Mercurial > bms / file diff

--- a/www/includes/db_recipes.php	Sat Sep 22 15:02:43 2018 +0200
+++ b/www/includes/db_recipes.php	Sat Sep 22 19:14:02 2018 +0200
@@ -11,6 +11,8 @@
 
 $escapers = array("\\", "/", "\"", "\n", "\r", "\t", "\x08", "\x0c");
 $replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b");
+$rescapers = array("'");
+$rreplacements = array("\\'");
 $disallowed = array('visibleindex','uniqueid','boundindex','uid');
 
 // get data and store in a json array
@@ -64,8 +66,8 @@
 				unset($array[$key]["$disallowed_key"]);
 			}
 		}
-		syslog(LOG_NOTICE, "json_fermentables=: ".json_encode($array));
-		$sql .= "', json_fermentables='" . json_encode($array);
+		syslog(LOG_NOTICE, "json_fermentables=: ".str_replace($rescapers,$rreplacements,json_encode($array)));
+		$sql .= "', json_fermentables='" . str_replace($rescapers,$rreplacements,json_encode($array));
 	}
 
 	if (isset($_POST['hops'])) {
@@ -75,8 +77,8 @@
 				unset($array[$key]["$disallowed_key"]);
 			}
 		}
-		syslog(LOG_NOTICE, "json_hops: ".json_encode($array));
-		$sql .= "', json_hops='" . json_encode($array);
+		syslog(LOG_NOTICE, "json_hops: ".str_replace($rescapers,$rreplacements,json_encode($array)));
+		$sql .= "', json_hops='" . str_replace($rescapers,$rreplacements,json_encode($array));
 	}
 
 	if (isset($_POST['miscs'])) {
@@ -86,8 +88,8 @@
 				unset($array[$key]["$disallowed_key"]);
 			}
 		}
-		syslog(LOG_NOTICE, "json_miscs: ".json_encode($array));
-		$sql .= "', json_miscs='" . json_encode($array);
+		syslog(LOG_NOTICE, "json_miscs: ".str_replace($rescapers,$rreplacements,json_encode($array)));
+		$sql .= "', json_miscs='" . str_replace($rescapers,$rreplacements,json_encode($array));
 	}
 
 	if (isset($_POST['yeasts'])) {
@@ -97,8 +99,8 @@
 				unset($array[$key]["$disallowed_key"]);
 			}
 		}
-		syslog(LOG_NOTICE, "json_yeasts: ".json_encode($array));
-		$sql .= "', json_yeasts='" . json_encode($array);
+		syslog(LOG_NOTICE, "json_yeasts: ". str_replace($rescapers,$rreplacements,json_encode($array)));
+		$sql .= "', json_yeasts='" . str_replace($rescapers,$rreplacements,json_encode($array));
 	}
 
 	if (isset($_POST['waters'])) {
@@ -108,8 +110,8 @@
 				unset($array[$key]["$disallowed_key"]);
 			}
 		}
-		syslog(LOG_NOTICE, "json_waters: ".json_encode($array));
-		$sql .= "', json_waters='" . json_encode($array);
+		syslog(LOG_NOTICE, "json_waters: ".str_replace($rescapers,$rreplacements,json_encode($array)));
+		$sql .= "', json_waters='" . str_replace($rescapers,$rreplacements,json_encode($array));
 	}
 
 	if (isset($_POST['mashs'])) {
@@ -119,8 +121,8 @@
 				unset($array[$key]["$disallowed_key"]);
 			}
 		}
-		syslog(LOG_NOTICE, "json_mashs: ".json_encode($array));
-		$sql .= "', json_mashs='" . json_encode($array);
+		syslog(LOG_NOTICE, "json_mashs: ".str_replace($rescapers,$rreplacements,json_encode($array)));
+		$sql .= "', json_mashs='" . str_replace($rescapers,$rreplacements,json_encode($array));
 	}
 
 	if (isset($_POST['insert'])) {
@@ -132,7 +134,7 @@
 
 	$result = mysqli_query($connect, $sql);
 	if (! $result) {
-		syslog(LOG_NOTICE, "db_recipes: ".$sql." result: ".mysqli_error($connect));
+		syslog(LOG_NOTICE, "db_recipes: result: ".mysqli_error($connect));
 	} else {
 		if (isset($_POST['update'])) {
 			syslog(LOG_NOTICE, "db_recipes: updated record ".$_POST['record']);
@@ -147,7 +149,8 @@
 	$sql = "DELETE FROM `recipes` WHERE record='".$_POST['record']."';";
 	$result = mysqli_query($connect, $sql);
 	if (! $result) {
-		syslog(LOG_NOTICE, "db_recipes: ".$sql." result: ".mysqli_error($connect));
+//		syslog(LOG_NOTICE, "db_recipes: ".$sql." result: ".mysqli_error($connect));
+		syslog(LOG_NOTICE, "db_recipes: result: ".mysqli_error($connect));
 	} else {
 		syslog(LOG_NOTICE, "db_recipes: deleted record ".$_POST['record']);
 	}