns[] = array_merge(array('Connect'), $connect_time);
-	$columns[] = array_merge(array('DNS '), $namelookup_time);
+	$columns[] = array_merge(['x'], $lastcheck);
+	$columns[] = array_merge(['Total'], $total_time);
+	$columns[] = array_merge(['Connect'], $connect_time);
+	$columns[] = array_merge(['DNS '], $namelookup_time);
 
 	// Setup the Axis
 	$axis['x'] = array(
 		'type' => 'timeseries',
 		'tick' => array(
 			'format'=> '%m-%d %H:%M',
-			'culling' => array('max' => 6),
+			'culling' => ['max' => 6],
 		)
 	);
 
 	$axis['y'] = array(
 		'tick' => array(
-			'label' => array(
+			'label' => [
 				'text' => 'Response in ms',
-			),
+			],
 			'show' => true
 		)
 	);
diff --git a/includes/index.php b/includes/index.php
index 41ba701..a9d6c1e 100644
--- a/includes/index.php
+++ b/includes/index.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
diff --git a/includes/mxlookup.php b/includes/mxlookup.php
index 997dcc3..939d1db 100644
--- a/includes/mxlookup.php
+++ b/includes/mxlookup.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
@@ -28,7 +30,7 @@ class mxlookup {
 	var $dns_packet = NULL;
 	var $ANCOUNT    = 0;
 	var $cIx        = 0;
-	var $arrMX      = array();
+	var $arrMX      = [];
 	var $dns_repl_domain;
 	var $dns_reply  = '';
 
@@ -68,7 +70,7 @@ function __construct($domain, $dns = '4.2.2.1') {
 
 			//$mxPref = ord($this->gdi($this->cIx));
 			//$this->parse_data($curmx);
-			//$this->arrMX[] = array('MX_Pref' => $mxPref, 'MX' => $curmx);
+			//$this->arrMX[] = ['MX_Pref' => $mxPref, 'MX' => $curmx];
 			//$this->cIx += 3;
 		}
 	}
@@ -78,7 +80,7 @@ function __destruct() {
 	}
 
 	function parse_data(&$retval) {
-		$arName = array();
+		$arName = [];
 		$byte   = ord($this->gdi($this->cIx));
 
 		while($byte !== 0) {
diff --git a/includes/tests.php b/includes/tests.php
index 6ebff6d..0d9b1fa 100644
--- a/includes/tests.php
+++ b/includes/tests.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
@@ -28,7 +30,7 @@
 function curl_try ($test) {
 	global $user_agent, $config, $ca_info, $service_types_ports;
 
-	$cert_info = array();
+	$cert_info = [];
 
 	// default result
 	$results['result'] = 'ok';
@@ -36,7 +38,7 @@ function curl_try ($test) {
 	$results['error'] = '';
 	$results['result_search'] = 'not tested';
 
-	$options = array(
+	$options = [
 		CURLOPT_HEADER         => true,
 		CURLOPT_USERAGENT      => $user_agent,
 		CURLOPT_RETURNTRANSFER => true,
@@ -44,7 +46,7 @@ function curl_try ($test) {
 		CURLOPT_MAXREDIRS      => 4,
 		CURLOPT_TIMEOUT        => $test['timeout_trigger'],
 		CURLOPT_CAINFO         => $ca_info,
-	);
+	];
 
 	if (($test['type'] == 'web_http' || $test['type'] == 'web_https') && empty($test['path'])) {
 		cacti_log('Empty path, nothing to test');
@@ -116,7 +118,7 @@ function curl_try ($test) {
 		plugin_servcheck_debug('Preparing own CA chain file ' . $ca_info , $test);
 
 		$cert = db_fetch_cell_prepared('SELECT cert FROM plugin_servcheck_ca WHERE id = ?',
-			array($test['ca']));
+			[$test['ca']]);
 
 		$cert_file = fopen($ca_info, 'a');
 		if ($cert_file) {
@@ -139,7 +141,7 @@ function curl_try ($test) {
 			$proxy = db_fetch_row_prepared('SELECT *
 				FROM plugin_servcheck_proxies
 				WHERE id = ?',
-				array($test['proxy_server']));
+				[$test['proxy_server']]);
 
 			if (cacti_sizeof($proxy)) {
 				$options[CURLOPT_PROXY] = $proxy['hostname'];
@@ -190,12 +192,12 @@ function curl_try ($test) {
 
 	plugin_servcheck_debug('cURL options: ' . clean_up_lines(var_export($options, true)));
 
-	curl_setopt_array($process,$options);
+	curl_setopt_array($process, $options);
 
 	plugin_servcheck_debug('Executing curl request', $test);
 
 	$data = curl_exec($process);
-	$data = str_replace(array("'", "\\"), array(''), $data);
+	$data = str_replace(["'", "\\"], [''], $data);
 	$results['data'] = $data;
 
 	// Get information regarding a specific transfer, cert info too
@@ -208,7 +210,7 @@ function curl_try ($test) {
 	plugin_servcheck_debug('Data: ' . clean_up_lines(var_export($data, true)));
 
 	if ($results['curl_return'] > 0) {
-		$results['error'] =  str_replace(array('"', "'"), '', (curl_error($process)));
+		$results['error'] =  str_replace(['"', "'"], '', (curl_error($process)));
 	}
 
 	if ($test['ca'] > 0) {
@@ -419,14 +421,14 @@ function mqtt_try ($test) {
 
 	plugin_servcheck_debug('cURL options: ' . clean_up_lines(var_export($options, true)));
 
-	curl_setopt_array($process,$options);
+	curl_setopt_array($process, $options);
 
 	plugin_servcheck_debug('Executing curl request', $test);
 
 	curl_exec($process);
 	$x = fclose($file);
 
-	$data = str_replace(array("'", "\\"), array(''), file_get_contents($filename));
+	$data = str_replace(["'", "\\"], [''], file_get_contents($filename));
 	$results['data'] = $data;
 
