14 $replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b"); |
14 $replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b"); |
15 $rescapers = array("'"); |
15 $rescapers = array("'"); |
16 $rreplacements = array("\\'"); |
16 $rreplacements = array("\\'"); |
17 $disallowed = array('visibleindex','uniqueid','boundindex','uid'); |
17 $disallowed = array('visibleindex','uniqueid','boundindex','uid'); |
18 |
18 |
19 // get data and store in a json array |
19 if (isset($_POST['insert']) || isset($_POST['update'])) { |
20 $query = "SELECT * FROM profile_mash ORDER BY name"; |
20 if (isset($_POST['insert'])) { |
21 if (isset($_GET['insert']) || isset($_GET['update'])) { |
|
22 if (isset($_GET['insert'])) { |
|
23 $sql = "INSERT INTO"; |
21 $sql = "INSERT INTO"; |
24 } |
22 } |
25 if (isset($_GET['update'])) { |
23 if (isset($_POST['update'])) { |
26 $sql = "UPDATE"; |
24 $sql = "UPDATE"; |
27 } |
25 } |
28 $sql .= " `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); |
26 $sql .= " `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_POST['name']); |
29 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); |
27 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']); |
30 $array = $_GET['steps']; |
28 $array = $_POST['steps']; |
31 foreach($array as $key => $item){ |
29 foreach($array as $key => $item){ |
32 foreach ($disallowed as $disallowed_key) { |
30 foreach ($disallowed as $disallowed_key) { |
33 unset($array[$key]["$disallowed_key"]); |
31 unset($array[$key]["$disallowed_key"]); |
34 } |
32 } |
35 } |
33 } |
36 $sql .= "', steps='" . str_replace($rescapers,$rreplacements,json_encode($array)); |
34 $sql .= "', steps='" . str_replace($rescapers,$rreplacements,json_encode($array)); |
37 if (isset($_GET['insert'])) { |
35 if (isset($_POST['insert'])) { |
38 $sql .= "';"; |
36 $sql .= "';"; |
39 } |
37 } |
40 if (isset($_GET['update'])) { |
38 if (isset($_POST['update'])) { |
41 $sql .= "' WHERE record='" . $_GET['record'] . "';"; |
39 $sql .= "' WHERE record='" . $_POST['record'] . "';"; |
42 } |
40 } |
43 $result = mysqli_query($connect, $sql); |
41 $result = mysqli_query($connect, $sql); |
44 if (! $result) { |
42 if (! $result) { |
45 syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); |
43 syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); |
46 } else { |
44 } else { |
47 if (isset($_GET['update'])) { |
45 if (isset($_POST['update'])) { |
48 syslog(LOG_NOTICE, "db_profile_mash: updated record ".$_GET['record']); |
46 syslog(LOG_NOTICE, "db_profile_mash: updated record ".$_POST['record']); |
49 } else { |
47 } else { |
50 $lastid = mysqli_insert_id($connect); |
48 $lastid = mysqli_insert_id($connect); |
51 syslog(LOG_NOTICE, "db_profile_mash: inserted record ".$lastid); |
49 syslog(LOG_NOTICE, "db_profile_mash: inserted record ".$lastid); |
52 } |
50 } |
53 } |
51 } |
54 echo $result; |
52 echo $result; |
55 |
53 |
56 } else if (isset($_GET['delete'])) { |
54 } else if (isset($_POST['delete'])) { |
57 // DELETE COMMAND |
55 // DELETE COMMAND |
58 $sql = "DELETE FROM `profile_mash` WHERE record='".$_GET['record']."';"; |
56 $sql = "DELETE FROM `profile_mash` WHERE record='".$_POST['record']."';"; |
59 $result = mysqli_query($connect, $sql); |
57 $result = mysqli_query($connect, $sql); |
60 if (! $result) { |
58 if (! $result) { |
61 syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); |
59 syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); |
62 } else { |
60 } else { |
63 syslog(LOG_NOTICE, "db_profile_mash: deleted record ".$_GET['record']); |
61 syslog(LOG_NOTICE, "db_profile_mash: deleted record ".$_POST['record']); |
64 } |
62 } |
65 echo $result; |
63 echo $result; |
66 |
64 |
67 } else { |
65 } else { |
68 // SELECT COMMAND |
66 // SELECT COMMAND |
|
67 $query = "SELECT * FROM profile_mash ORDER BY name"; |
69 $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); |
68 $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); |
70 $mashprofiles = '['; |
69 $mashprofiles = '['; |
71 $comma = FALSE; |
70 $comma = FALSE; |
72 while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { |
71 while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { |
73 // Manual encode to JSON. |
72 // Manual encode to JSON. |