diff -r adda48f710cd -r b0d484a5525e www/includes/db_profile_mash.php
--- a/www/includes/db_profile_mash.php	Sat Jan 26 19:25:10 2019 +0100
+++ b/www/includes/db_profile_mash.php	Sat Jan 26 22:01:11 2019 +0100
@@ -16,36 +16,34 @@
 $rreplacements = array("\\'");
 $disallowed = array('visibleindex','uniqueid','boundindex','uid');
 
-// get data and store in a json array
-$query = "SELECT * FROM profile_mash ORDER BY name";
-if (isset($_GET['insert']) || isset($_GET['update'])) {
-	if (isset($_GET['insert'])) {
+if (isset($_POST['insert']) || isset($_POST['update'])) {
+	if (isset($_POST['insert'])) {
 		$sql  = "INSERT INTO";
 	}
-	if (isset($_GET['update'])) {
+	if (isset($_POST['update'])) {
 		$sql  = "UPDATE";
 	}
-	$sql .= " `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_GET['name']);
-	$sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']);
-	$array = $_GET['steps'];
+	$sql .= " `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_POST['name']);
+	$sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']);
+	$array = $_POST['steps'];
 	foreach($array as $key => $item){
 		foreach ($disallowed as $disallowed_key) {
 			unset($array[$key]["$disallowed_key"]);
 		}
 	}
 	$sql .= "', steps='" . str_replace($rescapers,$rreplacements,json_encode($array));
-	if (isset($_GET['insert'])) {
+	if (isset($_POST['insert'])) {
 		$sql .= "';";
 	}
-	if (isset($_GET['update'])) {
-		$sql .= "' WHERE record='" . $_GET['record'] . "';";
+	if (isset($_POST['update'])) {
+		$sql .= "' WHERE record='" . $_POST['record'] . "';";
 	}
 	$result = mysqli_query($connect, $sql);
 	if (! $result) {
 		syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect));
 	} else {
-		if (isset($_GET['update'])) {
-			syslog(LOG_NOTICE, "db_profile_mash: updated record ".$_GET['record']);
+		if (isset($_POST['update'])) {
+			syslog(LOG_NOTICE, "db_profile_mash: updated record ".$_POST['record']);
 		} else {
 			$lastid = mysqli_insert_id($connect);
 			syslog(LOG_NOTICE, "db_profile_mash: inserted record ".$lastid);
@@ -53,19 +51,20 @@
 	}
 	echo $result;
 
-} else if (isset($_GET['delete'])) {
+} else if (isset($_POST['delete'])) {
 	// DELETE COMMAND
-	$sql = "DELETE FROM `profile_mash` WHERE record='".$_GET['record']."';";
+	$sql = "DELETE FROM `profile_mash` WHERE record='".$_POST['record']."';";
 	$result = mysqli_query($connect, $sql);
 	if (! $result) {
 		syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect));
 	} else {
-		syslog(LOG_NOTICE, "db_profile_mash: deleted record ".$_GET['record']);
+		syslog(LOG_NOTICE, "db_profile_mash: deleted record ".$_POST['record']);
 	}
 	echo $result;
 
 } else {
 	// SELECT COMMAND
+	$query = "SELECT * FROM profile_mash ORDER BY name";
 	$result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect));
 	$mashprofiles = '[';
 	$comma = FALSE;