$start_date = strip_tags($_GET['startdate']);
}
if (isset($_GET['enddate'])) {
$end_date = strip_tags($_GET['enddate']);
}
if (!is_numeric($p_id)) {
return 0;
}
if (!is_numeric($event_code)) {
return 0;
}
if (!is_numeric($stat_code)) {
return 0;
}
if (!is_numeric($event_group)) {
return 0;
}
if (strlen($start_date) > 12) {
return 0;
}
if (strlen($end_date) > 12) {
return 0;
}
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
#echo $event_code.":".$event_group.":".$stat_code.":".$start_date.":".$end_date.":".$p_id;
$RS = DB_listLegsFromPeriod($dbi, $event_code, $event_group, $stat_code, $start_date, $end_date, $p_id);
#$fields=array(7,6,4,0,1,2,3);
#$ROWS=RecordsetToDataTable($RS,$fields);
$ROWS = RecordsetToCSV($RS);
header('Content-Type: application/text; charset=ISO-8859-1');
echo $ROWS;
<?php
// syntax to test this service: fretAllLocations.php (no params)
foreach ($_GET as $secvalue) {
if (eregi("<[^>]*script*\"?[^>]*>", $secvalue) or eregi("\\([^>]*.*\"?[^>]*\\)", $secvalue)) {
die("I don't like you...");
}
}
require_once "code/config.php";
require_once "includes/sql_layer.php";
require_once "api_rs.php";
require_once "api_format.php";
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
$RS = DB_listLocations($dbi);
$OUT = RecordsetToCSV($RS);
header('Content-Type: application/xhtml+xml; charset=ISO-8859-1');
echo $OUT;
