Mercurial > bms / file comparison

comparison: www/includes/db_recipes.php

www/includes/db_recipes.php

changeset 60
dbbe408108ea
parent 57
bb9a06aa9acd
child 61
3469979f83be
equal deleted inserted replaced
59:ad28e09e3abd 60:dbbe408108ea
1 <?php 1 <?php
2 2
3 require($_SERVER['DOCUMENT_ROOT']."/config.php"); 3 require($_SERVER['DOCUMENT_ROOT']."/config.php");
4 require($_SERVER['DOCUMENT_ROOT']."/version.php"); 4 require($_SERVER['DOCUMENT_ROOT']."/version.php");
5 //require("../config.php");
6 //require("../version.php");
7
8 5
9 #Connect to the database 6 #Connect to the database
10 $connect = mysqli_connect(DBASE_HOST, DBASE_USER, DBASE_PASS, DBASE_NAME); 7 $connect = mysqli_connect(DBASE_HOST, DBASE_USER, DBASE_PASS, DBASE_NAME);
11 if (! $connect) { 8 if (! $connect) {
12 die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); 9 die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
16 $replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b"); 13 $replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b");
17 $disallowed = array('visibleindex','uniqueid','boundindex','uid'); 14 $disallowed = array('visibleindex','uniqueid','boundindex','uid');
18 15
19 // get data and store in a json array 16 // get data and store in a json array
20 $query = "SELECT * FROM recipes ORDER BY st_guide,st_letter,st_name,name"; 17 $query = "SELECT * FROM recipes ORDER BY st_guide,st_letter,st_name,name";
21 if (isset($_GET['insert']) || isset($_GET['update'])) { 18 if (isset($_POST['insert']) || isset($_POST['update'])) {
22 if (isset($_GET['insert'])) { 19 if (isset($_POST['insert'])) {
23 // INSERT COMMAND 20 // INSERT COMMAND
24 $sql = "INSERT INTO `recipes` SET st_name='" . mysqli_real_escape_string($connect, $_GET['st_name']); 21 $sql = "INSERT INTO `recipes` SET ";
25 } 22 }
26 if (isset($_GET['update'])) { 23 if (isset($_POST['update'])) {
27 // UPDATE COMMAND 24 // UPDATE COMMAND
28 $sql = "UPDATE `recipes` SET st_name='" . mysqli_real_escape_string($connect, $_GET['st_name']); 25 $sql = "UPDATE `recipes` SET ";
29 } 26 }
30 $sql .= "', st_letter='" . mysqli_real_escape_string($connect, $_GET['st_letter']); 27 // Basic settings
31 $sql .= "', st_guide='" . mysqli_real_escape_string($connect, $_GET['st_guide']); 28 $sql .= "st_name='" . mysqli_real_escape_string($connect, $_POST['st_name']);
32 $sql .= "', st_og_min='" . $_GET['st_og_min']; 29 $sql .= "', st_letter='" . mysqli_real_escape_string($connect, $_POST['st_letter']);
33 $sql .= "', st_og_max='" . $_GET['st_og_max']; 30 $sql .= "', st_guide='" . mysqli_real_escape_string($connect, $_POST['st_guide']);
34 $sql .= "', st_fg_min='" . $_GET['st_fg_min']; 31 $sql .= "', st_og_min='" . $_POST['st_og_min'];
35 $sql .= "', st_fg_max='" . $_GET['st_fg_max']; 32 $sql .= "', st_og_max='" . $_POST['st_og_max'];
36 $sql .= "', st_ibu_min='" . $_GET['st_ibu_min']; 33 $sql .= "', st_fg_min='" . $_POST['st_fg_min'];
37 $sql .= "', st_ibu_max='" . $_GET['st_ibu_max']; 34 $sql .= "', st_fg_max='" . $_POST['st_fg_max'];
38 $sql .= "', st_color_min='" . $_GET['st_color_min']; 35 $sql .= "', st_ibu_min='" . $_POST['st_ibu_min'];
39 $sql .= "', st_color_max='" . $_GET['st_color_max']; 36 $sql .= "', st_ibu_max='" . $_POST['st_ibu_max'];
