diff -r 982c9ae73e12 -r 4935e86b2775 www/includes/db_product.php --- a/www/includes/db_product.php Fri Nov 23 15:25:54 2018 +0100 +++ b/www/includes/db_product.php Wed Nov 28 21:57:06 2018 +0100 @@ -10,22 +10,12 @@ } mysqli_set_charset($connect, "utf8" ); -syslog(LOG_NOTICE, "db_product: start"); - -$escapers = array("\\", "/", "\"", "\n", "\r", "\t", "\x08", "\x0c"); -$replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b"); -$rescapers = array("'"); -$rreplacements = array("\\'"); -$disallowed = array('visibleindex','uniqueid','boundindex','uid'); - if (isset($_POST['insert']) || isset($_POST['update'])) { if (isset($_POST['insert'])) { - // INSERT COMMAND $sql = "INSERT INTO `prod_main` SET "; } if (isset($_POST['update'])) { - // UPDATE COMMAND $sql = "UPDATE `prod_main` SET "; } // Basic settings @@ -44,8 +34,17 @@ $sql .= "', eq_batch_size='" . $_POST['eq_batch_size']; $sql .= "', eq_tun_volume='" . $_POST['eq_tun_volume']; $sql .= "', eq_tun_weight='" . $_POST['eq_tun_weight']; - $sql .= "', eq_tun_specific_heat='" . $_POST['eq_tun_specific_heat']; - $sql .= "', eq_tun_material='" . $_POST['eq_tun_material']; + $material = mysqli_real_escape_string($connect, $_GET['tun_material']); + $sql .= "', eq_tun_material='" . $material; + if ($material == "RVS") { + $sql .= "', eq_tun_specific_heat='0.11"; + } else if ($material == "Aluminium") { + $sql .= "', eq_tun_specific_heat='0.22"; + } else if ($material == "Kunststof") { + $sql .= "', eq_tun_specific_heat='0.46"; + } else if ($material == "Koper") { + $sql .= "', eq_tun_specific_heat='0.092"; + } $sql .= "', eq_tun_height='" . $_POST['eq_tun_height']; $sql .= "', eq_top_up_water='" . $_POST['eq_top_up_water']; $sql .= "', eq_trub_chiller_loss='" . $_POST['eq_trub_chiller_loss']; @@ -105,23 +104,16 @@ if (isset($_GET['select']) && ($_GET['select'] == "inprod")) { $query = "SELECT record,name,code,birth,stage FROM prod_main WHERE stage != 'Closed' ORDER BY birth,code;"; $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); - $brews = '['; - $comma = FALSE; while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { - // Manual encode to JSON. - if ($comma) - $brews .= ','; - $comma = TRUE; - $brews .= '{"record":' . $row['record']; - $brews .= ',"name":"' . str_replace($escapers, $replacements, $row['name']); - $brews .= '","code":"' . str_replace($escapers, $replacements, $row['code']); - $brews .= '","birth":"' . str_replace($escapers, $replacements, $row['birth']); - $brews .= '","stage":"' . str_replace($escapers, $replacements, $row['stage']); - $brews .= '"}'; + $brews[] = array( + 'record' => $row['record'], + 'name' => $row['name'], + 'code' => $row['code'], + 'birth' => $row['birth'], + 'stage' => $row['stage'] + ); } - $brews .= ']'; - header("Content-type: application/json"); - echo $brews; + echo json_encode($brews); return; }