Mercurial > bms / file diff

diff: www/includes/db_profile_styles.php

www/includes/db_profile_styles.php

changeset 217
318aab371497
parent 77
a9f8de2d7b2b
child 296
69fadd1aded2
--- a/www/includes/db_profile_styles.php	Sun Jan 27 17:39:53 2019 +0100
+++ b/www/includes/db_profile_styles.php	Sun Jan 27 20:40:24 2019 +0100
@@ -10,87 +10,70 @@
 }
 mysqli_set_charset($connect, "utf8" );
 
-// get data and store in a json array
-$query = "SELECT * FROM profile_styles ORDER BY style_guide,style_letter,name";
-if (isset($_GET['insert'])) {
-	// INSERT COMMAND
-	$sql  = "INSERT INTO `profile_styles` SET name='" . mysqli_real_escape_string($connect, $_GET['name']);
-	$sql .= "', category='" . mysqli_real_escape_string($connect, $_GET['category']);
-	$sql .= "', category_number='" . $_GET['category_number'];
-	$sql .= "', style_letter='" . mysqli_real_escape_string($connect, $_GET['style_letter']);
-	$sql .= "', style_guide='" . mysqli_real_escape_string($connect, $_GET['style_guide']);
-	$sql .= "', type='" . $_GET['type'];
-	$sql .= "', og_min='" . $_GET['og_min'];
-	$sql .= "', og_max='" . $_GET['og_max'];
-	$sql .= "', fg_min='" . $_GET['fg_min'];
-	$sql .= "', fg_max='" . $_GET['fg_max'];
-	$sql .= "', ibu_min='" . $_GET['ibu_min'];
-	$sql .= "', ibu_max='" . $_GET['ibu_max'];
-	$sql .= "', color_min='" . $_GET['color_min'];
-	$sql .= "', color_max='" . $_GET['color_max'];
-	$sql .= "', carb_min='" . $_GET['carb_min'];
-	$sql .= "', carb_max='" . $_GET['carb_max'];
-	$sql .= "', abv_min='" . $_GET['abv_min'];
-	$sql .= "', abv_max='" . $_GET['abv_max'];
-	$sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']);
-	$sql .= "', profile='" . mysqli_real_escape_string($connect, $_GET['profile']);
-	$sql .= "', ingredients='" . mysqli_real_escape_string($connect, $_GET['ingredients']);
-	$sql .= "', examples='" . mysqli_real_escape_string($connect, $_GET['examples']);
-	$sql .= "';";
+if (isset($_POST['insert']) || isset($_POST['update'])) {
+	if (isset($_POST['insert'])) {
+		$sql  = "INSERT INTO `profile_styles` SET ";
+	}
+	if (isset($_POST['update'])) {
+		$sql  = "UPDATE `profile_styles` SET ";
+	}
+
+	$sql .= "name='" . mysqli_real_escape_string($connect, $_POST['name']);
+	$sql .= "', category='" . mysqli_real_escape_string($connect, $_POST['category']);
+	$sql .= "', category_number='" . $_POST['category_number'];
+	$sql .= "', style_letter='" . mysqli_real_escape_string($connect, $_POST['style_letter']);
+	$sql .= "', style_guide='" . mysqli_real_escape_string($connect, $_POST['style_guide']);
+	$sql .= "', type='" . $_POST['type'];
+	$sql .= "', og_min='" . $_POST['og_min'];
+	$sql .= "', og_max='" . $_POST['og_max'];
+	$sql .= "', fg_min='" . $_POST['fg_min'];
+	$sql .= "', fg_max='" . $_POST['fg_max'];
+	$sql .= "', ibu_min='" . $_POST['ibu_min'];
+	$sql .= "', ibu_max='" . $_POST['ibu_max'];
+	$sql .= "', color_min='" . $_POST['color_min'];
+	$sql .= "', color_max='" . $_POST['color_max'];
+	$sql .= "', carb_min='" . $_POST['carb_min'];
+	$sql .= "', carb_max='" . $_POST['carb_max'];
+	$sql .= "', abv_min='" . $_POST['abv_min'];
+	$sql .= "', abv_max='" . $_POST['abv_max'];
+	$sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']);
+	$sql .= "', profile='" . mysqli_real_escape_string($connect, $_POST['profile']);
+	$sql .= "', ingredients='" . mysqli_real_escape_string($connect, $_POST['ingredients']);
+	$sql .= "', examples='" . mysqli_real_escape_string($connect, $_POST['examples']);
+	if (isset($_POST['insert'])) {
+		$sql .= "';";
+	}
+	if (isset($_POST['update'])) {
+		$sql .= "' WHERE record='" . $_POST['record'] . "';";
+	}
+
 	$result = mysqli_query($connect, $sql);
 	if (! $result) {
 		syslog(LOG_NOTICE, "db_profile_styles: ".$sql." result: ".mysqli_error($connect));
 	} else {
-		syslog(LOG_NOTICE, "db_profile_styles: inserted ".$_GET['name']);
+		if (isset($_POST['update'])) {
+			syslog(LOG_NOTICE, "db_profile_styles: updated record ".$_POST['record']);
+		} else {
+			$lastid = mysqli_insert_id($connect);
+			syslog(LOG_NOTICE, "db_profile_styles: inserted record ".$lastid);
+		}
 	}
 	echo $result;
 
