--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/www/includes/db_profile_mash.php Wed Aug 29 17:10:31 2018 +0200 @@ -0,0 +1,74 @@ +<?php + +require($_SERVER['DOCUMENT_ROOT']."/config.php"); +require($_SERVER['DOCUMENT_ROOT']."/version.php"); + +#Connect to the database +$connect = mysqli_connect(DBASE_HOST, DBASE_USER, DBASE_PASS, DBASE_NAME); +if (! $connect) { + die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); +} + +// get data and store in a json array +$query = "SELECT * FROM profile_mash ORDER BY name"; +if (isset($_GET['insert'])) { + // INSERT COMMAND + $sql = "INSERT INTO `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); + $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); + $sql .= "', steps='" . json_encode($_GET['steps']); + $sql .= "';"; + $result = mysqli_query($connect, $sql); + if (! $result) { + syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); + } else { + syslog(LOG_NOTICE, "db_profile_mash: inserted ".$_GET['name']); + } + echo $result; + +} else if (isset($_GET['update'])) { + // UPDATE COMMAND + $sql = "UPDATE `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); + $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); + $sql .= "', steps='" . json_encode($_GET['steps']); + $sql .= "' WHERE record='" . $_GET['record'] . "';"; + $result = mysqli_query($connect, $sql); + if (! $result) { + syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); + } else { + syslog(LOG_NOTICE, "db_profile_mash: updated record ".$_GET['record']); + } + echo $result; + +} else if (isset($_GET['delete'])) { + // DELETE COMMAND + $sql = "DELETE FROM `profile_mash` WHERE record='".$_GET['record']."';"; + $result = mysqli_query($connect, $sql); + if (! $result) { + syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); + } else { + syslog(LOG_NOTICE, "db_profile_mash: deleted record ".$_GET['record']); + } + echo $result; + +} else { + // SELECT COMMAND + $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); + $mashprofiles = '['; + $comma = FALSE; + while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { + // Manual encode to JSON. + if ($comma) { + $mashprofiles .= ','; + } + $comma = TRUE; + $mashprofiles .= '{"record":' . $row['record']; + $mashprofiles .= ',"name":"' . $row['name']; + $mashprofiles .= '","notes":"' . $row['notes']; + $mashprofiles .= '","steps":' . $row['steps']; + $mashprofiles .= '}'; + } + $mashprofiles .= ']'; + header("Content-type: application/json"); + echo $mashprofiles; +} +?>