$start_date = strip_tags($_GET['startdate']); } if (isset($_GET['enddate'])) { $end_date = strip_tags($_GET['enddate']); } if (!is_numeric($p_id)) { return 0; } if (!is_numeric($event_code)) { return 0; } if (!is_numeric($stat_code)) { return 0; } if (!is_numeric($event_group)) { return 0; } if (strlen($start_date) > 12) { return 0; } if (strlen($end_date) > 12) { return 0; } $dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname); #echo $event_code.":".$event_group.":".$stat_code.":".$start_date.":".$end_date.":".$p_id; $RS = DB_listLegsFromPeriod($dbi, $event_code, $event_group, $stat_code, $start_date, $end_date, $p_id); #$fields=array(7,6,4,0,1,2,3); #$ROWS=RecordsetToDataTable($RS,$fields); $ROWS = RecordsetToCSV($RS); header('Content-Type: application/text; charset=ISO-8859-1'); echo $ROWS;
<?php // syntax to test this service: fretAllLocations.php (no params) foreach ($_GET as $secvalue) { if (eregi("<[^>]*script*\"?[^>]*>", $secvalue) or eregi("\\([^>]*.*\"?[^>]*\\)", $secvalue)) { die("I don't like you..."); } } require_once "code/config.php"; require_once "includes/sql_layer.php"; require_once "api_rs.php"; require_once "api_format.php"; $dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname); $RS = DB_listLocations($dbi); $OUT = RecordsetToCSV($RS); header('Content-Type: application/xhtml+xml; charset=ISO-8859-1'); echo $OUT;