 	// Get information regarding a specific transfer
@@ -442,7 +444,7 @@ function mqtt_try ($test) {
 	if ($results['curl_return'] == 42) {
 		$results['curl_return'] = 0;
 	} elseif ($results['curl_return'] > 0) {
-		$results['error'] =  str_replace(array('"', "'"), '', (curl_error($process)));
+		$results['error'] =  str_replace(['"', "'"], '', (curl_error($process)));
 	}
 
 	curl_close($process);
@@ -506,7 +508,7 @@ function mqtt_try ($test) {
 function doh_try ($test) {
 	global $user_agent, $config, $ca_info, $service_types_ports;
 
-	$cert_info = array();
+	$cert_info = [];
 
 	// default result
 	$results['result'] = 'ok';
@@ -514,7 +516,7 @@ function doh_try ($test) {
 	$results['error'] = '';
 	$results['result_search'] = 'not tested';
 
-	$options = array(
+	$options = [
 		CURLOPT_HEADER         => true,
 		CURLOPT_USERAGENT      => $user_agent,
 		CURLOPT_RETURNTRANSFER => true,
@@ -522,7 +524,7 @@ function doh_try ($test) {
 		CURLOPT_MAXREDIRS      => 4,
 		CURLOPT_TIMEOUT        => $test['timeout_trigger'],
 		CURLOPT_CAINFO         => $ca_info,
-	);
+	];
 
 	if (empty($test['hostname']) || empty($test['dns_query'])) {
 		cacti_log('Empty hsotname or dns_query, nothing to test');
@@ -548,7 +550,7 @@ function doh_try ($test) {
 		plugin_servcheck_debug('Preparing own CA chain file ' . $ca_info , $test);
 
 		$cert = db_fetch_cell_prepared('SELECT cert FROM plugin_servcheck_ca WHERE id = ?',
-			array($test['ca']));
+			[$test['ca']]);
 
 		$cert_file = fopen($ca_info, 'a');
 		if ($cert_file) {
@@ -577,12 +579,12 @@ function doh_try ($test) {
 
 	plugin_servcheck_debug('cURL options: ' . clean_up_lines(var_export($options, true)));
 
-	curl_setopt_array($process,$options);
+	curl_setopt_array($process, $options);
 
 	plugin_servcheck_debug('Executing curl request', $test);
 
 	$data = curl_exec($process);
-	$data = str_replace(array("'", "\\"), array(''), $data);
+	$data = str_replace(["'", "\\"], [''], $data);
 	$results['data'] = $data;
 
 	// Get information regarding a specific transfer, cert info too
@@ -595,7 +597,7 @@ function doh_try ($test) {
 	plugin_servcheck_debug('Data: ' . clean_up_lines(var_export($data, true)));
 
 	if ($results['curl_return'] > 0) {
-		$results['error'] =  str_replace(array('"', "'"), '', (curl_error($process)));
+		$results['error'] =  str_replace(['"', "'"], '', (curl_error($process)));
 	}
 
 	if ($test['ca'] > 0) {
diff --git a/index.php b/index.php
index 41ba701..a9d6c1e 100644
--- a/index.php
+++ b/index.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
diff --git a/locales/LC_MESSAGES/index.php b/locales/LC_MESSAGES/index.php
index 41ba701..a9d6c1e 100644
--- a/locales/LC_MESSAGES/index.php
+++ b/locales/LC_MESSAGES/index.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
diff --git a/locales/index.php b/locales/index.php
index 41ba701..a9d6c1e 100644
--- a/locales/index.php
+++ b/locales/index.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
diff --git a/locales/po/index.php b/locales/po/index.php
index 41ba701..a9d6c1e 100644
--- a/locales/po/index.php
+++ b/locales/po/index.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
diff --git a/poller_servcheck.php b/poller_servcheck.php
index 8d18782..0320d4f 100644
--- a/poller_servcheck.php
+++ b/poller_servcheck.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
@@ -105,7 +107,7 @@
 if ($poller_id == 1) {
 	db_execute_prepared('DELETE FROM plugin_servcheck_log
 		WHERE lastcheck < FROM_UNIXTIME(?)',
-		array($t));
+		[$t]);
 
 	db_execute_prepared('DELETE FROM plugin_servcheck_processes
 		WHERE time < FROM_UNIXTIME(?)',
@@ -116,7 +118,7 @@
 	FROM plugin_servcheck_test
 	WHERE enabled = "on"
 	AND poller_id = ? ' . $test_cond,
-	array($poller_id));
+	[$poller_id]);
 
 $max_processes = 12;
 
@@ -125,7 +127,7 @@
 		$running_processes = db_fetch_cell_prepared('SELECT COUNT(id)
 			FROM plugin_servcheck_processes
 			WHERE poller_id = ?',
-			array($poller_id));
+			[$poller_id]);
 
 		if ($max_processes - $running_processes > 0) {
 			plugin_servcheck_debug('Launching Service Check ' . $test['display_name'], $test);
@@ -155,7 +157,7 @@
 	$running = db_fetch_cell_prepared('SELECT COUNT(*)
 		FROM plugin_servcheck_processes
 		WHERE poller_id = ?',
-		array($poller_id));
+		[$poller_id]);
 
 	if ($running == 0) {
 		break;
@@ -175,7 +177,7 @@
 		FROM plugin_servcheck_log
 		WHERE test_id = ?
 		ORDER BY id DESC LIMIT 1',
-		array($test['id']));
+		[$test['id']]);
 
 	if ($test_last['result'] == 'ok' || $test_last['result'] == 'not yet') {
 		$stat_ok++;
diff --git a/servcheck_ca.php b/servcheck_ca.php
index 65b119a..a7c6ddf 100644
--- a/servcheck_ca.php
+++ b/servcheck_ca.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
@@ -77,7 +79,7 @@ function ca_form_actions() {
 
