www/includes/db_profile_mash.php@531d5458782f
www/includes/db_profile_mash.php
Tue, 22 Jan 2019 22:46:58 +0100
- author
- Michiel Broek <mbroek@mbse.eu>
- date
- Tue, 22 Jan 2019 22:46:58 +0100
- changeset 196
- 531d5458782f
- parent 120
- b28a3d6143bc
- child 213
- b0d484a5525e
- permissions
- -rw-r--r--
Hops database bool to int types. Dropdown lists are using tables with indexes. Dropdown lists display in Dutch. Save and delete in the database now use POST instead of GET. Removed the useat field. Redesigned the web page. Code cleanup.
<?php require($_SERVER['DOCUMENT_ROOT']."/config.php"); require($_SERVER['DOCUMENT_ROOT']."/version.php"); #Connect to the database $connect = mysqli_connect(DBASE_HOST, DBASE_USER, DBASE_PASS, DBASE_NAME); if (! $connect) { die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); } mysqli_set_charset($connect, "utf8" ); $escapers = array("\\", "/", "\"", "\n", "\r", "\t", "\x08", "\x0c"); $replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b"); $rescapers = array("'"); $rreplacements = array("\\'"); $disallowed = array('visibleindex','uniqueid','boundindex','uid'); // get data and store in a json array $query = "SELECT * FROM profile_mash ORDER BY name"; if (isset($_GET['insert']) || isset($_GET['update'])) { if (isset($_GET['insert'])) { $sql = "INSERT INTO"; } if (isset($_GET['update'])) { $sql = "UPDATE"; } $sql .= " `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); $array = $_GET['steps']; foreach($array as $key => $item){ foreach ($disallowed as $disallowed_key) { unset($array[$key]["$disallowed_key"]); } } $sql .= "', steps='" . str_replace($rescapers,$rreplacements,json_encode($array)); if (isset($_GET['insert'])) { $sql .= "';"; } if (isset($_GET['update'])) { $sql .= "' WHERE record='" . $_GET['record'] . "';"; } $result = mysqli_query($connect, $sql); if (! $result) { syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); } else { if (isset($_GET['update'])) { syslog(LOG_NOTICE, "db_profile_mash: updated record ".$_GET['record']); } else { $lastid = mysqli_insert_id($connect); syslog(LOG_NOTICE, "db_profile_mash: inserted record ".$lastid); } } echo $result; } else if (isset($_GET['delete'])) { // DELETE COMMAND $sql = "DELETE FROM `profile_mash` WHERE record='".$_GET['record']."';"; $result = mysqli_query($connect, $sql); if (! $result) { syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); } else { syslog(LOG_NOTICE, "db_profile_mash: deleted record ".$_GET['record']); } echo $result; } else { // SELECT COMMAND $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); $mashprofiles = '['; $comma = FALSE; while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { // Manual encode to JSON. if ($comma) { $mashprofiles .= ','; } $comma = TRUE; $mashprofiles .= '{"record":' . $row['record']; $mashprofiles .= ',"name":"' . str_replace($escapers, $replacements, $row['name']); $mashprofiles .= '","notes":"' . str_replace($escapers, $replacements, $row['notes']); $mashprofiles .= '","steps":' . $row['steps']; $mashprofiles .= '}'; } $mashprofiles .= ']'; header("Content-type: application/json"); echo $mashprofiles; } ?>
