diff -r 63174cff2cc1 -r f0ec83e1e01f www/includes/db_inventory_yeasts.php
--- a/www/includes/db_inventory_yeasts.php	Wed Jan 23 19:43:55 2019 +0100
+++ b/www/includes/db_inventory_yeasts.php	Wed Jan 23 22:36:31 2019 +0100
@@ -11,74 +11,71 @@
 mysqli_set_charset($connect, "utf8" );
 
 // get data and store in a json array
-$query = "SELECT * FROM inventory_yeasts ORDER BY laboratory,product_id,name";
-if (isset($_GET['insert'])) {
-	// INSERT COMMAND
-	$sql  = "INSERT INTO `inventory_yeasts` SET name='" . mysqli_real_escape_string($connect, $_GET['name']);
-	$sql .= "', type='" . $_GET['type'];
-	$sql .= "', form='" . $_GET['form'];
-	$sql .= "', laboratory='" . mysqli_real_escape_string($connect, $_GET['laboratory']);
-	$sql .= "', product_id='" . mysqli_real_escape_string($connect, $_GET['product_id']);
-	$sql .= "', min_temperature='" . $_GET['min_temperature'];
-	$sql .= "', max_temperature='" . $_GET['max_temperature'];
-	$sql .= "', flocculation='" . $_GET['flocculation'];
-	$sql .= "', attenuation='" . $_GET['attenuation'];
-	$sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']);
-	$sql .= "', best_for='" . mysqli_real_escape_string($connect, $_GET['best_for']);
-	$sql .= "', max_reuse='" . $_GET['max_reuse'];
-	$sql .= "', inventory='" . floatval($_GET['inventory']) / 1000.0;
-	$sql .= "', cost='" . $_GET['cost'];
-	$sql .= "', production_date='" . $_GET['production_date'];
-	$sql .= "', tht_date='" . $_GET['tht_date'];
-	$sql .= "';";
+if (isset($_POST['insert']) || isset($_POST['update'])) {
+	if (isset($_POST['insert'])) {
+		$sql  = "INSERT INTO `inventory_yeasts` SET ";
+	}
+	if (isset($_POST['update'])) {
+		$sql  = "UPDATE `inventory_yeasts` SET ";
+	}
+
+	$sql .= "name='" . mysqli_real_escape_string($connect, $_POST['name']);
+	$sql .= "', type='" . $_POST['type'];
+	$sql .= "', form='" . $_POST['form'];
+	$sql .= "', laboratory='" . mysqli_real_escape_string($connect, $_POST['laboratory']);
+	$sql .= "', product_id='" . mysqli_real_escape_string($connect, $_POST['product_id']);
+	$sql .= "', min_temperature='" . $_POST['min_temperature'];
+	$sql .= "', max_temperature='" . $_POST['max_temperature'];
+	$sql .= "', flocculation='" . $_POST['flocculation'];
+	$sql .= "', attenuation='" . $_POST['attenuation'];
+	$sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']);
+	$sql .= "', best_for='" . mysqli_real_escape_string($connect, $_POST['best_for']);
+	$sql .= "', max_reuse='" . $_POST['max_reuse'];
+	$sql .= "', inventory='" . floatval($_POST['inventory']) / 1000.0;
+	$sql .= "', cost='" . $_POST['cost'] . "'";
+	if ($_POST['production_date'] == '')
+		$sql .= ", production_date=NULL";
+	else
+		$sql .= ", production_date='" . $_POST['production_date'] . "'";
+	if ($_POST['tht_date'] == '')
+		$sql .= ", tht_date=NULL";
+	else
+		$sql .= ", tht_date='" . $_POST['tht_date'] . "'";
+	if (isset($_POST['insert'])) {
+		$sql .= ";";
+	}
+	if (isset($_POST['update'])) {
+		$sql .= " WHERE record='" . $_POST['record'] . "';";
+	}
+	syslog(LOG_NOTICE, $sql);
+
 	$result = mysqli_query($connect, $sql);
 	if (! $result) {
 		syslog(LOG_NOTICE, "db_inventory_yeasts: ".$sql." result: ".mysqli_error($connect));
 	} else {
-		syslog(LOG_NOTICE, "db_inventory_yeasts: inserted ".$_GET['name']);
+		if (isset($_POST['update'])) {
+			syslog(LOG_NOTICE, "db_inventory_yeasts: updated record ".$_POST['record']);
+		} else {
+			$lastid = mysqli_insert_id($connect);
+			syslog(LOG_NOTICE, "db_inventory_yeasts: inserted record ".$lastid);
+		}
 	}
 	echo $result;
 
-} else if (isset($_GET['update'])) {
-	// UPDATE COMMAND
-	$sql  = "UPDATE `inventory_yeasts` SET name='" . mysqli_real_escape_string($connect, $_GET['name']);
-	$sql .= "', type='" . $_GET['type'];
-	$sql .= "', form='" . $_GET['form'];
-	$sql .= "', laboratory='" . mysqli_real_escape_string($connect, $_GET['laboratory']);
-	$sql .= "', product_id='" . mysqli_real_escape_string($connect, $_GET['product_id']);
-	$sql .= "', min_temperature='" . $_GET['min_temperature'];
-	$sql .= "', max_temperature='" . $_GET['max_temperature'];
-	$sql .= "', flocculation='" . $_GET['flocculation'];
-	$sql .= "', attenuation='" . $_GET['attenuation'];
-	$sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']);
-	$sql .= "', best_for='" . mysqli_real_escape_string($connect, $_GET['best_for']);
-	$sql .= "', max_reuse='" . $_GET['max_reuse'];
-	$sql .= "', inventory='" . floatval($_GET['inventory']) / 1000.0;
-	$sql .= "', cost='" . $_GET['cost'];
-	$sql .= "', production_date='" . $_GET['production_date'];
-	$sql .= "', tht_date='" . $_GET['tht_date'];
-	$sql .= "' WHERE record='" . $_GET['record'] . "';";
+} else if (isset($_POST['delete'])) {
+	// DELETE COMMAND
+	$sql = "DELETE FROM `inventory_yeasts` WHERE record='".$_POST['record']."';";
 	$result = mysqli_query($connect, $sql);
 	if (! $result) {
 		syslog(LOG_NOTICE, "db_inventory_yeasts: ".$sql." result: ".mysqli_error($connect));
 	} else {
-		syslog(LOG_NOTICE, "db_inventory_yeasts: updated record ".$_GET['record']);
-	}
-	echo $result;
-
-} else if (isset($_GET['delete'])) {
-	// DELETE COMMAND
-	$sql = "DELETE FROM `inventory_yeasts` WHERE record='".$_GET['record']."';";
-	$result = mysqli_query($connect, $sql);
-	if (! $result) {
-		syslog(LOG_NOTICE, "db_inventory_yeasts: ".$sql." result: ".mysqli_error($connect));
-	} else {
-		syslog(LOG_NOTICE, "db_inventory_yeasts: deleted record ".$_GET['record']);
+		syslog(LOG_NOTICE, "db_inventory_yeasts: deleted record ".$_POST['record']);
 	}
 	echo $result;
 
 } else {
 	// SELECT COMMAND
+	$query = "SELECT * FROM inventory_yeasts ORDER BY laboratory,product_id,name";
 	$result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect));
 	while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
 		$yeasts[] = array(