40 $sql .= "', st_carb_min='" . $_GET['st_carb_min']; 37 $sql .= "', st_color_min='" . $_POST['st_color_min'];
41 $sql .= "', st_carb_max='" . $_GET['st_carb_max']; 38 $sql .= "', st_color_max='" . $_POST['st_color_max'];
42 $sql .= "', st_abv_min='" . $_GET['st_abv_min']; 39 $sql .= "', st_carb_min='" . $_POST['st_carb_min'];
43 $sql .= "', st_abv_max='" . $_GET['st_abv_max']; 40 $sql .= "', st_carb_max='" . $_POST['st_carb_max'];
44 $sql .= "', name='" . mysqli_real_escape_string($connect, $_GET['name']); 41 $sql .= "', st_abv_min='" . $_POST['st_abv_min'];
45 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); 42 $sql .= "', st_abv_max='" . $_POST['st_abv_max'];
46 $sql .= "', type='" . $_GET['type']; 43 $sql .= "', name='" . mysqli_real_escape_string($connect, $_POST['name']);
47 $sql .= "', batch_size='" . $_GET['batch_size']; 44 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']);
48 $sql .= "', boil_time='" . $_GET['boil_time']; 45 $sql .= "', type='" . $_POST['type'];
49 $sql .= "', efficiency='" . $_GET['efficiency']; 46 $sql .= "', batch_size='" . $_POST['batch_size'];
50 $sql .= "', est_og='" . $_GET['est_og']; 47 $sql .= "', boil_time='" . $_POST['boil_time'];
51 $sql .= "', est_fg='" . $_GET['est_fg']; 48 $sql .= "', efficiency='" . $_POST['efficiency'];
52 $sql .= "', est_color='" . $_GET['est_color']; 49 $sql .= "', est_og='" . $_POST['est_og'];
53 $sql .= "', color_method='" . $_GET['color_method']; 50 $sql .= "', est_fg='" . $_POST['est_fg'];
54 $sql .= "', est_ibu='" . $_GET['est_ibu']; 51 $sql .= "', est_color='" . $_POST['est_color'];
55 $sql .= "', ibu_method='" . $_GET['ibu_method']; 52 $sql .= "', color_method='" . $_POST['color_method'];
56 $sql .= "', mash_sparge_temp='" . $_GET['mash_sparge_temp']; 53 $sql .= "', est_ibu='" . $_POST['est_ibu'];
57 $sql .= "', mash_ph='" . $_GET['mash_ph']; 54 $sql .= "', ibu_method='" . $_POST['ibu_method'];
58 $sql .= "', mash_name='" . $_GET['mash_name']; 55 $sql .= "', mash_sparge_temp='" . $_POST['mash_sparge_temp'];
59 56 $sql .= "', mash_ph='" . $_POST['mash_ph'];
60 syslog(LOG_NOTICE, $sql); // Log upto this part. 57 $sql .= "', mash_name='" . $_POST['mash_name'];
61 58 syslog(LOG_NOTICE, $sql);
62 $array = $_GET['fermentables']; 59
63 foreach($array as $key => $item){ 60 if (isset($_POST['fermentables'])) {
64 foreach ($disallowed as $disallowed_key) { 61 $array = $_POST['fermentables'];
65 unset($array[$key]["$disallowed_key"]); 62 foreach($array as $key => $item){
66 } 63 foreach ($disallowed as $disallowed_key) {
67 } 64 unset($array[$key]["$disallowed_key"]);
68 syslog(LOG_NOTICE, "json_fermentables: " . json_encode($array)); 65 }
69 $sql .= "', json_fermentables='" . json_encode($array); 66 }
70 67 syslog(LOG_NOTICE, "json_fermentables=: ".json_encode($array));
71 $array = $_GET['waters']; 68 $sql .= "', json_fermentables='" . json_encode($array);
72 foreach($array as $key => $item){ 69 }
73 foreach ($disallowed as $disallowed_key) { 70
74 unset($array[$key]["$disallowed_key"]); 71 if (isset($_POST['hops'])) {
75 } 72 $array = $_POST['hops'];
76 } 73 foreach($array as $key => $item){
77 syslog(LOG_NOTICE, "json_waters: " . json_encode($array)); 74 foreach ($disallowed as $disallowed_key) {
78 $sql .= "', json_waters='" . json_encode($array); 75 unset($array[$key]["$disallowed_key"]);
