From 0ae4c2fac9c7f40e2d73d47fb8d83aeaa4671fec Mon Sep 17 00:00:00 2001 From: wrongecho Date: Sat, 4 Apr 2026 10:52:32 +0100 Subject: [PATCH] - Prevent error 500s when existing data can't be cleanly re-inserted to database - Full support for asset_uri_2 --- api/v1/assets/asset_model.php | 38 +++++++++++++++++++++-------------- api/v1/assets/update.php | 3 +-- 2 files changed, 24 insertions(+), 17 deletions(-) diff --git a/api/v1/assets/asset_model.php b/api/v1/assets/asset_model.php index b17db3aa..60c90081 100644 --- a/api/v1/assets/asset_model.php +++ b/api/v1/assets/asset_model.php @@ -4,7 +4,7 @@ if (isset($_POST['asset_name'])) { $name = sanitizeInput($_POST['asset_name']); } elseif (isset($asset_row) && isset($asset_row['asset_name'])) { - $name = $asset_row['asset_name']; + $name = mysqli_real_escape_string($mysqli, $asset_row['asset_name']); } else { $name = ''; } @@ -12,7 +12,7 @@ if (isset($_POST['asset_name'])) { if (isset($_POST['asset_description'])) { $description = sanitizeInput($_POST['asset_description']); } elseif (isset($asset_row) && isset($asset_row['asset_description'])) { - $description = $asset_row['asset_description']; + $description = mysqli_real_escape_string($mysqli, $asset_row['asset_description']); } else { $description = ''; } @@ -20,7 +20,7 @@ if (isset($_POST['asset_description'])) { if (isset($_POST['asset_type'])) { $type = sanitizeInput($_POST['asset_type']); } elseif (isset($asset_row) && isset($asset_row['asset_type'])) { - $type = $asset_row['asset_type']; + $type = mysqli_real_escape_string($mysqli, $asset_row['asset_type']); } else { $type = ''; } @@ -28,14 +28,14 @@ if (isset($_POST['asset_type'])) { if (isset($_POST['asset_make'])) { $make = sanitizeInput($_POST['asset_make']); } elseif (isset($asset_row) && isset($asset_row['asset_make'])) { - $make = $asset_row['asset_make']; + $make = mysqli_real_escape_string($mysqli, $asset_row['asset_make']); } else { $make = ''; } if (isset($_POST['asset_model'])) { $model = sanitizeInput($_POST['asset_model']); } elseif (isset($asset_row) && isset($asset_row['asset_model'])) { - $model = $asset_row['asset_model']; + $model = mysqli_real_escape_string($mysqli, $asset_row['asset_model']); } else { $model = ''; } @@ -43,7 +43,7 @@ if (isset($_POST['asset_model'])) { if (isset($_POST['asset_serial'])) { $serial = sanitizeInput($_POST['asset_serial']); } elseif (isset($asset_row) && isset($asset_row['asset_serial'])) { - $serial = $asset_row['asset_serial']; + $serial = mysqli_real_escape_string($mysqli, $asset_row['asset_serial']); } else { $serial = ''; } @@ -51,7 +51,7 @@ if (isset($_POST['asset_serial'])) { if (isset($_POST['asset_os'])) { $os = sanitizeInput($_POST['asset_os']); } elseif (isset($asset_row) && isset($asset_row['asset_os'])) { - $os = $asset_row['asset_os']; + $os = mysqli_real_escape_string($mysqli, $asset_row['asset_os']); } else { $os = ''; } @@ -59,7 +59,7 @@ if (isset($_POST['asset_os'])) { if (isset($_POST['asset_ip'])) { $ip = sanitizeInput($_POST['asset_ip']); } elseif (isset($asset_row) && isset($asset_row['interface_ip'])) { - $ip = $asset_row['interface_ip']; + $ip = mysqli_real_escape_string($mysqli, $asset_row['interface_ip']); } else { $ip = ''; } @@ -67,7 +67,7 @@ if (isset($_POST['asset_ip'])) { if (isset($_POST['asset_mac'])) { $mac = sanitizeInput($_POST['asset_mac']); } elseif (isset($asset_row) && isset($asset_row['interface_mac'])) { - $mac = $asset_row['interface_mac']; + $mac = mysqli_real_escape_string($mysqli, $asset_row['interface_mac']); } else { $mac = ''; } @@ -75,15 +75,23 @@ if (isset($_POST['asset_mac'])) { if (isset($_POST['asset_uri'])) { $uri = sanitizeInput($_POST['asset_uri']); } elseif (isset($asset_row) && isset($asset_row['asset_uri'])) { - $uri = $asset_row['asset_uri']; + $uri = mysqli_real_escape_string($mysqli, $asset_row['asset_uri']); } else { $uri = ''; } +if (isset($_POST['asset_uri_2'])) { + $uri_2 = sanitizeInput($_POST['asset_uri_2']); +} elseif (isset($asset_row) && isset($asset_row['asset_uri_2'])) { + $uri_2 = mysqli_real_escape_string($mysqli, $asset_row['asset_uri_2']); +} else { + $uri_2 = ''; +} + if (isset($_POST['asset_status'])) { $status = sanitizeInput($_POST['asset_status']); } elseif (isset($asset_row) && isset($asset_row['asset_status'])) { - $status = $asset_row['asset_status']; + $status = mysqli_real_escape_string($mysqli, $asset_row['asset_status']); } else { $status = ''; } @@ -91,7 +99,7 @@ if (isset($_POST['asset_status'])) { if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'])) { $purchase_date = "'" . sanitizeInput($_POST['asset_purchase_date']) . "'"; } elseif (isset($asset_row) && isset($asset_row['asset_purchase_date'])) { - $purchase_date = "'" . $asset_row['asset_purchase_date'] . "'"; + $purchase_date = "'" . mysqli_real_escape_string($mysqli, $asset_row['asset_purchase_date']) . "'"; } else { $purchase_date = "NULL"; } @@ -99,7 +107,7 @@ if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'] if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) { $warranty_expire = "'" . sanitizeInput($_POST['asset_warranty_expire']) . "'"; } elseif (isset($asset_row) && isset($asset_row['asset_warranty_expire'])) { - $warranty_expire = "'" . $asset_row['asset_warranty_expire'] . "'"; + $warranty_expire = "'" . mysqli_real_escape_string($mysqli, $asset_row['asset_warranty_expire']) . "'"; } else { $warranty_expire = "NULL"; } @@ -107,7 +115,7 @@ if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expi if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) { $install_date = "'" . sanitizeInput($_POST['asset_install_date']) . "'"; } elseif (isset($asset_row) && isset($asset_row['asset_install_date'])) { - $install_date = "'" . $asset_row['asset_install_date'] . "'"; + $install_date = "'" . mysqli_real_escape_string($mysqli, $asset_row['asset_install_date']) . "'"; } else { $install_date = "NULL"; } @@ -115,7 +123,7 @@ if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) if (isset($_POST['asset_notes'])) { $notes = sanitizeInput($_POST['asset_notes']); } elseif (isset($asset_row) && isset($asset_row['asset_notes'])) { - $notes = $asset_row['asset_notes']; + $notes = mysqli_real_escape_string($mysqli, $asset_row['asset_notes']); } else { $notes = ''; } diff --git a/api/v1/assets/update.php b/api/v1/assets/update.php index 86f59b57..b6d5eb77 100644 --- a/api/v1/assets/update.php +++ b/api/v1/assets/update.php @@ -18,8 +18,7 @@ if (!empty($asset_id)) { // Variable assignment from POST - assigning the current database value if a value is not provided require_once 'asset_model.php'; - - $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes' WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1"); + $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_description = '$description', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_uri = '$uri', asset_uri_2 = '$uri_2', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes' WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1"); // Check insert & get insert ID if ($update_sql) {