- Prevent error 500s when existing data can't be cleanly re-inserted to database

- Full support for asset_uri_2
2026-04-18 02:25:40 +00:00 · 2026-04-04 10:52:32 +01:00
parent 9389f2cc91
commit 0ae4c2fac9
2 changed files with 24 additions and 17 deletions
--- a/api/v1/assets/asset_model.php
+++ b/api/v1/assets/asset_model.php
@@ -4,7 +4,7 @@
 if (isset($_POST['asset_name'])) {
    $name = sanitizeInput($_POST['asset_name']);
 } elseif (isset($asset_row) && isset($asset_row['asset_name'])) {
-    $name = $asset_row['asset_name'];
+    $name = mysqli_real_escape_string($mysqli, $asset_row['asset_name']);
 } else {
    $name = '';
 }
@@ -12,7 +12,7 @@ if (isset($_POST['asset_name'])) {
 if (isset($_POST['asset_description'])) {
    $description = sanitizeInput($_POST['asset_description']);
 } elseif (isset($asset_row) && isset($asset_row['asset_description'])) {
-    $description = $asset_row['asset_description'];
+    $description = mysqli_real_escape_string($mysqli, $asset_row['asset_description']);
 } else {
    $description = '';
 }
@@ -20,7 +20,7 @@ if (isset($_POST['asset_description'])) {
 if (isset($_POST['asset_type'])) {
    $type = sanitizeInput($_POST['asset_type']);
 } elseif (isset($asset_row) && isset($asset_row['asset_type'])) {
-    $type = $asset_row['asset_type'];
+    $type = mysqli_real_escape_string($mysqli, $asset_row['asset_type']);
 } else {
    $type = '';
 }
@@ -28,14 +28,14 @@ if (isset($_POST['asset_type'])) {
 if (isset($_POST['asset_make'])) {
    $make = sanitizeInput($_POST['asset_make']);
 } elseif (isset($asset_row) && isset($asset_row['asset_make'])) {
-    $make = $asset_row['asset_make'];
+    $make = mysqli_real_escape_string($mysqli, $asset_row['asset_make']);
 } else {
    $make = '';
 }
 if (isset($_POST['asset_model'])) {
    $model = sanitizeInput($_POST['asset_model']);
 } elseif (isset($asset_row) && isset($asset_row['asset_model'])) {
-    $model = $asset_row['asset_model'];
+    $model = mysqli_real_escape_string($mysqli, $asset_row['asset_model']);
 } else {
    $model = '';
 }
@@ -43,7 +43,7 @@ if (isset($_POST['asset_model'])) {
 if (isset($_POST['asset_serial'])) {
    $serial = sanitizeInput($_POST['asset_serial']);
 } elseif (isset($asset_row) && isset($asset_row['asset_serial'])) {
-    $serial = $asset_row['asset_serial'];
+    $serial = mysqli_real_escape_string($mysqli, $asset_row['asset_serial']);
 } else {
    $serial = '';
 }
@@ -51,7 +51,7 @@ if (isset($_POST['asset_serial'])) {
 if (isset($_POST['asset_os'])) {
    $os = sanitizeInput($_POST['asset_os']);
 } elseif (isset($asset_row) && isset($asset_row['asset_os'])) {
-    $os = $asset_row['asset_os'];
+    $os = mysqli_real_escape_string($mysqli, $asset_row['asset_os']);
 } else {
    $os = '';
 }
@@ -59,7 +59,7 @@ if (isset($_POST['asset_os'])) {
 if (isset($_POST['asset_ip'])) {
    $ip = sanitizeInput($_POST['asset_ip']);
 } elseif (isset($asset_row) && isset($asset_row['interface_ip'])) {
-    $ip = $asset_row['interface_ip'];
+    $ip = mysqli_real_escape_string($mysqli, $asset_row['interface_ip']);
 } else {
    $ip = '';
 }
@@ -67,7 +67,7 @@ if (isset($_POST['asset_ip'])) {
 if (isset($_POST['asset_mac'])) {
    $mac = sanitizeInput($_POST['asset_mac']);
 } elseif (isset($asset_row) && isset($asset_row['interface_mac'])) {
-    $mac = $asset_row['interface_mac'];
+    $mac = mysqli_real_escape_string($mysqli, $asset_row['interface_mac']);
 } else {
    $mac = '';
 }
@@ -75,15 +75,23 @@ if (isset($_POST['asset_mac'])) {
 if (isset($_POST['asset_uri'])) {
    $uri = sanitizeInput($_POST['asset_uri']);
 } elseif (isset($asset_row) && isset($asset_row['asset_uri'])) {
-    $uri = $asset_row['asset_uri'];
+    $uri = mysqli_real_escape_string($mysqli, $asset_row['asset_uri']);
 } else {
    $uri = '';
 }

