--- a/www/includes/db_recipes.php Fri Aug 31 15:18:20 2018 +0200 +++ b/www/includes/db_recipes.php Sat Sep 01 22:24:09 2018 +0200 @@ -1,9 +1,9 @@ <?php -//require($_SERVER['DOCUMENT_ROOT']."/config.php"); -//require($_SERVER['DOCUMENT_ROOT']."/version.php"); -require("../config.php"); -require("../version.php"); +require($_SERVER['DOCUMENT_ROOT']."/config.php"); +require($_SERVER['DOCUMENT_ROOT']."/version.php"); +//require("../config.php"); +//require("../version.php"); #Connect to the database @@ -12,6 +12,9 @@ die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); } +$escapers = array("\\", "/", "\"", "\n", "\r", "\t", "\x08", "\x0c"); +$replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b"); + // get data and store in a json array $query = "SELECT * FROM recipes ORDER BY style_guide,style_letter,style_name,name"; if (isset($_GET['insert'])) { @@ -65,11 +68,11 @@ } $comma = TRUE; $recipes .= '{"record":' . $row['record']; - $recipes .= ',"style_guide":"' . $row['style_guide']; - $recipes .= '","style_letter":"' . $row['style_letter']; - $recipes .= '","style_name":"' . $row['style_name']; - $recipes .= '","name":"' . $row['name']; - $recipes .= '","notes":"' . $row['notes']; + $recipes .= ',"style_guide":"' . str_replace($escapers, $replacements, $row['style_guide']); + $recipes .= '","style_letter":"' . str_replace($escapers, $replacements, $row['style_letter']); + $recipes .= '","style_name":"' . str_replace($escapers, $replacements, $row['style_name']); + $recipes .= '","name":"' . str_replace($escapers, $replacements, $row['name']); + $recipes .= '","notes":"' . str_replace($escapers, $replacements, $row['notes']); $recipes .= '","type":"' . $row['type']; $recipes .= '","batch_size":' . floatval($row['batch_size']); $recipes .= ',"boil_time":' . floatval($row['boil_time']);