 	/* setup some variables */
 	$ca_list  = '';
-	$ca_array = array();
+	$ca_array = [];
 
 	/* loop through each of the graphs selected on the previous page and get more info about them */
 	foreach ($_POST as $var => $val) {
@@ -86,7 +88,7 @@ function ca_form_actions() {
 			input_validate_input_number($matches[1]);
 			/* ==================================================== */
 
-			$ca_list .= '<li>' . db_fetch_cell_prepared('SELECT name FROM plugin_servcheck_ca WHERE id = ?', array($matches[1])) . '</li>';
+			$ca_list .= '<li>' . db_fetch_cell_prepared('SELECT name FROM plugin_servcheck_ca WHERE id = ?', [$matches[1]]) . '</li>';
 			$ca_array[] = $matches[1];
 		}
 	}
@@ -176,8 +178,8 @@ function ca_edit() {
 
 	draw_edit_form(
 		array(
-			'config' => array('no_form_tag' => true),
-			'fields' => inject_form_variables($servcheck_ca_fields, (isset($ca) ? $ca : array()))
+			'config' => ['no_form_tag' => true],
+			'fields' => inject_form_variables($servcheck_ca_fields, (isset($ca) ? $ca : []))
 		)
 	);
 
@@ -193,29 +195,29 @@ function ca_edit() {
 function request_validation() {
 	/* ================= input validation and session storage ================= */
 	$filters = array(
-		'rows' => array(
+		'rows' => [
 			'filter' => FILTER_VALIDATE_INT,
 			'pageset' => true,
 			'default' => '-1'
-			),
-		'page' => array(
+			],
+		'page' => [
 			'filter' => FILTER_VALIDATE_INT,
 			'default' => '1'
-			),
-		'refresh' => array(
+			],
+		'refresh' => [
 			'filter' => FILTER_VALIDATE_INT,
 			'pageset' => true,
 			'default' => '20',
-			),
+			],
 		'sort_column' => array(
 			'filter' => FILTER_CALLBACK,
 			'default' => 'name',
-			'options' => array('options' => 'sanitize_search_string')
+			'options' => ['options' => 'sanitize_search_string']
 			),
 		'sort_direction' => array(
 			'filter' => FILTER_CALLBACK,
 			'default' => 'ASC',
-			'options' => array('options' => 'sanitize_search_string')
+			'options' => ['options' => 'sanitize_search_string']
 			)
 	);
 
@@ -243,7 +245,7 @@ function ca() {
 	$sql_where = '';
 
 	if (get_request_var('filter') != '') {
-		$sql_where .= ($sql_where == '' ? 'WHERE ' : ' AND ') . ' name LIKE "%' . get_request_var('filter');
+		$sql_where .= ($sql_where == '' ? 'WHERE ' : ' AND ') . 'name LIKE ' . db_qstr('%' . get_request_var('filter') . '%');
 	}
 
 	$sql_order = get_order_string();
@@ -389,4 +391,3 @@ function clearFilter() {
 	<?php
 	html_end_box();
 }
-
diff --git a/servcheck_curl_code.php b/servcheck_curl_code.php
index 8eb3194..2eba391 100644
--- a/servcheck_curl_code.php
+++ b/servcheck_curl_code.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
diff --git a/servcheck_process.php b/servcheck_process.php
index 0387396..1885de6 100644
--- a/servcheck_process.php
+++ b/servcheck_process.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
@@ -119,18 +121,18 @@
 }
 
 $poller = db_fetch_cell_prepared('SELECT * FROM poller WHERE id = ?',
-	array($test['poller_id']));
+	[$test['poller_id']]);
 
 if ($poller == false) {
 	print 'Selected poller not found, changing to poller 1' . PHP_EOL;
 	db_execute_prepared('UPDATE plugin_servcheck_test
 		SET poller_id = 1
 		WHERE id = ?',
-		array($test['poller_id']));
+		[$test['poller_id']]);
 }
 
 $logs = db_fetch_cell_prepared('SELECT count(*) FROM plugin_servcheck_log WHERE test_id = ?',
-	array($test['id']));
+	[$test['id']]);
 
 if ($logs > 0 && $test['next_run'] < time() && !$force) {
 	plugin_servcheck_debug('INFO: Test ' . $test['display_name'] . ' skipped. The test is not run every poller cycle.', $test);
@@ -152,7 +154,7 @@
 
 /* attempt to get results 3 times before exiting */
 $x = 0;
-$results = array();
+$results = [];
 
 while ($x < 3) {
 	plugin_servcheck_debug('Service Check Number ' . $x, $test);
@@ -215,7 +217,7 @@
 $last_log = db_fetch_row_prepared('SELECT *
 		FROM plugin_servcheck_log
 		WHERE test_id = ? ORDER BY id DESC LIMIT 1',
-		array ($test['id']));
+		[$test['id']]);
 
 if (!$last_log) {
 	$last_log['result'] = 'not yet';
@@ -266,7 +268,7 @@
 		$new_notify = db_fetch_cell_prepared('SELECT UNIX_TIMESTAMP(DATE_ADD(last_exp_notify, INTERVAL 1 DAY))
 			FROM plugin_servcheck_test
 			WHERE id = ?',
-			array($test['id']));
+			[$test['id']]);
 
 		if ($new_notify < time()) {
 			plugin_servcheck_debug('Certificate expired soon, will notify about expiration', $test);
@@ -301,7 +303,7 @@
 		putenv('SERVCHECK_CERTIFICATE_EXPIRATION=' . (isset($test['expiry_date']) ? $test['expiry_date'] : 'Not tested'));
 
 		if (file_exists($command) && is_executable($command)) {
-			$output = array();
+			$output = [];
 			$return = 0;
 
 			exec($command, $output, $return);
@@ -429,7 +431,7 @@ function plugin_servcheck_send_notification($results, $test, $type, $last_log) {
 		$emails = db_fetch_cell_prepared('SELECT emails
 			FROM plugin_notification_lists
 			WHERE id = ?',
-			array($test['notify_list']));
+			[$test['notify_list']]);
 
 		if ($emails != '') {
 			$to .= ($to != '' ? ', ':'') . $emails;
diff --git a/servcheck_proxies.php b/servcheck_proxies.php
index 98d33dd..226b9ff 100644
--- a/servcheck_proxies.php
+++ b/servcheck_proxies.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
@@ -76,7 +78,7 @@ function proxy_form_actions() {
 
