www/prod_torecipe.php

Fri, 01 Mar 2019 16:19:27 +0100

author
Michiel Broek <mbroek@mbse.eu>
date
Fri, 01 Mar 2019 16:19:27 +0100
changeset 305
bb55e065888a
parent 304
c0ca21cdd291
permissions
-rw-r--r--

Fix escape single quotes

<?php
require_once('config.php');


$link = mysqli_connect(DBASE_HOST,DBASE_USER,DBASE_PASS,DBASE_NAME);
if (! $link) {
	die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}
if (! mysqli_set_charset($link, "utf8" )) {
	echo "error";
	return 1;
}

$rescapers = array("'");
$rreplacements = array("\\'");

date_default_timezone_set('Europe/Amsterdam');
if (isset($_GET["record"]))
	$record = $_GET["record"];
else
	$record = 78;
$result = mysqli_query($link, "SELECT * FROM products WHERE record='".$record."'");
$row = mysqli_fetch_array($result);

/*
 * Make this duplicate a fresh product.
 */
$sql  = "INSERT INTO `recipes` SET ";
$sql .= "name='" . mysqli_real_escape_string($link, $row['name']) . ' [duplicate]';
$sql .= "', uuid='" . str_replace("\n", "", file_get_contents('/proc/sys/kernel/random/uuid'));
$sql .= "', notes='" . mysqli_real_escape_string($link, $row['notes']);
$sql .= "', locked='0";
$sql .= "', st_name='" . mysqli_real_escape_string($link, $row['st_name']);
$sql .= "', st_letter='" . mysqli_real_escape_string($link, $row['st_letter']);
$sql .= "', st_guide='" . mysqli_real_escape_string($link, $row['st_guide']);
$sql .= "', st_type='" . $row['st_type'];
$sql .= "', st_category='" . mysqli_real_escape_string($link, $row['st_category']);
$sql .= "', st_category_number='" . $row['st_category_number'];
$sql .= "', st_og_min='" . $row['st_og_min'];
$sql .= "', st_og_max='" . $row['st_og_max'];
$sql .= "', st_fg_min='" . $row['st_fg_min'];
$sql .= "', st_fg_max='" . $row['st_fg_max'];
$sql .= "', st_ibu_min='" . $row['st_ibu_min'];
$sql .= "', st_ibu_max='" . $row['st_ibu_max'];
$sql .= "', st_color_min='" . $row['st_color_min'];
$sql .= "', st_color_max='" . $row['st_color_max'];
$sql .= "', st_carb_min='" . $row['st_carb_min'];
$sql .= "', st_carb_max='" . $row['st_carb_max'];
$sql .= "', st_abv_min='" . $row['st_abv_min'];
$sql .= "', st_abv_max='" . $row['st_abv_max'];
$sql .= "', type='" . $row['type'];
$sql .= "', batch_size='" . $row['batch_size'];
$sql .= "', boil_size='" . $row['boil_size'];
$sql .= "', boil_time='" . $row['boil_time'];
$sql .= "', efficiency='" . $row['efficiency'];
$sql .= "', est_og='" . $row['est_og'];
$sql .= "', est_fg='0.000";
$sql .= "', est_abv='" . $row['est_abv'];
$sql .= "', est_carb='0";
$sql .= "', est_color='" . $row['est_color'];
$sql .= "', color_method='" . $row['color_method'];
$sql .= "', est_ibu='" . $row['est_ibu'];
$sql .= "', ibu_method='" . $row['ibu_method'];
$sql .= "', sparge_temp='" . $row['sparge_temp'];
$sql .= "', sparge_ph='" . $row['sparge_ph'];
$sql .= "', sparge_volume='" . $row['sparge_volume'];
$sql .= "', sparge_source='" . $row['sparge_source'];
$sql .= "', sparge_acid_type='" . $row['sparge_acid_type'];
$sql .= "', sparge_acid_perc='" . $row['sparge_acid_perc'];
$sql .= "', sparge_acid_amount='0";
$sql .= "', mash_ph='" . $row['mash_ph'];
$sql .= "', mash_name='" . mysqli_real_escape_string($link, $row['mash_name']);
$sql .= "', calc_acid='" . $row['calc_acid'];
$sql .= "', w1_name='" . mysqli_real_escape_string($link, $row['w1_name']);
$sql .= "', w1_amount='" . $row['w1_amount'];
$sql .= "', w1_calcium='" . $row['w1_calcium'];
$sql .= "', w1_sulfate='" . $row['w1_sulfate'];
$sql .= "', w1_chloride='" . $row['w1_chloride'];
$sql .= "', w1_sodium='" . $row['w1_sodium'];
$sql .= "', w1_magnesium='" . $row['w1_magnesium'];
$sql .= "', w1_total_alkalinity='" . $row['w1_total_alkalinity'];
$sql .= "', w1_ph='" . $row['w1_ph'];
$sql .= "', w1_cost='" . $row['w1_cost'];
$sql .= "', w2_name='" . mysqli_real_escape_string($link, $row['w2_name']);
$sql .= "', w2_amount='" . $row['w2_amount'];
$sql .= "', w2_calcium='" . $row['w2_calcium'];
$sql .= "', w2_sulfate='" . $row['w2_sulfate'];
$sql .= "', w2_chloride='" . $row['w2_chloride'];
$sql .= "', w2_sodium='" . $row['w2_sodium'];
$sql .= "', w2_magnesium='" . $row['w2_magnesium'];
$sql .= "', w2_total_alkalinity='" . $row['w2_total_alkalinity'];
$sql .= "', w2_ph='" . $row['w2_ph'];
$sql .= "', w2_cost='" . $row['w2_cost'];
$sql .= "', wa_acid_name='" . $row['wa_acid_name'];
$sql .= "', wa_acid_perc='" . $row['wa_acid_perc'];
$sql .= "', wa_base_name='" . $row['wa_base_name'];
$sql .= "', json_fermentables='" . str_replace($rescapers,$rreplacements,$row['json_fermentables']);
$sql .= "', json_hops='" . str_replace($rescapers,$rreplacements,$row['json_hops']);
$sql .= "', json_miscs='" . str_replace($rescapers,$rreplacements,$row['json_miscs']);
$sql .= "', json_yeasts='" . str_replace($rescapers,$rreplacements,$row['json_yeasts']);
$sql .= "', json_mashs='" . str_replace($rescapers,$rreplacements,$row['json_mashs']);
$sql .= "';";
syslog(LOG_NOTICE, $sql);

$result = mysqli_query($link, $sql);
if (! $result) {
	syslog(LOG_NOTICE, "db_recipes: result: ".mysqli_error($link));
} else {
	$lastid = mysqli_insert_id($link);
	syslog(LOG_NOTICE, "db_recipes: inserted record ".$lastid);
}
echo "<script>window.close();</script>";
exit;

mercurial