diff -r 3ced4934e230 -r 63d0e40c58b9 www/includes/db_profile_water.php --- a/www/includes/db_profile_water.php Sat Jan 26 15:05:27 2019 +0100 +++ b/www/includes/db_profile_water.php Sat Jan 26 19:24:36 2019 +0100 @@ -10,63 +10,59 @@ } mysqli_set_charset($connect, "utf8" ); -// get data and store in a json array -$query = "SELECT * FROM profile_water ORDER BY name"; -if (isset($_GET['insert'])) { - // INSERT COMMAND - $sql = "INSERT INTO `profile_water` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); - $sql .= "', calcium='" . $_GET['calcium']; - $sql .= "', bicarbonate='" . $_GET['bicarbonate']; - $sql .= "', sulfate='" . $_GET['sulfate']; - $sql .= "', chloride='" . $_GET['chloride']; - $sql .= "', sodium='" . $_GET['sodium']; - $sql .= "', magnesium='" . $_GET['magnesium']; - $sql .= "', ph='" . $_GET['ph']; - $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); - $sql .= "', total_alkalinity='" . $_GET['total_alkalinity']; - $sql .= "';"; +if (isset($_POST['insert']) || isset($_POST['update'])) { + if (isset($_POST['insert'])) { + $sql = "INSERT INTO `profile_water` SET "; + } + if (isset($_POST['update'])) { + $sql = "UPDATE `profile_water` SET "; + } + + $sql .= "name='" . mysqli_real_escape_string($connect, $_POST['name']); + $sql .= "', calcium='" . $_POST['calcium']; + $sql .= "', bicarbonate='" . $_POST['bicarbonate']; + $sql .= "', sulfate='" . $_POST['sulfate']; + $sql .= "', chloride='" . $_POST['chloride']; + $sql .= "', sodium='" . $_POST['sodium']; + $sql .= "', magnesium='" . $_POST['magnesium']; + $sql .= "', ph='" . $_POST['ph']; + $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']); + $sql .= "', total_alkalinity='" . $_POST['total_alkalinity']; + if (isset($_POST['insert'])) { + $sql .= "';"; + } + if (isset($_POST['update'])) { + $sql .= "' WHERE record='" . $_POST['record'] . "';"; + } + syslog(LOG_NOTICE, $sql); + $result = mysqli_query($connect, $sql); if (! $result) { syslog(LOG_NOTICE, "db_profile_water: ".$sql." result: ".mysqli_error($connect)); } else { - syslog(LOG_NOTICE, "db_profile_water: inserted ".$_GET['name']); + if (isset($_POST['update'])) { + syslog(LOG_NOTICE, "db_profile_water: updated record ".$_POST['record']); + } else { + $lastid = mysqli_insert_id($connect); + syslog(LOG_NOTICE, "db_profile_water: inserted record ".$lastid); + } } echo $result; -} else if (isset($_GET['update'])) { - // UPDATE COMMAND - $sql = "UPDATE `profile_water` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); - $sql .= "', calcium='" . $_GET['calcium']; - $sql .= "', bicarbonate='" . $_GET['bicarbonate']; - $sql .= "', sulfate='" . $_GET['sulfate']; - $sql .= "', chloride='" . $_GET['chloride']; - $sql .= "', sodium='" . $_GET['sodium']; - $sql .= "', magnesium='" . $_GET['magnesium']; - $sql .= "', ph='" . $_GET['ph']; - $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); - $sql .= "', total_alkalinity='" . $_GET['total_alkalinity']; - $sql .= "' WHERE record='" . $_GET['record'] . "';"; +} else if (isset($_POST['delete'])) { + // DELETE COMMAND + $sql = "DELETE FROM `profile_water` WHERE record='".$_POST['record']."';"; $result = mysqli_query($connect, $sql); if (! $result) { syslog(LOG_NOTICE, "db_profile_water: ".$sql." result: ".mysqli_error($connect)); } else { - syslog(LOG_NOTICE, "db_profile_water: updated record ".$_GET['record']); - } - echo $result; - -} else if (isset($_GET['delete'])) { - // DELETE COMMAND - $sql = "DELETE FROM `profile_water` WHERE record='".$_GET['record']."';"; - $result = mysqli_query($connect, $sql); - if (! $result) { - syslog(LOG_NOTICE, "db_profile_water: ".$sql." result: ".mysqli_error($connect)); - } else { - syslog(LOG_NOTICE, "db_profile_water: deleted record ".$_GET['record']); + syslog(LOG_NOTICE, "db_profile_water: deleted record ".$_POST['record']); } echo $result; } else { // SELECT COMMAND + $query = "SELECT * FROM profile_water ORDER BY name"; $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $waters[] = array(