 	/* setup some variables */
 	$proxy_list  = '';
-	$proxy_array = array();
+	$proxy_array = [];
 
 	/* loop through each of the graphs selected on the previous page and get more info about them */
 	foreach ($_POST as $var => $val) {
@@ -85,7 +87,7 @@ function proxy_form_actions() {
 			input_validate_input_number($matches[1]);
 			/* ==================================================== */
 
-			$proxy_list .= '<li>' . db_fetch_cell_prepared('SELECT name FROM plugin_servcheck_proxies WHERE id = ?', array($matches[1])) . '</li>';
+			$proxy_list .= '<li>' . db_fetch_cell_prepared('SELECT name FROM plugin_servcheck_proxies WHERE id = ?', [$matches[1]]) . '</li>';
 			$proxy_array[] = $matches[1];
 		}
 	}
@@ -179,8 +181,8 @@ function proxy_edit() {
 
 	draw_edit_form(
 		array(
-			'config' => array('no_form_tag' => true),
-			'fields' => inject_form_variables($servcheck_proxy_fields, (isset($proxy) ? $proxy : array()))
+			'config' => ['no_form_tag' => true],
+			'fields' => inject_form_variables($servcheck_proxy_fields, (isset($proxy) ? $proxy : []))
 		)
 	);
 
@@ -202,29 +204,29 @@ function proxy_edit() {
 function request_validation() {
 	/* ================= input validation and session storage ================= */
 	$filters = array(
-		'rows' => array(
+		'rows' => [
 			'filter' => FILTER_VALIDATE_INT,
 			'pageset' => true,
 			'default' => '-1'
-			),
-		'page' => array(
+			],
+		'page' => [
 			'filter' => FILTER_VALIDATE_INT,
 			'default' => '1'
-			),
-		'refresh' => array(
+			],
+		'refresh' => [
 			'filter' => FILTER_VALIDATE_INT,
 			'pageset' => true,
 			'default' => '20',
-			),
+			],
 		'sort_column' => array(
 			'filter' => FILTER_CALLBACK,
 			'default' => 'name',
-			'options' => array('options' => 'sanitize_search_string')
+			'options' => ['options' => 'sanitize_search_string']
 			),
 		'sort_direction' => array(
 			'filter' => FILTER_CALLBACK,
 			'default' => 'ASC',
-			'options' => array('options' => 'sanitize_search_string')
+			'options' => ['options' => 'sanitize_search_string']
 			)
 	);
 
@@ -252,7 +254,7 @@ function proxies() {
 	$sql_where = '';
 
 	if (get_request_var('filter') != '') {
-		$sql_where .= ($sql_where == '' ? 'WHERE ' : ' AND ') . ' name LIKE "%' . get_request_var('filter') . '%" OR hostname LIKE "%' . get_request_var('filter') . '%"';
+		$sql_where .= ($sql_where == '' ? 'WHERE ' : ' AND ') . '(name LIKE ' . db_qstr('%' . get_request_var('filter') . '%') . ' OR hostname LIKE ' . db_qstr('%' . get_request_var('filter') . '%') . ')';
 	}
 
 	$sql_order = get_order_string();
@@ -404,4 +406,3 @@ function clearFilter() {
 	<?php
 	html_end_box();
 }
-
diff --git a/servcheck_test.php b/servcheck_test.php
index 667d14a..2ad6e0d 100644
--- a/servcheck_test.php
+++ b/servcheck_test.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
@@ -44,7 +46,7 @@
 		$id = get_filter_request_var('id');
 
 		if ($id > 0) {
-			db_execute_prepared('UPDATE plugin_servcheck_test SET enabled = "on" WHERE id = ?', array($id));
+			db_execute_prepared('UPDATE plugin_servcheck_test SET enabled = "on" WHERE id = ?', [$id]);
 		}
 
 		header('Location: servcheck_test.php?header=false');
@@ -55,7 +57,7 @@
 		$id = get_filter_request_var('id');
 
 		if ($id > 0) {
-			db_execute_prepared('UPDATE plugin_servcheck_test SET enabled = "" WHERE id = ?', array($id));
+			db_execute_prepared('UPDATE plugin_servcheck_test SET enabled = "" WHERE id = ?', [$id]);
 		}
 
 		header('Location: servcheck_test.php?header=false');
@@ -118,23 +120,23 @@ function form_actions() {
 			if (cacti_sizeof($tests)) {
 				if ($action == SERVCHECK_ACTION_TEST_DELETE) { // delete
 					foreach ($tests as $id) {
-						db_execute_prepared('DELETE FROM plugin_servcheck_test WHERE id = ?', array($id));
-						db_execute_prepared('DELETE FROM plugin_servcheck_log WHERE test_id = ?', array($id));
+						db_execute_prepared('DELETE FROM plugin_servcheck_test WHERE id = ?', [$id]);
+						db_execute_prepared('DELETE FROM plugin_servcheck_log WHERE test_id = ?', [$id]);
 					}
 				} elseif ($action == SERVCHECK_ACTION_TEST_DISABLE) { // disable
 					foreach ($tests as $id) {
-						db_execute_prepared('UPDATE plugin_servcheck_test SET enabled = "" WHERE id = ?', array($id));
+						db_execute_prepared('UPDATE plugin_servcheck_test SET enabled = "" WHERE id = ?', [$id]);
 					}
 				} elseif ($action == SERVCHECK_ACTION_TEST_ENABLE) { // enable
 					foreach ($tests as $id) {
-						db_execute_prepared('UPDATE plugin_servcheck_test SET enabled = "on" WHERE id = ?', array($id));
+						db_execute_prepared('UPDATE plugin_servcheck_test SET enabled = "on" WHERE id = ?', [$id]);
 					}
 				} elseif ($action == SERVCHECK_ACTION_TEST_DUPLICATE) { // duplicate
 					foreach($tests as $test) {
 						$newid = 1;
 
