Mercurial > bms / file diff

--- a/www/includes/db_recipes.php	Fri Aug 31 15:18:20 2018 +0200
+++ b/www/includes/db_recipes.php	Sat Sep 01 22:24:09 2018 +0200
@@ -1,9 +1,9 @@
 <?php
 
-//require($_SERVER['DOCUMENT_ROOT']."/config.php");
-//require($_SERVER['DOCUMENT_ROOT']."/version.php");
-require("../config.php");
-require("../version.php");
+require($_SERVER['DOCUMENT_ROOT']."/config.php");
+require($_SERVER['DOCUMENT_ROOT']."/version.php");
+//require("../config.php");
+//require("../version.php");
 
 
 #Connect to the database
@@ -12,6 +12,9 @@
 	die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
 }
 
+$escapers = array("\\", "/", "\"", "\n", "\r", "\t", "\x08", "\x0c");
+$replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b");
+
 // get data and store in a json array
 $query = "SELECT * FROM recipes ORDER BY style_guide,style_letter,style_name,name";
 if (isset($_GET['insert'])) {
@@ -65,11 +68,11 @@
 		}
 		$comma = TRUE;
 		$recipes .= '{"record":' . $row['record'];
-		$recipes .=  ',"style_guide":"' . $row['style_guide'];
-		$recipes .= '","style_letter":"' . $row['style_letter'];
-		$recipes .= '","style_name":"'  . $row['style_name'];
-	        $recipes .= '","name":"' . $row['name'];
-		$recipes .= '","notes":"' . $row['notes'];
+		$recipes .=  ',"style_guide":"' . str_replace($escapers, $replacements, $row['style_guide']);
+		$recipes .= '","style_letter":"' . str_replace($escapers, $replacements, $row['style_letter']);
+		$recipes .= '","style_name":"'  . str_replace($escapers, $replacements, $row['style_name']);
+		$recipes .= '","name":"' . str_replace($escapers, $replacements, $row['name']);
+		$recipes .= '","notes":"' . str_replace($escapers, $replacements, $row['notes']);
 		$recipes .= '","type":"' . $row['type'];
 		$recipes .= '","batch_size":' . floatval($row['batch_size']);
 		$recipes .= ',"boil_time":' . floatval($row['boil_time']);