diff -r d202777ebae5 -r 2ac491548d8d www/includes/db_inventory_fermentables.php --- a/www/includes/db_inventory_fermentables.php Mon Jan 21 20:45:18 2019 +0100 +++ b/www/includes/db_inventory_fermentables.php Tue Jan 22 20:27:45 2019 +0100 @@ -12,90 +12,79 @@ mysqli_set_charset($connect, "utf8" ); // get data and store in a json array -$query = "SELECT * FROM inventory_fermentables ORDER BY supplier,name"; -if (isset($_GET['insert'])) { - // INSERT COMMAND - $sql = "INSERT INTO `inventory_fermentables` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); - $sql .= "', type='" . $_GET['type']; - $sql .= "', yield='" . $_GET['yield']; - $sql .= "', color='" . $_GET['color']; - ($_GET['add_after_boil'] == 'true') ? $sql .= "', add_after_boil='1" : $sql .= "', add_after_boil='0"; - $sql .= "', origin='" . mysqli_real_escape_string($connect, $_GET['origin']); - $sql .= "', supplier='" . mysqli_real_escape_string($connect, $_GET['supplier']); - $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); - $sql .= "', coarse_fine_diff='" . $_GET['coarse_fine_diff']; - $sql .= "', moisture='" . $_GET['moisture']; - $sql .= "', diastatic_power='" . $_GET['diastatic_power']; - $sql .= "', protein='" . $_GET['protein']; - $sql .= "', max_in_batch='" . $_GET['max_in_batch']; - ($_GET['recommend_mash'] == 'true') ? $sql .= "', recommend_mash='1" : $sql .= "', recommend_mash='0"; - $sql .= "', ibu_gal_per_lb='" . $_GET['ibu_gal_per_lb']; - ($_GET['always_on_stock'] == 'true') ? $sql .= "', always_on_stock='1" : $sql .= "', always_on_stock='0"; - $sql .= "', di_ph='" . $_GET['di_ph']; - $sql .= "', acid_to_ph_57='" . $_GET['acid_to_ph_57']; - $sql .= "', graintype='" . mysqli_real_escape_string($connect, $_GET['graintype']); - $sql .= "', inventory='" . $_GET['inventory']; - $sql .= "', cost='" . $_GET['cost']; - $sql .= "', production_date='" . $_GET['production_date']; - $sql .= "', tht_date='" . $_GET['tht_date']; - //$sql .= "', supplier_rec='" . $_GET['supplier_rec']; - $sql .= "';"; +if (isset($_POST['insert']) || isset($_POST['update'])) { + if (isset($_POST['insert'])) { + $sql = "INSERT INTO `inventory_fermentables` SET "; + } + if (isset($_POST['update'])) { + $sql = "UPDATE `inventory_fermentables` SET "; + } + + $sql .= "name='" . mysqli_real_escape_string($connect, $_POST['name']); + $sql .= "', type='" . $_POST['type']; + $sql .= "', yield='" . $_POST['yield']; + $sql .= "', color='" . $_POST['color']; + ($_POST['add_after_boil'] == 'true') ? $sql .= "', add_after_boil='1" : $sql .= "', add_after_boil='0"; + $sql .= "', origin='" . mysqli_real_escape_string($connect, $_POST['origin']); + $sql .= "', supplier='" . mysqli_real_escape_string($connect, $_POST['supplier']); + $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']); + $sql .= "', coarse_fine_diff='" . $_POST['coarse_fine_diff']; + $sql .= "', moisture='" . $_POST['moisture']; + $sql .= "', diastatic_power='" . $_POST['diastatic_power']; + $sql .= "', protein='" . $_POST['protein']; + $sql .= "', dissolved_protein='" . $_POST['dissolved_protein']; + $sql .= "', max_in_batch='" . $_POST['max_in_batch']; + ($_POST['recommend_mash'] == 'true') ? $sql .= "', recommend_mash='1" : $sql .= "', recommend_mash='0"; + $sql .= "', added='" . $_POST['added']; + ($_POST['always_on_stock'] == 'true') ? $sql .= "', always_on_stock='1" : $sql .= "', always_on_stock='0"; + $sql .= "', di_ph='" . $_POST['di_ph']; + $sql .= "', acid_to_ph_57='" . $_POST['acid_to_ph_57']; + $sql .= "', graintype='" . $_POST['graintype']; + $sql .= "', inventory='" . $_POST['inventory']; + $sql .= "', cost='" . $_POST['cost'] . "'"; + if ($_POST['production_date'] == '') + $sql .= ", production_date=NULL"; + else + $sql .= ", production_date='" . $_POST['production_date'] . "'"; + if ($_POST['tht_date'] == '') + $sql .= ", tht_date=NULL"; + else + $sql .