diff -r dbbe408108ea -r 3469979f83be www/includes/db_recipes.php --- a/www/includes/db_recipes.php Sat Sep 22 15:02:43 2018 +0200 +++ b/www/includes/db_recipes.php Sat Sep 22 19:14:02 2018 +0200 @@ -11,6 +11,8 @@ $escapers = array("\\", "/", "\"", "\n", "\r", "\t", "\x08", "\x0c"); $replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b"); +$rescapers = array("'"); +$rreplacements = array("\\'"); $disallowed = array('visibleindex','uniqueid','boundindex','uid'); // get data and store in a json array @@ -64,8 +66,8 @@ unset($array[$key]["$disallowed_key"]); } } - syslog(LOG_NOTICE, "json_fermentables=: ".json_encode($array)); - $sql .= "', json_fermentables='" . json_encode($array); + syslog(LOG_NOTICE, "json_fermentables=: ".str_replace($rescapers,$rreplacements,json_encode($array))); + $sql .= "', json_fermentables='" . str_replace($rescapers,$rreplacements,json_encode($array)); } if (isset($_POST['hops'])) { @@ -75,8 +77,8 @@ unset($array[$key]["$disallowed_key"]); } } - syslog(LOG_NOTICE, "json_hops: ".json_encode($array)); - $sql .= "', json_hops='" . json_encode($array); + syslog(LOG_NOTICE, "json_hops: ".str_replace($rescapers,$rreplacements,json_encode($array))); + $sql .= "', json_hops='" . str_replace($rescapers,$rreplacements,json_encode($array)); } if (isset($_POST['miscs'])) { @@ -86,8 +88,8 @@ unset($array[$key]["$disallowed_key"]); } } - syslog(LOG_NOTICE, "json_miscs: ".json_encode($array)); - $sql .= "', json_miscs='" . json_encode($array); + syslog(LOG_NOTICE, "json_miscs: ".str_replace($rescapers,$rreplacements,json_encode($array))); + $sql .= "', json_miscs='" . str_replace($rescapers,$rreplacements,json_encode($array)); } if (isset($_POST['yeasts'])) { @@ -97,8 +99,8 @@ unset($array[$key]["$disallowed_key"]); } } - syslog(LOG_NOTICE, "json_yeasts: ".json_encode($array)); - $sql .= "', json_yeasts='" . json_encode($array); + syslog(LOG_NOTICE, "json_yeasts: ". str_replace($rescapers,$rreplacements,json_encode($array))); + $sql .= "', json_yeasts='" . str_replace($rescapers,$rreplacements,json_encode($array)); } if (isset($_POST['waters'])) { @@ -108,8 +110,8 @@ unset($array[$key]["$disallowed_key"]); } } - syslog(LOG_NOTICE, "json_waters: ".json_encode($array)); - $sql .= "', json_waters='" . json_encode($array); + syslog(LOG_NOTICE, "json_waters: ".str_replace($rescapers,$rreplacements,json_encode($array))); + $sql .= "', json_waters='" . str_replace($rescapers,$rreplacements,json_encode($array)); } if (isset($_POST['mashs'])) { @@ -119,8 +121,8 @@ unset($array[$key]["$disallowed_key"]); } } - syslog(LOG_NOTICE, "json_mashs: ".json_encode($array)); - $sql .= "', json_mashs='" . json_encode($array); + syslog(LOG_NOTICE, "json_mashs: ".str_replace($rescapers,$rreplacements,json_encode($array))); + $sql .= "', json_mashs='" . str_replace($rescapers,$rreplacements,json_encode($array)); } if (isset($_POST['insert'])) { @@ -132,7 +134,7 @@ $result = mysqli_query($connect, $sql); if (! $result) { - syslog(LOG_NOTICE, "db_recipes: ".$sql." result: ".mysqli_error($connect)); + syslog(LOG_NOTICE, "db_recipes: result: ".mysqli_error($connect)); } else { if (isset($_POST['update'])) { syslog(LOG_NOTICE, "db_recipes: updated record ".$_POST['record']); @@ -147,7 +149,8 @@ $sql = "DELETE FROM `recipes` WHERE record='".$_POST['record']."';"; $result = mysqli_query($connect, $sql); if (! $result) { - syslog(LOG_NOTICE, "db_recipes: ".$sql." result: ".mysqli_error($connect)); +// syslog(LOG_NOTICE, "db_recipes: ".$sql." result: ".mysqli_error($connect)); + syslog(LOG_NOTICE, "db_recipes: result: ".mysqli_error($connect)); } else { syslog(LOG_NOTICE, "db_recipes: deleted record ".$_POST['record']); }