 						foreach ($tests as $id) {
-							$save = db_fetch_row_prepared('SELECT * FROM plugin_servcheck_test WHERE id = ?', array($id));
+							$save = db_fetch_row_prepared('SELECT * FROM plugin_servcheck_test WHERE id = ?', [$id]);
 							$save['id']           = 0;
 							$save['display_name'] = 'New Service Check (' . $newid . ')';
 							$save['path']         = '/';
@@ -163,7 +165,7 @@ function form_actions() {
 
 	/* setup some variables */
 	$test_list  = '';
-	$test_array = array();
+	$test_array = [];
 
 	/* loop through each of the tests selected on the previous page and get more info about them */
 	foreach ($_POST as $var => $val) {
@@ -172,7 +174,7 @@ function form_actions() {
 			input_validate_input_number($matches[1]);
 			/* ==================================================== */
 
-			$test_list .= '<li>' . __esc(db_fetch_cell_prepared('SELECT display_name FROM plugin_servcheck_test WHERE id = ?', array($matches[1]))) . '</li>';
+			$test_list .= '<li>' . __esc(db_fetch_cell_prepared('SELECT display_name FROM plugin_servcheck_test WHERE id = ?', [$matches[1]])) . '</li>';
 			$test_array[] = $matches[1];
 		}
 	}
@@ -322,7 +324,7 @@ function form_save() {
 	}
 
 	if ($category == 'ldap') {
-		if (get_filter_request_var('ldapsearch', FILTER_VALIDATE_REGEXP, array('options' => array('regexp' => '/^[a-zA-Z0-9\.\- \*\=,]+$/')))) {
+		if (get_filter_request_var('ldapsearch', FILTER_VALIDATE_REGEXP, array('options' => ['regexp' => '/^[a-zA-Z0-9\.\- \*\=,]+$/']))) {
 			$save['ldapsearch'] = get_nfilter_request_var('ldapsearch');
 		} else {
 			raise_message(3);
@@ -362,13 +364,13 @@ function form_save() {
 		$save['certexpirenotify'] = '';
 	}
 
-	if (isset_request_var('username') && get_nfilter_request_var('username') != '' && get_filter_request_var('username', FILTER_VALIDATE_REGEXP, array('options' => array('regexp' => '/^[a-z0-9A-Z_\/@.\- \=,]{1,}$/')))) {
+	if (isset_request_var('username') && get_nfilter_request_var('username') != '' && get_filter_request_var('username', FILTER_VALIDATE_REGEXP, array('options' => ['regexp' => '/^[a-z0-9A-Z_\/@.\- \=,]{1,}$/']))) {
 		$save['username'] = servcheck_hide_text(get_nfilter_request_var('username'));
 		$save['password'] = servcheck_hide_text(get_nfilter_request_var('password'));
 	}
 
 	if ($category == 'web' || $category == 'ftp' || $category == 'smb') {
-		if (isset_request_var('path') && get_filter_request_var('path', FILTER_VALIDATE_REGEXP, array('options' => array('regexp' => '/^[a-zA-Z0-9_;\-\/\.\?=]+$/')))) {
+		if (isset_request_var('path') && get_filter_request_var('path', FILTER_VALIDATE_REGEXP, array('options' => ['regexp' => '/^[a-zA-Z0-9_;\-\/\.\?=]+$/']))) {
 			$save['path'] = get_nfilter_request_var('path');
 		} else {
 			raise_message(3);
@@ -412,9 +414,9 @@ function purge_log_events($id) {
 	$name = db_fetch_cell_prepared('SELECT display_name
 		FROM plugin_servcheck_test
 		WHERE id = ?',
-		array($id));
+		[$id]);
 
-	db_execute_prepared('DELETE FROM plugin_servcheck_log WHERE test_id = ?', array($id));
+	db_execute_prepared('DELETE FROM plugin_servcheck_log WHERE test_id = ?', [$id]);
 
 	raise_message('test_log_purged', __('The Service Check history was purged for %s', $name, 'servcheck'), MESSAGE_LEVEL_INFO);
 }
@@ -427,7 +429,7 @@ function servcheck_edit_test() {
 	get_filter_request_var('id');
 	/* ==================================================== */
 
-	$test = array();
+	$test = [];
 
 	if (!isempty_request_var('id')) {
 		$test = db_fetch_row_prepared('SELECT * FROM plugin_servcheck_test WHERE id = ?', array(get_request_var('id')), false);
@@ -453,7 +455,7 @@ function servcheck_edit_test() {
 
 	draw_edit_form(
 		array(
-			'config' => array('form_name' => 'chk'),
+			'config' => ['form_name' => 'chk'],
 			'fields' => inject_form_variables($servcheck_test_fields, $test)
 		)
 	);
@@ -686,15 +688,15 @@ function setTest() {
 function servcheck_request_validation() {
 	/* ================= input validation and session storage ================= */
 	$filters = array(
-		'rows' => array(
+		'rows' => [
 			'filter' => FILTER_VALIDATE_INT,
 			'pageset' => true,
 			'default' => '-1'
-		),
-		'page' => array(
+		],
+		'page' => [
 			'filter' => FILTER_VALIDATE_INT,
 			'default' => '1'
-		),
+		],
 		'refresh' => array(
 			'filter' => FILTER_VALIDATE_INT,
 			'pageset' => true,
@@ -704,23 +706,23 @@ function servcheck_request_validation() {
 			'filter' => FILTER_VALIDATE_IS_REGEX,
 			'default' => '',
 			'pageset' => true,
-			'options' => array('options' => 'sanitize_search_string')
+			'options' => ['options' => 'sanitize_search_string']
 		),
 		'sort_column' => array(
 			'filter' => FILTER_CALLBACK,
 			'default' => 'display_name',
-			'options' => array('options' => 'sanitize_search_string')
+			'options' => ['options' => 'sanitize_search_string']
 		),
 		'sort_direction' => array(
 			'filter' => FILTER_CALLBACK,
 			'default' => 'ASC',
-			'options' => array('options' => 'sanitize_search_string')
+			'options' => ['options' => 'sanitize_search_string']
 		),
-		'state' => array(
+		'state' => [
 			'filter' => FILTER_VALIDATE_INT,
 			'pageset' => true,
 			'default' => '-1'
-		)
+		]
 	);
 