79 76 }
80 if (isset($_GET['insert'])) { 77 }
78 syslog(LOG_NOTICE, "json_hops: ".json_encode($array));
79 $sql .= "', json_hops='" . json_encode($array);
80 }
81
82 if (isset($_POST['miscs'])) {
83 $array = $_POST['miscs'];
84 foreach($array as $key => $item){
85 foreach ($disallowed as $disallowed_key) {
86 unset($array[$key]["$disallowed_key"]);
87 }
88 }
89 syslog(LOG_NOTICE, "json_miscs: ".json_encode($array));
90 $sql .= "', json_miscs='" . json_encode($array);
91 }
92
93 if (isset($_POST['yeasts'])) {
94 $array = $_POST['yeasts'];
95 foreach($array as $key => $item){
96 foreach ($disallowed as $disallowed_key) {
97 unset($array[$key]["$disallowed_key"]);
98 }
99 }
100 syslog(LOG_NOTICE, "json_yeasts: ".json_encode($array));
101 $sql .= "', json_yeasts='" . json_encode($array);
102 }
103
104 if (isset($_POST['waters'])) {
105 $array = $_POST['waters'];
106 foreach($array as $key => $item){
107 foreach ($disallowed as $disallowed_key) {
108 unset($array[$key]["$disallowed_key"]);
109 }
110 }
111 syslog(LOG_NOTICE, "json_waters: ".json_encode($array));
112 $sql .= "', json_waters='" . json_encode($array);
113 }
114
115 if (isset($_POST['mashs'])) {
116 $array = $_POST['mashs'];
117 foreach($array as $key => $item){
118 foreach ($disallowed as $disallowed_key) {
119 unset($array[$key]["$disallowed_key"]);
120 }
121 }
122 syslog(LOG_NOTICE, "json_mashs: ".json_encode($array));
123 $sql .= "', json_mashs='" . json_encode($array);
124 }
125
126 if (isset($_POST['insert'])) {
81 $sql .= "';"; 127 $sql .= "';";
82 } 128 }
83 if (isset($_GET['update'])) { 129 if (isset($_POST['update'])) {
84 $sql .= "' WHERE record='" . $_GET['record'] . "';"; 130 $sql .= "' WHERE record='" . $_POST['record'] . "';";
85 } 131 }
86 // $result = mysqli_query($connect, $sql); 132
87 // if (! $result) {
88 // syslog(LOG_NOTICE, "db_recipes: ".$sql." result: ".mysqli_error($connect));
89 // } else {
90 // syslog(LOG_NOTICE, "db_recipes: inserted ".$_GET['name']);
91 // }
92 // echo $result;
93
94 } else if (isset($_GET['delete'])) {
95 // DELETE COMMAND
96 $sql = "DELETE FROM `recipes` WHERE record='".$_GET['record']."';";
97 $result = mysqli_query($connect, $sql); 133 $result = mysqli_query($connect, $sql);
98 if (! $result) { 134 if (! $result) {
99 syslog(LOG_NOTICE, "db_recipes: ".$sql." result: ".mysqli_error($connect)); 135 syslog(LOG_NOTICE, "db_recipes: ".$sql." result: ".mysqli_error($connect));
100 } else { 136 } else {
101 syslog(LOG_NOTICE, "db_recipes: deleted record ".$_GET['record']); 137 if (isset($_POST['update'])) {
138 syslog(LOG_NOTICE, "db_recipes: updated record ".$_POST['record']);
139 } else {
140 syslog(LOG_NOTICE, "db_recipes: inserted ".$_POST['name']);
141 }
142 }
143 echo $result;
144
145 } else if (isset($_POST['delete'])) {
146 // DELETE COMMAND
147 $sql = "DELETE FROM `recipes` WHERE record='".$_POST['record']."';";
148 $result = mysqli_query($connect, $sql);
149 if (! $result) {
150 syslog(LOG_NOTICE, "db_recipes: ".$sql." result: ".mysqli_error($connect));
151 } else {
152 syslog(LOG_NOTICE, "db_recipes: deleted record ".$_POST['record']);
102 } 153 }
103 echo $result; 154 echo $result;
104 155
105 } else { 156 } else {
106 // SELECT COMMAND 157 // SELECT COMMAND

Mercurial Repository: bms

mercurial