diff -r 2ac491548d8d -r 531d5458782f www/includes/db_inventory_hops.php --- a/www/includes/db_inventory_hops.php Tue Jan 22 20:27:45 2019 +0100 +++ b/www/includes/db_inventory_hops.php Tue Jan 22 22:46:58 2019 +0100 @@ -11,81 +11,74 @@ } mysqli_set_charset($connect, "utf8" ); -// get data and store in a json array -$query = "SELECT * FROM inventory_hops ORDER BY origin,name"; -if (isset($_GET['insert'])) { - // INSERT COMMAND - $sql = "INSERT INTO `inventory_hops` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); - $sql .= "', alpha='" . $_GET['alpha']; - $sql .= "', beta='" . $_GET['beta']; - $sql .= "', humulene='" . $_GET['humulene']; - $sql .= "', caryophyllene='" . $_GET['caryophyllene']; - $sql .= "', cohumulone='" . $_GET['cohumulone']; - $sql .= "', myrcene='" . $_GET['myrcene']; - $sql .= "', hsi='" . $_GET['hsi']; - $sql .= "', type='" . $_GET['type']; - $sql .= "', form='" . $_GET['form']; - $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); - $sql .= "', origin='" . mysqli_real_escape_string($connect, $_GET['origin']); - $sql .= "', substitutes='" . mysqli_real_escape_string($connect, $_GET['substitutes']); - ($_GET['always_on_stock'] == 'true') ? $sql .= "', always_on_stock='1" : $sql .= "', always_on_stock='0"; - $sql .= "', inventory='" . floatval($_GET['inventory']) / 1000.0; - $sql .= "', cost='" . $_GET['cost']; - $sql .= "', production_date='" . $_GET['production_date']; - $sql .= "', tht_date='" . $_GET['tht_date']; - $sql .= "', total_oil='" . $_GET['total_oil']; - $sql .= "';"; +if (isset($_POST['insert']) || isset($_POST['update'])) { + if (isset($_POST['insert'])) { + $sql = "INSERT INTO `inventory_hops` SET "; + } + if (isset($_POST['update'])) { + $sql = "UPDATE `inventory_hops` SET "; + } + + $sql .= "name='" . mysqli_real_escape_string($connect, $_POST['name']); + $sql .= "', alpha='" . $_POST['alpha']; + $sql .= "', beta='" . $_POST['beta']; + $sql .= "', humulene='" . $_POST['humulene']; + $sql .= "', caryophyllene='" . $_POST['caryophyllene']; + $sql .= "', cohumulone='" . $_POST['cohumulone']; + $sql .= "', myrcene='" . $_POST['myrcene']; + $sql .= "', hsi='" . $_POST['hsi']; + $sql .= "', type='" . $_POST['type']; + $sql .= "', form='" . $_POST['form']; + $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']); + $sql .= "', origin='" . mysqli_real_escape_string($connect, $_POST['origin']); + $sql .= "', substitutes='" . mysqli_real_escape_string($connect, $_POST['substitutes']); + ($_POST['always_on_stock'] == 'true') ? $sql .= "', always_on_stock='1" : $sql .= "', always_on_stock='0"; + $sql .= "', inventory='" . floatval($_POST['inventory']) / 1000.0; + $sql .= "', cost='" . $_POST['cost'] . "'"; + if ($_POST['production_date'] == '') + $sql .= ", production_date=NULL"; + else + $sql .= ", production_date='" . $_POST['production_date'] . "'"; + if ($_POST['tht_date'] == '') + $sql .= ", tht_date=NULL"; + else + $sql .= ", tht_date='" . $_POST['tht_date'] . "'"; + $sql .= ", total_oil='" . $_POST['total_oil']; + if (isset($_POST['insert'])) { + $sql .= "';"; + } + if (isset($_POST['update'])) { + $sql .= "' WHERE record='" . $_POST['record'] . "';"; + } + syslog(LOG_NOTICE, $sql); + $result = mysqli_query($connect, $sql); if (! $result) { syslog(LOG_NOTICE, "db_inventory_hops: ".$sql." result: ".mysqli_error($connect)); } else { - syslog(LOG_NOTICE, "db_inventory_hops: inserted ".$_GET['name']); + if (isset($_POST['update'])) { + syslog(LOG_NOTICE, "db_inventory_hops: updated record ".$_POST['record']); + } else { + $lastid = mysqli_insert_id($connect); + syslog(LOG_NOTICE, "db_inventory_hops: inserted record ".$lastid); + } } echo $result; -} else if (isset($_GET['update'])) { - // UPDATE COMMAND - $sql = "UPDATE `inventory_hops` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); - $sql .= "', alpha='" . $_GET['alpha']; - $sql .= "', beta='" . $_GET['beta']; - $sql .= "', humulene='" . $_GET['humulene']; - $sql .= "', caryophyllene='" . $_GET['caryophyllene']; - $sql .= "', cohumulone='" . $_GET['cohumulone']; - $sql .= "', myrcene='" . $_GET['myrcene']; - $sql .= "', hsi='" . $_GET['hsi']; - $sql .= "', type='" . $_GET['type']; - $sql .= "', form='" . $_GET['form']; - $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); - $sql .= "', origin='" . mysqli_real_escape_string($connect, $_GET['origin']); - $sql .= "', substitutes='" . mysqli_real_escape_string($connect, $_GET['substitutes']); - ($_GET['always_on_stock'] == 'true') ? $sql .= "', always_on_stock='1" : $sql .= "', always_on_stock='0"; - $sql .= "', inventory='" . floatval($_GET['inventory']) / 1000.0; - $sql .= "', cost='" . $_GET['cost']; - $sql .= "', production_date='" . $_GET['production_date']; - $sql .= "', tht_date='" . $_GET['tht_date']; - $sql .= "', total_oil='" . $_GET['total_oil']; - $sql .= "' WHERE record='" . $_GET['record'] . "';"; +} else if (isset($_POST['delete'])) { + // DELETE COMMAND + $sql = "DELETE FROM `inventory_hops` WHERE record='".$_POST['record']."';"; $result = mysqli_query($connect, $sql); if (! $result) { syslog(LOG_NOTICE, "db_inventory_hops: ".$sql." result: ".mysqli_error($connect)); } else { - syslog(LOG_NOTICE, "db_inventory_hops: updated record ".$_GET['record']); - } - echo $result; - -} else if (isset($_GET['delete'])) { - // DELETE COMMAND - $sql = "DELETE FROM `inventory_hops` WHERE record='".$_GET['record']."';"; - $result = mysqli_query($connect, $sql); - if (! $result) { - syslog(LOG_NOTICE, "db_inventory_hops: ".$sql." result: ".mysqli_error($connect)); - } else { - syslog(LOG_NOTICE, "db_inventory_hops: deleted record ".$_GET['record']); + syslog(LOG_NOTICE, "db_inventory_hops: deleted record ".$_POST['record']); } echo $result; } else { // SELECT COMMAND + $query = "SELECT * FROM inventory_hops ORDER BY origin,name"; $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $hops[] = array(