10 } |
10 } |
11 mysqli_set_charset($connect, "utf8" ); |
11 mysqli_set_charset($connect, "utf8" ); |
12 |
12 |
13 $escapers = array("\\", "/", "\"", "\n", "\r", "\t", "\x08", "\x0c"); |
13 $escapers = array("\\", "/", "\"", "\n", "\r", "\t", "\x08", "\x0c"); |
14 $replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b"); |
14 $replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b"); |
|
15 $rescapers = array("'"); |
|
16 $rreplacements = array("\\'"); |
|
17 $disallowed = array('visibleindex','uniqueid','boundindex','uid'); |
15 |
18 |
16 // get data and store in a json array |
19 // get data and store in a json array |
17 $query = "SELECT * FROM profile_mash ORDER BY name"; |
20 $query = "SELECT * FROM profile_mash ORDER BY name"; |
18 if (isset($_GET['insert'])) { |
21 if (isset($_GET['insert']) || isset($_GET['update'])) { |
19 // INSERT COMMAND |
22 if (isset($_GET['insert'])) { |
20 $sql = "INSERT INTO `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); |
23 $sql = "INSERT INTO"; |
|
24 } |
|
25 if (isset($_GET['update'])) { |
|
26 $sql = "UPDATE"; |
|
27 } |
|
28 $sql .= " `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); |
21 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); |
29 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); |
22 $sql .= "', steps='" . json_encode($_GET['steps']); |
30 $array = $_GET['steps']; |
23 $sql .= "';"; |
31 foreach($array as $key => $item){ |
|
32 foreach ($disallowed as $disallowed_key) { |
|
33 unset($array[$key]["$disallowed_key"]); |
|
34 } |
|
35 } |
|
36 $sql .= "', steps='" . str_replace($rescapers,$rreplacements,json_encode($array)); |
|
37 if (isset($_GET['insert'])) { |
|
38 $sql .= "';"; |
|
39 } |
|
40 if (isset($_GET['update'])) { |
|
41 $sql .= "' WHERE record='" . $_GET['record'] . "';"; |
|
42 } |
24 $result = mysqli_query($connect, $sql); |
43 $result = mysqli_query($connect, $sql); |
25 if (! $result) { |
44 if (! $result) { |
26 syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); |
45 syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); |
27 } else { |
46 } else { |
28 syslog(LOG_NOTICE, "db_profile_mash: inserted ".$_GET['name']); |
47 if (isset($_GET['update'])) { |
29 } |
48 syslog(LOG_NOTICE, "db_profile_mash: updated record ".$_GET['record']); |
30 echo $result; |
49 } else { |
31 |
50 $lastid = mysqli_insert_id($connect); |
32 } else if (isset($_GET['update'])) { |
51 syslog(LOG_NOTICE, "db_profile_mash: inserted record ".$lastid); |
33 // UPDATE COMMAND |
52 } |
34 $sql = "UPDATE `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); |
|
35 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); |
|
36 $sql .= "', steps='" . json_encode($_GET['steps']); |
|
37 $sql .= "' WHERE record='" . $_GET['record'] . "';"; |
|
38 $result = mysqli_query($connect, $sql); |
|
39 if (! $result) { |
|
40 syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); |
|
41 } else { |
|
42 syslog(LOG_NOTICE, "db_profile_mash: updated record ".$_GET['record']); |
|
43 } |
53 } |
44 echo $result; |
54 echo $result; |
45 |
55 |
46 } else if (isset($_GET['delete'])) { |
56 } else if (isset($_GET['delete'])) { |
47 // DELETE COMMAND |
57 // DELETE COMMAND |