 	validate_store_request_vars($filters, 'sess_servchecktest');
@@ -732,33 +734,33 @@ function servcheck_log_request_validation() {
 
 	/* ================= input validation and session storage ================= */
 	$filters = array(
-		'id' => array(
+		'id' => [
 			'filter' => FILTER_VALIDATE_INT,
 			'default' => '-1'
-		),
-		'rows' => array(
+		],
+		'rows' => [
 			'filter' => FILTER_VALIDATE_INT,
 			'pageset' => true,
 			'default' => '-1'
-		),
-		'page' => array(
+		],
+		'page' => [
 			'filter' => FILTER_VALIDATE_INT,
 			'default' => '1'
-		),
+		],
 		'filter' => array(
 			'filter' => FILTER_CALLBACK,
 			'default' => '',
-			'options' => array('options' => 'sanitize_search_string')
+			'options' => ['options' => 'sanitize_search_string']
 		),
 		'sort_column' => array(
 			'filter' => FILTER_CALLBACK,
 			'default' => 'lastcheck',
-			'options' => array('options' => 'sanitize_search_string')
+			'options' => ['options' => 'sanitize_search_string']
 		),
 		'sort_direction' => array(
 			'filter' => FILTER_CALLBACK,
 			'default' => 'DESC',
-			'options' => array('options' => 'sanitize_search_string')
+			'options' => ['options' => 'sanitize_search_string']
 		),
 	);
 
@@ -926,7 +928,7 @@ function servcheck_show_graph() {
 	$result = db_fetch_row_prepared('SELECT display_name
 		FROM plugin_servcheck_test
 		WHERE id = ?',
-		array($id));
+		[$id]);
 
 	print '<br/><br/><b>' . html_escape($result['display_name']) . ':</b><br/>';
 
@@ -952,7 +954,7 @@ function servcheck_show_last_data() {
 	$result = db_fetch_row_prepared('SELECT display_name, last_returned_data
 		FROM plugin_servcheck_test
 		WHERE id = ?',
-		array($id));
+		[$id]);
 
 	print '<br/><br/><b>' . __('Last returned data of test', 'servcheck') . ' ' . html_escape($result['display_name']) . ':</b><br/>';
 
@@ -964,16 +966,16 @@ function list_tests() {
 
 	/* ================= input validation and session storage ================= */
 	$filters = array(
-		'rows' => array(
+		'rows' => [
 			'filter' => FILTER_VALIDATE_INT,
 			'pageset' => true,
 			'default' => '-1'
-		),
-		'state' => array(
+		],
+		'state' => [
 			'filter' => FILTER_VALIDATE_INT,
 			'pageset' => true,
 			'default' => '-1'
-		),
+		],
 		'refresh' => array(
 			'filter' => FILTER_VALIDATE_INT,
 			'default' => read_config_option('log_refresh_interval')
@@ -981,12 +983,12 @@ function list_tests() {
 		'sort_column' => array(
 			'filter' => FILTER_CALLBACK,
 			'default' => 'display_name',
-			'options' => array('options' => 'sanitize_search_string')
+			'options' => ['options' => 'sanitize_search_string']
 		),
 		'sort_direction' => array(
 			'filter' => FILTER_CALLBACK,
 			'default' => 'ASC',
-			'options' => array('options' => 'sanitize_search_string')
+			'options' => ['options' => 'sanitize_search_string']
 		)
 	);
 
@@ -1114,7 +1116,7 @@ function list_tests() {
 				(SELECT count(id) FROM plugin_servcheck_log WHERE test_id = ? ) as `count`
 				FROM plugin_servcheck_log
 				WHERE test_id = ? ORDER BY id DESC LIMIT 1",
-				array ($row['id'], $row['id']));
+				[$row['id'], $row['id']]);
 
 			if (!$last_log) {
 				$last_log['result'] = 'not yet';
@@ -1297,7 +1299,7 @@ function clearFilter() {
 						<select id='state'>
 							<option value='-1'><?php print __('Any', 'servcheck');?></option>
 							<?php
-							foreach (array('2' => 'Disabled', '1' => 'Enabled', '3' => 'Triggered') as $key => $row) {
+							foreach (['2' => 'Disabled', '1' => 'Enabled', '3' => 'Triggered'] as $key => $row) {
 								print "<option value='" . $key . "'" . (isset_request_var('state') && $key == get_request_var('state') ? ' selected' : '') . '>' . $row . '</option>';
 							}
 							?>
diff --git a/setup.php b/setup.php
index 8c228f3..f70f108 100644
--- a/setup.php
+++ b/setup.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /*
  +-------------------------------------------------------------------------+
  | Copyright (C) 2004-2025 The Cacti Group                                 |
@@ -63,7 +65,7 @@ function plugin_servcheck_upgrade() {
 	db_execute_prepared('UPDATE plugin_realms
 		SET file = ?
 		WHERE file LIKE "%servcheck_test.php%"',
-		array('servcheck_test.php,servcheck_curl_code.php,servcheck_proxies.php,servcheck_ca.php'));
+		['servcheck_test.php,servcheck_curl_code.php,servcheck_proxies.php,servcheck_ca.php']);
 
 		api_plugin_register_hook('servcheck', 'replicate_out', 'servcheck_replicate_out', 'setup.php', '1');
 		api_plugin_register_hook('servcheck', 'config_settings', 'servcheck_config_settings', 'setup.php', '1');
@@ -214,7 +216,7 @@ function plugin_servcheck_config_arrays() {
 
