Mercurial > bms / file revision

www/includes/db_profile_mash.php@793af7691a5e

www/includes/db_profile_mash.php

Sat, 15 Dec 2018 21:27:01 +0100

author
Michiel Broek <mbroek@mbse.eu>
date
Sat, 15 Dec 2018 21:27:01 +0100
changeset 142
793af7691a5e
parent 120
b28a3d6143bc
child 213
b0d484a5525e
permissions
-rw-r--r--

During hops load an extra weight in grams field is generated for the grid. Edit the amount is done on the weight field and the amount field is updated too. During save to the database the extra field is removed.

<?php

require($_SERVER['DOCUMENT_ROOT']."/config.php");
require($_SERVER['DOCUMENT_ROOT']."/version.php");

#Connect to the database
$connect = mysqli_connect(DBASE_HOST, DBASE_USER, DBASE_PASS, DBASE_NAME);
if (! $connect) {
	die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}
mysqli_set_charset($connect, "utf8" );

$escapers = array("\\", "/", "\"", "\n", "\r", "\t", "\x08", "\x0c");
$replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b");
$rescapers = array("'");
$rreplacements = array("\\'");
$disallowed = array('visibleindex','uniqueid','boundindex','uid');

// get data and store in a json array
$query = "SELECT * FROM profile_mash ORDER BY name";
if (isset($_GET['insert']) || isset($_GET['update'])) {
	if (isset($_GET['insert'])) {
		$sql  = "INSERT INTO";
	}
	if (isset($_GET['update'])) {
		$sql  = "UPDATE";
	}
	$sql .= " `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_GET['name']);
	$sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']);
	$array = $_GET['steps'];
	foreach($array as $key => $item){
		foreach ($disallowed as $disallowed_key) {
			unset($array[$key]["$disallowed_key"]);
		}
	}
	$sql .= "', steps='" . str_replace($rescapers,$rreplacements,json_encode($array));
	if (isset($_GET['insert'])) {
		$sql .= "';";
	}
	if (isset($_GET['update'])) {
		$sql .= "' WHERE record='" . $_GET['record'] . "';";
	}
	$result = mysqli_query($connect, $sql);
	if (! $result) {
		syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect));
	} else {
		if (isset($_GET['update'])) {
			syslog(LOG_NOTICE, "db_profile_mash: updated record ".$_GET['record']);
		} else {
			$lastid = mysqli_insert_id($connect);
			syslog(LOG_NOTICE, "db_profile_mash: inserted record ".$lastid);
		}
	}
	echo $result;

} else if (isset($_GET['delete'])) {
	// DELETE COMMAND
	$sql = "DELETE FROM `profile_mash` WHERE record='".$_GET['record']."';";
	$result = mysqli_query($connect, $sql);
	if (! $result) {
		syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect));
	} else {
		syslog(LOG_NOTICE, "db_profile_mash: deleted record ".$_GET['record']);
	}
	echo $result;

} else {
	// SELECT COMMAND
	$result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect));
	$mashprofiles = '[';
	$comma = FALSE;
	while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
		// Manual encode to JSON.
		if ($comma) {
			$mashprofiles .= ',';
		}
		$comma = TRUE;
		$mashprofiles .= '{"record":' . $row['record'];
	        $mashprofiles .= ',"name":"'  . str_replace($escapers, $replacements, $row['name']);
		$mashprofiles .= '","notes":"' . str_replace($escapers, $replacements, $row['notes']);
		$mashprofiles .= '","steps":' . $row['steps'];
		$mashprofiles .= '}';
	}
	$mashprofiles .= ']';
	header("Content-type: application/json");
	echo $mashprofiles;
}
?>

Mercurial Repository: bms

mercurial