-} else if (isset($_GET['update'])) {
-	// UPDATE COMMAND
-	$sql  = "UPDATE `profile_styles` SET name='" . mysqli_real_escape_string($connect, $_GET['name']);
-	$sql .= "', category='" . mysqli_real_escape_string($connect, $_GET['category']);
-	$sql .= "', category_number='" . $_GET['category_number'];
-	$sql .= "', style_letter='" . mysqli_real_escape_string($connect, $_GET['style_letter']);
-	$sql .= "', style_guide='" . mysqli_real_escape_string($connect, $_GET['style_guide']);
-	$sql .= "', type='" . $_GET['type'];
-	$sql .= "', og_min='" . $_GET['og_min'];
-	$sql .= "', og_max='" . $_GET['og_max'];
-	$sql .= "', fg_min='" . $_GET['fg_min'];
-	$sql .= "', fg_max='" . $_GET['fg_max'];
-	$sql .= "', ibu_min='" . $_GET['ibu_min'];
-	$sql .= "', ibu_max='" . $_GET['ibu_max'];
-	$sql .= "', color_min='" . $_GET['color_min'];
-	$sql .= "', color_max='" . $_GET['color_max'];
-	$sql .= "', carb_min='" . $_GET['carb_min'];
-	$sql .= "', carb_max='" . $_GET['carb_max'];
-	$sql .= "', abv_min='" . $_GET['abv_min'];
-	$sql .= "', abv_max='" . $_GET['abv_max'];
-	$sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']);
-	$sql .= "', profile='" . mysqli_real_escape_string($connect, $_GET['profile']);
-	$sql .= "', ingredients='" . mysqli_real_escape_string($connect, $_GET['ingredients']);
-	$sql .= "', examples='" . mysqli_real_escape_string($connect, $_GET['examples']);
-	$sql .= "' WHERE record='" . $_GET['record'] . "';";
+} else if (isset($_POST['delete'])) {
+	// DELETE COMMAND
+	$sql = "DELETE FROM `profile_styles` WHERE record='".$_POST['record']."';";
 	$result = mysqli_query($connect, $sql);
 	if (! $result) {
 		syslog(LOG_NOTICE, "db_profile_styles: ".$sql." result: ".mysqli_error($connect));
 	} else {
-		syslog(LOG_NOTICE, "db_profile_styles: updated record ".$_GET['record']);
-	}
-	echo $result;
-
-} else if (isset($_GET['delete'])) {
-	// DELETE COMMAND
-	$sql = "DELETE FROM `profile_styles` WHERE record='".$_GET['record']."';";
-	$result = mysqli_query($connect, $sql);
-	if (! $result) {
-		syslog(LOG_NOTICE, "db_profile_styles: ".$sql." result: ".mysqli_error($connect));
-	} else {
-		syslog(LOG_NOTICE, "db_profile_styles: deleted record ".$_GET['record']);
+		syslog(LOG_NOTICE, "db_profile_styles: deleted record ".$_POST['record']);
 	}
 	echo $result;
 
 } else {
 	// SELECT COMMAND
+	$query = "SELECT * FROM profile_styles ORDER BY style_guide,style_letter,name";
 	$result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect));
 	while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
 		$styles[] = array(

Mercurial Repository: bms

mercurial