 	$menu[__('Management')]['plugins/servcheck/servcheck_test.php'] = __('Service Checker', 'servcheck');
 
-	$files = array('index.php', 'plugins.php', 'servcheck_test.php');
+	$files = ['index.php', 'plugins.php', 'servcheck_test.php'];
 	if (in_array(get_current_page(), $files)) {
 		plugin_servcheck_check_config();
 	}
@@ -294,12 +296,12 @@ function servcheck_replicate_out($data) {
 
 	cacti_log('INFO: Replacting for the servcheck Plugin', false, 'REPLICATE');
 
-	$tables = array(
+	$tables = [
 		'plugin_servcheck_contacts',
 		'plugin_servcheck_proxies',
 		'plugin_servcheck_test',
 		'plugin_servcheck_ca'
-	);
+	];
 
 	if ($class == 'all') {
 		foreach($tables as $table) {
diff --git a/tests/Integration/test_servcheck_filter_sql_wiring.php b/tests/Integration/test_servcheck_filter_sql_wiring.php
new file mode 100644
index 0000000..db36a14
--- /dev/null
+++ b/tests/Integration/test_servcheck_filter_sql_wiring.php
@@ -0,0 +1,35 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004-2026 The Cacti Group                                 |
+ +-------------------------------------------------------------------------+
+ | Cacti: The Complete RRDTool-based Graphing Solution                     |
+ +-------------------------------------------------------------------------+
+*/
+
+$checks = array(
+	__DIR__ . '/../../servcheck_proxies.php' => array(
+		"(name LIKE ' . db_qstr('%' . get_request_var('filter') . '%') . ' OR hostname LIKE ' . db_qstr('%' . get_request_var('filter') . '%') . ')'",
+	),
+	__DIR__ . '/../../servcheck_ca.php' => array(
+		"'name LIKE ' . db_qstr('%' . get_request_var('filter') . '%')",
+	),
+);
+
+foreach ($checks as $path => $patterns) {
+	$contents = file_get_contents($path);
+
+	if ($contents === false) {
+		fwrite(STDERR, "Unable to read {$path}\n");
+		exit(1);
+	}
+
+	foreach ($patterns as $pattern) {
+		if (strpos($contents, $pattern) === false) {
+			fwrite(STDERR, "Missing expected SQL hardening: {$pattern}\n");
+			exit(1);
+		}
+	}
+}
+
+print "OK\n";
diff --git a/tests/Unit/ArraysDefinitionTest.php b/tests/Unit/ArraysDefinitionTest.php
new file mode 100644
index 0000000..9dee7e0
--- /dev/null
+++ b/tests/Unit/ArraysDefinitionTest.php
@@ -0,0 +1,164 @@
+<?php
+
+declare(strict_types=1);
+
+require_once __DIR__ . '/../Helpers/GlobalStubs.php';
+require_once __DIR__ . '/../../includes/arrays.php';
+
+/*
+ * Tests for the static lookup arrays and the notify_accounts
+ * building logic defined in includes/arrays.php.
+ */
+
+describe('static array definitions', function (): void {
+    it('defines $service_types with the expected protocol keys', function (): void {
+        global $service_types;
+
+        expect($service_types)->toBeArray()
+            ->toHaveKey('web_http')
+            ->toHaveKey('web_https')
+            ->toHaveKey('mail_smtp')
+            ->toHaveKey('mail_smtptls')
+            ->toHaveKey('mail_smtps')
+            ->toHaveKey('mail_imap')
+            ->toHaveKey('mail_imaps')
+            ->toHaveKey('mail_pop3')
+            ->toHaveKey('mail_pop3s')
+            ->toHaveKey('dns_dns')
+            ->toHaveKey('dns_doh')
+            ->toHaveKey('ldap_ldap')
+            ->toHaveKey('ldap_ldaps')
+            ->toHaveKey('ftp_ftp')
+            ->toHaveKey('ftp_ftps')
+            ->toHaveKey('ftp_scp')
+            ->toHaveKey('ftp_tftp')
+            ->toHaveKey('smb_smb')
+            ->toHaveKey('smb_smbs')
+            ->toHaveKey('mqtt_mqtt');
+    });
+
+    it('has string values for every $service_types entry', function (): void {
+        global $service_types;
+
+        foreach ($service_types as $value) {
+            expect($value)->toBeString()->not->toBeEmpty();
+        }
+    });
+
+    it('defines $httperrors with standard HTTP status code keys', function (): void {
+        global $httperrors;
+
+        expect($httperrors)->toBeArray()
+            ->toHaveKey(0)
+            ->toHaveKey(200)
+            ->toHaveKey(301)
+            ->toHaveKey(302)
+            ->toHaveKey(400)
+            ->toHaveKey(401)
+            ->toHaveKey(403)
+            ->toHaveKey(404)
+            ->toHaveKey(500)
+            ->toHaveKey(502)
+            ->toHaveKey(503);
+    });
+
+    it('has integer keys and string values for every $httperrors entry', function (): void {
+        global $httperrors;
+
+        foreach ($httperrors as $code => $label) {
+            expect($code)->toBeInt();
+            expect($label)->toBeString()->not->toBeEmpty();
+        }
+    });
+
+    it('defines $servcheck_seconds with keys 3 through 10', function (): void {
+        global $servcheck_seconds;
+
+        expect($servcheck_seconds)->toBeArray();
+        expect(array_keys($servcheck_seconds))->toBe([3, 4, 5, 6, 7, 8, 9, 10]);
+    });
+
+    it('has string values for every $servcheck_seconds entry', function (): void {
+        global $servcheck_seconds;
+
+        foreach ($servcheck_seconds as $value) {
+            expect($value)->toBeString()->not->toBeEmpty();
+        }
+    });
+});
+
+describe('notify_accounts when db_fetch_assoc returns empty', function (): void {
+    /*
+     * When db_table_exists returns false (our stub default) or
