www/includes/db_profile_mash.php

changeset 213
b0d484a5525e
parent 120
b28a3d6143bc
child 214
3e240fd7ef13
equal deleted inserted replaced
212:adda48f710cd 213:b0d484a5525e
14 $replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b"); 14 $replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b");
15 $rescapers = array("'"); 15 $rescapers = array("'");
16 $rreplacements = array("\\'"); 16 $rreplacements = array("\\'");
17 $disallowed = array('visibleindex','uniqueid','boundindex','uid'); 17 $disallowed = array('visibleindex','uniqueid','boundindex','uid');
18 18
19 // get data and store in a json array 19 if (isset($_POST['insert']) || isset($_POST['update'])) {
20 $query = "SELECT * FROM profile_mash ORDER BY name"; 20 if (isset($_POST['insert'])) {
21 if (isset($_GET['insert']) || isset($_GET['update'])) {
22 if (isset($_GET['insert'])) {
23 $sql = "INSERT INTO"; 21 $sql = "INSERT INTO";
24 } 22 }
25 if (isset($_GET['update'])) { 23 if (isset($_POST['update'])) {
26 $sql = "UPDATE"; 24 $sql = "UPDATE";
27 } 25 }
28 $sql .= " `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); 26 $sql .= " `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_POST['name']);
29 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); 27 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']);
30 $array = $_GET['steps']; 28 $array = $_POST['steps'];
31 foreach($array as $key => $item){ 29 foreach($array as $key => $item){
32 foreach ($disallowed as $disallowed_key) { 30 foreach ($disallowed as $disallowed_key) {
33 unset($array[$key]["$disallowed_key"]); 31 unset($array[$key]["$disallowed_key"]);
34 } 32 }
35 } 33 }
36 $sql .= "', steps='" . str_replace($rescapers,$rreplacements,json_encode($array)); 34 $sql .= "', steps='" . str_replace($rescapers,$rreplacements,json_encode($array));
37 if (isset($_GET['insert'])) { 35 if (isset($_POST['insert'])) {
38 $sql .= "';"; 36 $sql .= "';";
39 } 37 }
40 if (isset($_GET['update'])) { 38 if (isset($_POST['update'])) {
41 $sql .= "' WHERE record='" . $_GET['record'] . "';"; 39 $sql .= "' WHERE record='" . $_POST['record'] . "';";
42 } 40 }
43 $result = mysqli_query($connect, $sql); 41 $result = mysqli_query($connect, $sql);
44 if (! $result) { 42 if (! $result) {
45 syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); 43 syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect));
46 } else { 44 } else {
47 if (isset($_GET['update'])) { 45 if (isset($_POST['update'])) {
48 syslog(LOG_NOTICE, "db_profile_mash: updated record ".$_GET['record']); 46 syslog(LOG_NOTICE, "db_profile_mash: updated record ".$_POST['record']);
49 } else { 47 } else {
50 $lastid = mysqli_insert_id($connect); 48 $lastid = mysqli_insert_id($connect);
51 syslog(LOG_NOTICE, "db_profile_mash: inserted record ".$lastid); 49 syslog(LOG_NOTICE, "db_profile_mash: inserted record ".$lastid);
52 } 50 }
53 } 51 }
54 echo $result; 52 echo $result;
55 53
56 } else if (isset($_GET['delete'])) { 54 } else if (isset($_POST['delete'])) {
57 // DELETE COMMAND 55 // DELETE COMMAND
58 $sql = "DELETE FROM `profile_mash` WHERE record='".$_GET['record']."';"; 56 $sql = "DELETE FROM `profile_mash` WHERE record='".$_POST['record']."';";
59 $result = mysqli_query($connect, $sql); 57 $result = mysqli_query($connect, $sql);
60 if (! $result) { 58 if (! $result) {
61 syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); 59 syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect));
62 } else { 60 } else {
63 syslog(LOG_NOTICE, "db_profile_mash: deleted record ".$_GET['record']); 61 syslog(LOG_NOTICE, "db_profile_mash: deleted record ".$_POST['record']);
64 } 62 }
65 echo $result; 63 echo $result;
66 64
67 } else { 65 } else {
68 // SELECT COMMAND 66 // SELECT COMMAND
67 $query = "SELECT * FROM profile_mash ORDER BY name";
69 $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); 68 $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect));
70 $mashprofiles = '['; 69 $mashprofiles = '[';
71 $comma = FALSE; 70 $comma = FALSE;
72 while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { 71 while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
73 // Manual encode to JSON. 72 // Manual encode to JSON.

mercurial