Fix escape single quotes

Fri, 01 Mar 2019 16:19:27 +0100

author
Michiel Broek <mbroek@mbse.eu>
date
Fri, 01 Mar 2019 16:19:27 +0100
changeset 305
bb55e065888a
parent 304
c0ca21cdd291
child 306
3435646b230e

Fix escape single quotes

www/prod_duplicate.php file | annotate | diff | comparison | revisions
www/prod_torecipe.php file | annotate | diff | comparison | revisions
www/rec_duplicate.php file | annotate | diff | comparison | revisions
www/rec_toproduct.php file | annotate | diff | comparison | revisions
--- a/www/prod_duplicate.php	Fri Mar 01 14:49:33 2019 +0100
+++ b/www/prod_duplicate.php	Fri Mar 01 16:19:27 2019 +0100
@@ -10,6 +10,9 @@
 	return 1;
 }
 
+$rescapers = array("'");
+$rreplacements = array("\\'");
+
 date_default_timezone_set('Europe/Amsterdam');
 if (isset($_GET["record"]))
 	$record = $_GET["record"];
@@ -197,11 +200,11 @@
 $sql .= "', prop3_volume='" . $row['prop3_volume'];
 $sql .= "', prop4_type='" . $row['prop4_type'];
 $sql .= "', prop4_volume='" . $row['prop4_volume'];
-$sql .= "', json_fermentables='" . $row['json_fermentables'];
-$sql .= "', json_hops='" . $row['json_hops'];
-$sql .= "', json_miscs='" . $row['json_miscs'];
-$sql .= "', json_yeasts='" . $row['json_yeasts'];
-$sql .= "', json_mashs='" . $row['json_mashs'];
+$sql .= "', json_fermentables='" . str_replace($rescapers,$rreplacements,$row['json_fermentables']);
+$sql .= "', json_hops='" . str_replace($rescapers,$rreplacements,$row['json_hops']);
+$sql .= "', json_miscs='" . str_replace($rescapers,$rreplacements,$row['json_miscs']);
+$sql .= "', json_yeasts='" . str_replace($rescapers,$rreplacements,$row['json_yeasts']);
+$sql .= "', json_mashs='" . str_replace($rescapers,$rreplacements,$row['json_mashs']);
 $sql .= "';";
 syslog(LOG_NOTICE, $sql);
 
--- a/www/prod_torecipe.php	Fri Mar 01 14:49:33 2019 +0100
+++ b/www/prod_torecipe.php	Fri Mar 01 16:19:27 2019 +0100
@@ -11,6 +11,9 @@
 	return 1;
 }
 
+$rescapers = array("'");
+$rreplacements = array("\\'");
+
 date_default_timezone_set('Europe/Amsterdam');
 if (isset($_GET["record"]))
 	$record = $_GET["record"];
@@ -91,11 +94,11 @@
 $sql .= "', wa_acid_name='" . $row['wa_acid_name'];
 $sql .= "', wa_acid_perc='" . $row['wa_acid_perc'];
 $sql .= "', wa_base_name='" . $row['wa_base_name'];
-$sql .= "', json_fermentables='" . $row['json_fermentables'];
-$sql .= "', json_hops='" . $row['json_hops'];
-$sql .= "', json_miscs='" . $row['json_miscs'];
-$sql .= "', json_yeasts='" . $row['json_yeasts'];
-$sql .= "', json_mashs='" . $row['json_mashs'];
+$sql .= "', json_fermentables='" . str_replace($rescapers,$rreplacements,$row['json_fermentables']);
+$sql .= "', json_hops='" . str_replace($rescapers,$rreplacements,$row['json_hops']);
+$sql .= "', json_miscs='" . str_replace($rescapers,$rreplacements,$row['json_miscs']);
+$sql .= "', json_yeasts='" . str_replace($rescapers,$rreplacements,$row['json_yeasts']);
+$sql .= "', json_mashs='" . str_replace($rescapers,$rreplacements,$row['json_mashs']);
 $sql .= "';";
 syslog(LOG_NOTICE, $sql);
 
--- a/www/rec_duplicate.php	Fri Mar 01 14:49:33 2019 +0100
+++ b/www/rec_duplicate.php	Fri Mar 01 16:19:27 2019 +0100
@@ -10,6 +10,9 @@
 	return 1;
 }
 
+$rescapers = array("'");
+$rreplacements = array("\\'");
+
 date_default_timezone_set('Europe/Amsterdam');
 if (isset($_GET["record"]))
 	$record = $_GET["record"];
@@ -90,11 +93,11 @@
 $sql .= "', wa_acid_name='" . $row['wa_acid_name'];
 $sql .= "', wa_acid_perc='" . $row['wa_acid_perc'];
 $sql .= "', wa_base_name='" . $row['wa_base_name'];
-$sql .= "', json_fermentables='" . $row['json_fermentables'];
-$sql .= "', json_hops='" . $row['json_hops'];
-$sql .= "', json_miscs='" . $row['json_miscs'];
-$sql .= "', json_yeasts='" . $row['json_yeasts'];
-$sql .= "', json_mashs='" . $row['json_mashs'];
+$sql .= "', json_fermentables='" . str_replace($rescapers,$rreplacements,$row['json_fermentables']);
+$sql .= "', json_hops='" . str_replace($rescapers,$rreplacements,$row['json_hops']);
+$sql .= "', json_miscs='" . str_replace($rescapers,$rreplacements,$row['json_miscs']);
+$sql .= "', json_yeasts='" . str_replace($rescapers,$rreplacements,$row['json_yeasts']);
+$sql .= "', json_mashs='" . str_replace($rescapers,$rreplacements,$row['json_mashs']);
 $sql .= "';";
 syslog(LOG_NOTICE, $sql);
 
--- a/www/rec_toproduct.php	Fri Mar 01 14:49:33 2019 +0100
+++ b/www/rec_toproduct.php	Fri Mar 01 16:19:27 2019 +0100
@@ -11,6 +11,9 @@
 	return 1;
 }
 
+$rescapers = array("'");
+$rreplacements = array("\\'");
+
 date_default_timezone_set('Europe/Amsterdam');
 if (isset($_GET["record"]))
 	$record = $_GET["record"];
@@ -133,11 +136,11 @@
 $sql .= "', wa_acid_name='" . $row['wa_acid_name'];
 $sql .= "', wa_acid_perc='" . $row['wa_acid_perc'];
 $sql .= "', wa_base_name='" . $row['wa_base_name'];
-$sql .= "', json_fermentables='" . $row['json_fermentables'];
-$sql .= "', json_hops='" . $row['json_hops'];
-$sql .= "', json_miscs='" . $row['json_miscs'];
-$sql .= "', json_yeasts='" . $row['json_yeasts'];
-$sql .= "', json_mashs='" . $row['json_mashs'];
+$sql .= "', json_fermentables='" . str_replace($rescapers,$rreplacements,$row['json_fermentables']);
+$sql .= "', json_hops='" . str_replace($rescapers,$rreplacements,$row['json_hops']);
+$sql .= "', json_miscs='" . str_replace($rescapers,$rreplacements,$row['json_miscs']);
+$sql .= "', json_yeasts='" . str_replace($rescapers,$rreplacements,$row['json_yeasts']);
+$sql .= "', json_mashs='" . str_replace($rescapers,$rreplacements,$row['json_mashs']);
 $sql .= "';";
 syslog(LOG_NOTICE, $sql);
 

mercurial