+if (isset($_POST['asset_uri_2'])) {
+    $uri_2 = sanitizeInput($_POST['asset_uri_2']);
+} elseif (isset($asset_row) && isset($asset_row['asset_uri_2'])) {
+    $uri_2 = mysqli_real_escape_string($mysqli, $asset_row['asset_uri_2']);
+} else {
+    $uri_2 = '';
+}
+
 if (isset($_POST['asset_status'])) {
    $status = sanitizeInput($_POST['asset_status']);
 } elseif (isset($asset_row) && isset($asset_row['asset_status'])) {
-    $status = $asset_row['asset_status'];
+    $status = mysqli_real_escape_string($mysqli, $asset_row['asset_status']);
 } else {
    $status = '';
 }
@@ -91,7 +99,7 @@ if (isset($_POST['asset_status'])) {
 if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'])) {
    $purchase_date = "'" . sanitizeInput($_POST['asset_purchase_date']) . "'";
 } elseif (isset($asset_row) && isset($asset_row['asset_purchase_date'])) {
-    $purchase_date = "'" . $asset_row['asset_purchase_date'] . "'";
+    $purchase_date = "'" . mysqli_real_escape_string($mysqli, $asset_row['asset_purchase_date']) . "'";
 } else {
    $purchase_date = "NULL";
 }
@@ -99,7 +107,7 @@ if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date']
 if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) {
    $warranty_expire = "'" . sanitizeInput($_POST['asset_warranty_expire']) . "'";
 } elseif (isset($asset_row) && isset($asset_row['asset_warranty_expire'])) {
-    $warranty_expire = "'" . $asset_row['asset_warranty_expire'] . "'";
+    $warranty_expire = "'" . mysqli_real_escape_string($mysqli, $asset_row['asset_warranty_expire']) . "'";
 } else {
    $warranty_expire = "NULL";
 }
@@ -107,7 +115,7 @@ if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expi
 if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) {
    $install_date = "'" . sanitizeInput($_POST['asset_install_date']) . "'";
 } elseif (isset($asset_row) && isset($asset_row['asset_install_date'])) {
-    $install_date = "'" . $asset_row['asset_install_date'] . "'";
+    $install_date = "'" . mysqli_real_escape_string($mysqli, $asset_row['asset_install_date']) . "'";
 } else {
    $install_date = "NULL";
 }
@@ -115,7 +123,7 @@ if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date']))
 if (isset($_POST['asset_notes'])) {
    $notes = sanitizeInput($_POST['asset_notes']);
 } elseif (isset($asset_row) && isset($asset_row['asset_notes'])) {
-    $notes = $asset_row['asset_notes'];
+    $notes = mysqli_real_escape_string($mysqli, $asset_row['asset_notes']);
 } else {
    $notes = '';
 }
--- a/api/v1/assets/update.php
+++ b/api/v1/assets/update.php
@@ -18,8 +18,7 @@ if (!empty($asset_id)) {
    // Variable assignment from POST - assigning the current database value if a value is not provided
    require_once 'asset_model.php';

-
-    $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes' WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1");
+    $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_uri_2 = '$uri_2', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes' WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1");

    // Check insert & get insert ID
    if ($update_sql) {