www/includes/db_profile_mash.php@b28a3d6143bc
www/includes/db_profile_mash.php
Wed, 05 Dec 2018 14:16:39 +0100
- author
- Michiel Broek <mbroek@mbse.eu>
- date
- Wed, 05 Dec 2018 14:16:39 +0100
- changeset 120
- b28a3d6143bc
- parent 77
- a9f8de2d7b2b
- child 213
- b0d484a5525e
- permissions
- -rw-r--r--
Screen layout changes.
<?php require($_SERVER['DOCUMENT_ROOT']."/config.php"); require($_SERVER['DOCUMENT_ROOT']."/version.php"); #Connect to the database $connect = mysqli_connect(DBASE_HOST, DBASE_USER, DBASE_PASS, DBASE_NAME); if (! $connect) { die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); } mysqli_set_charset($connect, "utf8" ); $escapers = array("\\", "/", "\"", "\n", "\r", "\t", "\x08", "\x0c"); $replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b"); $rescapers = array("'"); $rreplacements = array("\\'"); $disallowed = array('visibleindex','uniqueid','boundindex','uid'); // get data and store in a json array $query = "SELECT * FROM profile_mash ORDER BY name"; if (isset($_GET['insert']) || isset($_GET['update'])) { if (isset($_GET['insert'])) { $sql = "INSERT INTO"; } if (isset($_GET['update'])) { $sql = "UPDATE"; } $sql .= " `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); $array = $_GET['steps']; foreach($array as $key => $item){ foreach ($disallowed as $disallowed_key) { unset($array[$key]["$disallowed_key"]); } } $sql .= "', steps='" . str_replace($rescapers,$rreplacements,json_encode($array)); if (isset($_GET['insert'])) { $sql .= "';"; } if (isset($_GET['update'])) { $sql .= "' WHERE record='" . $_GET['record'] . "';"; } $result = mysqli_query($connect, $sql); if (! $result) { syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); } else { if (isset($_GET['update'])) { syslog(LOG_NOTICE, "db_profile_mash: updated record ".$_GET['record']); } else { $lastid = mysqli_insert_id($connect); syslog(LOG_NOTICE, "db_profile_mash: inserted record ".$lastid); } } echo $result; } else if (isset($_GET['delete'])) { // DELETE COMMAND $sql = "DELETE FROM `profile_mash` WHERE record='".$_GET['record']."';"; $result = mysqli_query($connect, $sql); if (! $result) { syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect)); } else { syslog(LOG_NOTICE, "db_profile_mash: deleted record ".$_GET['record']); } echo $result; } else { // SELECT COMMAND $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); $mashprofiles = '['; $comma = FALSE; while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { // Manual encode to JSON. if ($comma) { $mashprofiles .= ','; } $comma = TRUE; $mashprofiles .= '{"record":' . $row['record']; $mashprofiles .= ',"name":"' . str_replace($escapers, $replacements, $row['name']); $mashprofiles .= '","notes":"' . str_replace($escapers, $replacements, $row['notes']); $mashprofiles .= '","steps":' . $row['steps']; $mashprofiles .= '}'; } $mashprofiles .= ']'; header("Content-type: application/json"); echo $mashprofiles; } ?>
