diff --git a/web/add/dns/index.php b/web/add/dns/index.php
index 629e2ec57..bd890c875 100644
--- a/web/add/dns/index.php
+++ b/web/add/dns/index.php
@@ -35,14 +35,14 @@ if (!empty($_POST['ok'])) {
     $v_domain = escapeshellarg($v_domain);
     $v_domain = strtolower($v_domain);
     $v_ip = escapeshellarg($_POST['v_ip']);
-    if (!empty($_POST['v_ns1'])) $v_ns1 = escapeshellarg($_POST['v_ns1']);
-    if (!empty($_POST['v_ns2'])) $v_ns2 = escapeshellarg($_POST['v_ns2']);
-    if (!empty($_POST['v_ns3'])) $v_ns3 = escapeshellarg($_POST['v_ns3']);
-    if (!empty($_POST['v_ns4'])) $v_ns4 = escapeshellarg($_POST['v_ns4']);
-    if (!empty($_POST['v_ns5'])) $v_ns5 = escapeshellarg($_POST['v_ns5']);
-    if (!empty($_POST['v_ns6'])) $v_ns6 = escapeshellarg($_POST['v_ns6']);
-    if (!empty($_POST['v_ns7'])) $v_ns7 = escapeshellarg($_POST['v_ns7']);
-    if (!empty($_POST['v_ns8'])) $v_ns8 = escapeshellarg($_POST['v_ns8']);
+    $v_ns1 = escapeshellarg($_POST['v_ns1']);
+    $v_ns2 = escapeshellarg($_POST['v_ns2']);
+    $v_ns3 = escapeshellarg($_POST['v_ns3']);
+    $v_ns4 = escapeshellarg($_POST['v_ns4']);
+    $v_ns5 = escapeshellarg($_POST['v_ns5']);
+    $v_ns6 = escapeshellarg($_POST['v_ns6']);
+    $v_ns7 = escapeshellarg($_POST['v_ns7']);
+    $v_ns8 = escapeshellarg($_POST['v_ns8']);
 
     // Add dns domain
     if (empty($_SESSION['error_msg'])) {
diff --git a/web/api/index.php b/web/api/index.php
index 32886446d..97f082594 100644
--- a/web/api/index.php
+++ b/web/api/index.php
@@ -31,25 +31,39 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
         echo 'Error: authentication failed';
         exit;
     }
-    
-    // Prepare for iteration
-    $args = [];
-    $i = 0;
-    
-    // Loop through args until there isn't another.
-    while (true)
-    {
-        $i++;
-        if (!empty($_POST['arg' . $i]))
-        {
-            $args[] = $_POST['arg' . $i];
-            continue;
-        }
-        break;
-    }
+
+    // Prepare arguments
+    if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']);
+    if (isset($_POST['arg1'])) $arg1 = escapeshellarg($_POST['arg1']);
+    if (isset($_POST['arg2'])) $arg2 = escapeshellarg($_POST['arg2']);
+    if (isset($_POST['arg3'])) $arg3 = escapeshellarg($_POST['arg3']);
+    if (isset($_POST['arg4'])) $arg4 = escapeshellarg($_POST['arg4']);
+    if (isset($_POST['arg5'])) $arg5 = escapeshellarg($_POST['arg5']);
+    if (isset($_POST['arg6'])) $arg6 = escapeshellarg($_POST['arg6']);
+    if (isset($_POST['arg7'])) $arg7 = escapeshellarg($_POST['arg7']);
+    if (isset($_POST['arg8'])) $arg8 = escapeshellarg($_POST['arg8']);
+    if (isset($_POST['arg9'])) $arg9 = escapeshellarg($_POST['arg9']);
 
     // Build query
-    $cmdquery = VESTA_CMD . $cmd . " " . implode(" ", $args);
+    $cmdquery = VESTA_CMD.$cmd." ";
+    if(!empty($arg1)){
+         $cmdquery = $cmdquery.$arg1." "; }
+    if(!empty($arg2)){
+         $cmdquery = $cmdquery.$arg2." "; }
+    if(!empty($arg3)){
+         $cmdquery = $cmdquery.$arg3." "; }
+    if(!empty($arg4)){
+         $cmdquery = $cmdquery.$arg4." "; }
+    if(!empty($arg5)){
+         $cmdquery = $cmdquery.$arg5." "; }
+    if(!empty($arg6)){
+         $cmdquery = $cmdquery.$arg6." "; }
+    if(!empty($arg7)){
+         $cmdquery = $cmdquery.$arg7." "; }
+    if(!empty($arg8)){
+         $cmdquery = $cmdquery.$arg8." "; }
+    if(!empty($arg9)){
+         $cmdquery = $cmdquery.$arg9; }
 
     // Check command
     if ($cmd == "'v-make-tmp-file'") {