= ", tht_date='" . $_POST['tht_date'] . "'"; + if (isset($_POST['insert'])) { + $sql .= ";"; + } + if (isset($_POST['update'])) { + $sql .= " WHERE record='" . $_POST['record'] . "';"; + } + syslog(LOG_NOTICE, $sql); + $result = mysqli_query($connect, $sql); if (! $result) { syslog(LOG_NOTICE, "db_inventory_fermentables: ".$sql." result: ".mysqli_error($connect)); } else { - syslog(LOG_NOTICE, "db_inventory_fermentables: inserted ".$_GET['name']); + if (isset($_POST['update'])) { + syslog(LOG_NOTICE, "db_inventory_fermentables: updated record ".$_POST['record']); + } else { + $lastid = mysqli_insert_id($connect); + syslog(LOG_NOTICE, "db_inventory_fermentables: inserted record ".$lastid); + } } echo $result; -} else if (isset($_GET['update'])) { - // UPDATE COMMAND - $sql = "UPDATE `inventory_fermentables` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); - $sql .= "', type='" . $_GET['type']; - $sql .= "', yield='" . $_GET['yield']; - $sql .= "', color='" . $_GET['color']; - ($_GET['add_after_boil'] == 'true') ? $sql .= "', add_after_boil='1" : $sql .= "', add_after_boil='0"; - $sql .= "', origin='" . mysqli_real_escape_string($connect, $_GET['origin']); - $sql .= "', supplier='" . mysqli_real_escape_string($connect, $_GET['supplier']); - $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); - $sql .= "', coarse_fine_diff='" . $_GET['coarse_fine_diff']; - $sql .= "', moisture='" . $_GET['moisture']; - $sql .= "', diastatic_power='" . $_GET['diastatic_power']; - $sql .= "', protein='" . $_GET['protein']; - $sql .= "', max_in_batch='" . $_GET['max_in_batch']; - ($_GET['recommend_mash'] == 'true') ? $sql .= "', recommend_mash='1" : $sql .= "', recommend_mash='0"; - $sql .= "', ibu_gal_per_lb='" . $_GET['ibu_gal_per_lb']; - ($_GET['always_on_stock'] == 'true') ? $sql .= "', always_on_stock='1" : $sql .= "', always_on_stock='0"; - $sql .= "', di_ph='" . $_GET['di_ph']; - $sql .= "', acid_to_ph_57='" . $_GET['acid_to_ph_57']; - $sql .= "', graintype='" . mysqli_real_escape_string($connect, $_GET['graintype']); - $sql .= "', inventory='" . $_GET['inventory']; - $sql .= "', cost='" . $_GET['cost']; - $sql .= "', production_date='" . $_GET['production_date']; - $sql .= "', tht_date='" . $_GET['tht_date']; - //$sql .= "', supplier_rec='" . $_GET['supplier_rec']; - $sql .= "' WHERE record='" . $_GET['record'] . "';"; +} else if (isset($_POST['delete'])) { + // DELETE COMMAND + $sql = "DELETE FROM `inventory_fermentables` WHERE record='".$_POST['record']."';"; $result = mysqli_query($connect, $sql); if (! $result) { syslog(LOG_NOTICE, "db_inventory_fermentables: ".$sql." result: ".mysqli_error($connect)); } else { - syslog(LOG_NOTICE, "db_inventory_fermentables: updated record ".$_GET['record']); - } - echo $result; - -} else if (isset($_GET['delete'])) { - // DELETE COMMAND - $sql = "DELETE FROM `inventory_fermentables` WHERE record='".$_GET['record']."';"; - $result = mysqli_query($connect, $sql); - if (! $result) { - syslog(LOG_NOTICE, "db_inventory_fermentables: ".$sql." result: ".mysqli_error($connect)); - } else { - syslog(LOG_NOTICE, "db_inventory_fermentables: deleted record ".$_GET['record']); + syslog(LOG_NOTICE, "db_inventory_fermentables: deleted record ".$_POST['record']); } echo $result; } else { // SELECT COMMAND + $query = "SELECT * FROM inventory_fermentables ORDER BY supplier,name"; $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $fermentables[] = array( @@ -112,9 +101,10 @@ 'moisture' => $row['moisture'], 'diastatic_power' => $row['diastatic_power'], 'protein' => $row['protein'], + 'dissolved_protein' => $row['dissolved_protein'], 'max_in_batch' => $row['max_in_batch'], 'recommend_mash' => $row['recommend_mash'], - 'ibu_gal_per_lb' => $row['ibu_gal_per_lb'], + 'added' => $row['added'], 'always_on_stock' => $row['always_on_stock'], 'di_ph' => $row['di_ph'], 'acid_to_ph_57' => $row['acid_to_ph_57'],