Mercurial > bms / file diff

--- a/www/includes/db_profile_mash.php	Fri Aug 31 15:18:20 2018 +0200
+++ b/www/includes/db_profile_mash.php	Sat Sep 01 22:24:09 2018 +0200
@@ -9,6 +9,9 @@
 	die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
 }
 
+$escapers = array("\\", "/", "\"", "\n", "\r", "\t", "\x08", "\x0c");
+$replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b");
+
 // get data and store in a json array
 $query = "SELECT * FROM profile_mash ORDER BY name";
 if (isset($_GET['insert'])) {
@@ -62,8 +65,8 @@
 		}
 		$comma = TRUE;
 		$mashprofiles .= '{"record":' . $row['record'];
-	        $mashprofiles .= ',"name":"'  . $row['name'];
-		$mashprofiles .= '","notes":"' . $row['notes'];
+	        $mashprofiles .= ',"name":"'  . str_replace($escapers, $replacements, $row['name']);
+		$mashprofiles .= '","notes":"' . str_replace($escapers, $replacements, $row['notes']);
 		$mashprofiles .= '","steps":' . $row['steps'];
 		$mashprofiles .= '}';
 	}