+     * db_fetch_assoc returns an empty result, $servcheck_notify_accounts
+     * must remain an empty array.
+     */
+    it('produces an empty $servcheck_notify_accounts when contacts table missing', function (): void {
+        global $servcheck_notify_accounts;
+
+        // The stub db_table_exists returns false, so the query is never run
+        expect($servcheck_notify_accounts)->toBeArray()->toBeEmpty();
+    });
+
+    it('produces an empty array when contact_users is empty', function (): void {
+        $contact_users = [];
+
+        $notify_accounts = [];
+        foreach ($contact_users as $contact_user) {
+            $notify_accounts[$contact_user['id']] = $contact_user['full_name'] . ' - ' . ucfirst($contact_user['type']);
+        }
+
+        expect($notify_accounts)->toBeArray()->toBeEmpty();
+    });
+});
+
+describe('notify_accounts edge cases', function (): void {
+    it('builds notify_accounts correctly from valid contact data', function (): void {
+        $contact_users = [
+            ['id' => 1, 'data' => 'user1@example.com', 'type' => 'email', 'full_name' => 'Alice'],
+            ['id' => 5, 'data' => 'user5@example.com', 'type' => 'slack', 'full_name' => 'Bob'],
+        ];
+
+        $notify_accounts = [];
+        foreach ($contact_users as $contact_user) {
+            $notify_accounts[$contact_user['id']] = $contact_user['full_name'] . ' - ' . ucfirst($contact_user['type']);
+        }
+
+        expect($notify_accounts)->toBe([
+            1 => 'Alice - Email',
+            5 => 'Bob - Slack',
+        ]);
+    });
+
+    it('handles contact entries with empty data field gracefully', function (): void {
+        // The WHERE clause filters these out in production, but the
+        // building logic itself should not break on empty data values.
+        $contact_users = [
+            ['id' => 2, 'data' => '', 'type' => 'email', 'full_name' => 'Carol'],
+            ['id' => 3, 'data' => 'user3@test.com', 'type' => 'sms', 'full_name' => 'Dave'],
+        ];
+
+        $notify_accounts = [];
+        foreach ($contact_users as $contact_user) {
+            $notify_accounts[$contact_user['id']] = $contact_user['full_name'] . ' - ' . ucfirst($contact_user['type']);
+        }
+
+        // Both entries produce a label; the data field is not used in the label
+        expect($notify_accounts)->toHaveCount(2);
+        expect($notify_accounts[2])->toBe('Carol - Email');
+        expect($notify_accounts[3])->toBe('Dave - Sms');
+    });
+
+    it('handles a single contact entry', function (): void {
+        $contact_users = [
+            ['id' => 10, 'data' => 'solo@example.com', 'type' => 'email', 'full_name' => 'Solo User'],
+        ];
+
+        $notify_accounts = [];
+        foreach ($contact_users as $contact_user) {
+            $notify_accounts[$contact_user['id']] = $contact_user['full_name'] . ' - ' . ucfirst($contact_user['type']);
+        }
+
+        expect($notify_accounts)->toBe([10 => 'Solo User - Email']);
+    });
+});
diff --git a/tests/Unit/test_filter_sql_quoting.php b/tests/Unit/test_filter_sql_quoting.php
new file mode 100644
index 0000000..8daadd4
--- /dev/null
+++ b/tests/Unit/test_filter_sql_quoting.php
@@ -0,0 +1,19 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004-2026 The Cacti Group                                 |
+ +-------------------------------------------------------------------------+
+ | Cacti: The Complete RRDTool-based Graphing Solution                     |
+ +-------------------------------------------------------------------------+
+*/
+
+$payload = "%' OR 1=1 --";
+$quoted  = "'" . str_replace("'", "\\'", '%' . $payload . '%') . "'";
+
+if (strpos($quoted, "OR 1=1") !== false && strpos($quoted, "'") !== false) {
+	print "OK\n";
+	exit(0);
+}
+
+fwrite(STDERR, "Expected filter text to remain quoted in SQL fragments\n");
+exit(1);
diff --git a/tests/e2e/test_servcheck_no_raw_filter_sql.php b/tests/e2e/test_servcheck_no_raw_filter_sql.php
new file mode 100644
index 0000000..53f3a4d
--- /dev/null
+++ b/tests/e2e/test_servcheck_no_raw_filter_sql.php
@@ -0,0 +1,35 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004-2026 The Cacti Group                                 |
+ +-------------------------------------------------------------------------+
+ | Cacti: The Complete RRDTool-based Graphing Solution                     |
+ +-------------------------------------------------------------------------+
+*/
+
+$checks = array(
+	__DIR__ . '/../../servcheck_proxies.php' => array(
+		'name LIKE "%\' . get_request_var(\'filter\') . \'%" OR hostname LIKE "%\' . get_request_var(\'filter\') . \'%"',
+	),
+	__DIR__ . '/../../servcheck_ca.php' => array(
+		'name LIKE "%\' . get_request_var(\'filter\')',
+	),
+);
+
+foreach ($checks as $path => $patterns) {
+	$contents = file_get_contents($path);
+
+	if ($contents === false) {
+		fwrite(STDERR, "Unable to read {$path}\n");
+		exit(1);
+	}
+
+	foreach ($patterns as $pattern) {
+		if (strpos($contents, $pattern) !== false) {
+			fwrite(STDERR, "Raw filter SQL remains: {$pattern}\n");
+			exit(1);
+		}
+	}
+}
+
+print "OK\n";