24 $sql = "UPDATE"; |
24 $sql = "UPDATE"; |
25 } |
25 } |
26 $sql .= " `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_POST['name']); |
26 $sql .= " `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_POST['name']); |
27 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']); |
27 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']); |
28 $array = $_POST['steps']; |
28 $array = $_POST['steps']; |
29 foreach($array as $key => $item){ |
29 $comma = FALSE; |
30 foreach ($disallowed as $disallowed_key) { |
30 $steps = '['; |
31 unset($array[$key]["$disallowed_key"]); |
31 foreach($array as $key => $item) { |
32 } |
32 /* |
|
33 * Manual encode to json. This eliminates the wrong UTF-8 encodings |
|
34 * but also removes the unwanted fields. |
|
35 */ |
|
36 if ($comma) |
|
37 $steps.= ','; |
|
38 $steps .= '{"step_name":"' . str_replace($rescapers,$rreplacements,$item['step_name']); |
|
39 $steps .= '","step_type":' . $item['step_type']; |
|
40 $steps .= ',"step_temp":' . $item['step_temp']; |
|
41 $steps .= ',"end_temp":' . $item['end_temp']; |
|
42 $steps .= ',"step_time":' . $item['step_time']; |
|
43 $steps .= ',"ramp_time":' . $item['ramp_time'] . '}'; |
|
44 $comma = TRUE; |
33 } |
45 } |
34 $sql .= "', steps='" . str_replace($rescapers,$rreplacements,json_encode($array)); |
46 $steps .= ']'; |
|
47 $sql .= "', steps='" . $steps; |
35 if (isset($_POST['insert'])) { |
48 if (isset($_POST['insert'])) { |
36 $sql .= "';"; |
49 $sql .= "';"; |
37 } |
50 } |
38 if (isset($_POST['update'])) { |
51 if (isset($_POST['update'])) { |
39 $sql .= "' WHERE record='" . $_POST['record'] . "';"; |
52 $sql .= "' WHERE record='" . $_POST['record'] . "';"; |