$id = getGetParam("id");
$userId = getGetParam("userId");
$name = getGetParam("name");
$numServings = getGetParam("numServings");
$notes = ereg_replace("\n", "|NL|", getGetParam("notes"));
$query = "UPDATE " . $recipeTable . " SET userId=" . $userId . ", name='" . $name . "', numServings=" . $numServings . ", notes='" . $notes . "'";
$query .= " WHERE id=" . $id;
$isUpdate = true;
//echo(str_replace("$1", $query, $genMessage));
//return;
break;
case "insertRecipe":
$userId = getGetParam("userId");
$name = getGetParam("name");
$numServings = getGetParam("numServings");
$notes = ereg_replace("\n", "|", getGetParam("notes"));
$query = "INSERT INTO " . $recipeTable . " (userId, name, numServings, notes) VALUES (" . $userId . ", '" . $name . "', '" . $numServings . "', '" . $notes . "')";
$isInsert = true;
break;
default:
echo str_replace("\$1", $queryType, $errorQueryType);
return;
}
/*
Execute the query
*/
$result = $conn->query($query);
if (!$result) {
echo str_replace("\$1", $conn->error, $errMessage);
return;
}
<?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
$conn = new mysqli("server", "username", "password", "database");
$queryType = htmlspecialchars($_GET["query"]);
function getGetParam($param)
{
return htmlspecialchars($_GET[$param]);
}
$msg = "";
switch ($queryType) {
case "adam":
$msg = ereg_replace("\n", "|", getGetParam("test"));
$msg .= "\r\n\r\n" . urlencode(str_replace("|", "\n", "one|two|three"));
break;
default:
$msg = "nobody knows the trouble i'm in...";
}
echo '"' . $msg . '"';
$query .= ", gramsPerCup=" . $gramsPerCup;
} else {
$query .= ", gramsPerCup=NULL";
}
$query .= " WHERE id=" . $id;
$isUpdate = true;
break;
case "deleteIngredient":
$id = getGetParam("id");
$query = "DELETE FROM " . $ingredientTable . " WHERE id=" . $id;
$isDelete = true;
break;
case "insertIngredient":
$name = getGetParam("name");
$measureType = getGetParam("measureType");
$gramsPerCup = $measureType === "weight" ? getGetParam("gramsPerCup") : NULL;
$query = "INSERT INTO " . $ingredientTable . " (name, measureType, gramsPerCup) VALUES ('" . $name . "', '" . $measureType . "'";
if (!is_null($gramsPerCup)) {
$query .= ", " . $gramsPerCup . ")";
} else {
$query .= ", NULL)";
}
$isInsert = true;
//echo(str_replace("$1", $query, $genMessage));
//return;
break;
default:
echo str_replace("\$1", $queryType, $errorQueryType);
return;
}
/*
Set up the connection to the database
*/
$conn = new mysqli("server", "username", "password", "database");
/*
Build the query
*/
$query = "";
$queryType = getGetParam("query");
$isSelect = false;
$isUpdate = false;
$isInsert = false;
$isDelete = false;
switch ($queryType) {
case "login":
$username = getGetParam("username");
$password = getGetParam("password");
$query = "SELECT id, username, isAdmin FROM " . $table . " WHERE username = '******' AND password = '******'";
$isSelect = true;
break;
default:
echo str_replace("\$1", $queryType, $errorQueryType);
return;
}
/*
Execute the query
*/
$result = $conn->query($query);
/*
Build out the data as JSON and echo it back
*/
if ($isSelect) {
$storeId = getGetParam("storeId");
$quantity = getGetParam("quantity");
$quantityType = getGetParam("quantityType");
$cost = getGetParam("cost");
$isOrganic = getGetParam("isOrganic");
$query = "UPDATE " . $table . " SET ingredientId=" . $ingredientId . ", storeId=" . $storeId . ", quantity=" . $quantity . ", quantityType='" . $quantityType . "', cost=" . $cost . ", isOrganic=" . $isOrganic;
$query .= " WHERE id=" . $id;
$isUpdate = true;
break;
case "insertStoreIngredient":
$ingredientId = getGetParam("ingredientId");
$storeId = getGetParam("storeId");
$quantity = getGetParam("quantity");
$quantityType = getGetParam("quantityType");
$cost = getGetParam("cost");
$isOrganic = getGetParam("isOrganic");
$query = "INSERT INTO " . $table . " (ingredientId, storeId, quantity, quantityType, cost, isOrganic)";
$query .= " VALUES (" . $ingredientId . ", " . $storeId . ", " . $quantity . ", '" . $quantityType . "', " . $cost . ", " . $isOrganic . ")";
$isInsert = true;
break;
default:
echo str_replace("\$1", $queryType, $errorQueryType);
return;
}
/*
Execute the query
*/
$result = $conn->query($query);
if (!$result) {
echo str_replace("\$1", $conn->error, $errMessage);
return;
case "getAllRecipeIngredients":
$recipeId = getGetParam("recipeId");
$query = "SELECT t1.id, t1.ingredientId, t2.name, t2.gramsPerCup, t1.recipeId, t1.storeIngredientId, t3.quantity, t3.quantityType, t3.cost, t1.wholeAmount, t1.partialAmount, t1.measurementType";
$query .= " FROM " . $table . " t1";
$query .= " LEFT JOIN pmr_ingredient t2 ON t2.id = t1.ingredientId";
$query .= " LEFT JOIN pmr_store_ingredient t3 ON t3.id = t1.storeIngredientId";
$query .= " WHERE t1.recipeId = " . $recipeId;
$isSelect = true;
break;
case "insertRecipeIngredient":
$ingredientId = getGetParam("ingredientId");
$recipeId = getGetParam("recipeId");
$storeIngredientId = getGetParam("storeIngredientId");
$wholeAmount = getGetParam("wholeAmount");
$partialAmount = getGetParam("partialAmount");
$measurementType = getGetParam("measurementType");
$query = "INSERT INTO " . $table . " (ingredientId, recipeId, storeIngredientId, wholeAmount, partialAmount, measurementType)";
$query .= " VALUES (" . $ingredientId . ", " . $recipeId . ", " . $storeIngredientId . ", " . $wholeAmount . ", '" . $partialAmount . "', '" . $measurementType . "')";
$isInsert = true;
break;
default:
echo str_replace("\$1", $queryType, $errorQueryType);
return;
}
/*
Execute the query
*/
$result = $conn->query($query);
if (!$result) {
echo str_replace("\$1", $conn->error, $errMessage);
return;