Exemple #1
0
$filter = $input;
//TODO: sanitize locSearch input
$locSearch = $_POST['locSearch'];
//TODO: sanitize locSearch input
$prodCatId = $_POST['prodCat'];
//dynamically create array for drop down list
if ($filter == NULL || $filter == 'All' || is_numeric($filter)) {
    $municipalities = array("" => "Select a city...", "All" => "All");
    $municipalities = fetchMunicipalities($municipalities);
    $smarty->assign('municipalities', $municipalities);
    $smarty->assign('id', $filter);
    if (!$locSearch) {
        $query = getLocationQuery($filter, $municipalities);
        $points = mysqlResultAsArray($query);
    } else {
        $locGCode = geoCodeConvert($locSearch);
        if ($locGCode) {
            //temporary
            $msg = "location search. Geocode: " . $locGCode;
        } else {
            $pointsQuery = "SELECT * FROM locations WHERE MATCH (name) AGAINST ('" . $locSearch . "')";
            if ($prodCatId) {
                $pointsQuery .= "AND product_id=" . $prodCatId;
            }
            $points = mysqlResultAsArray($pointsQuery);
        }
        //temporary
        $_SESSION['msg'] = $msg;
    }
    $smarty->assign('points', $points);
    $mun = mysqlResultAsArray("SELECT * FROM municipalities");
Exemple #2
0
<?php

$address = $_POST['address'];
$name = $_POST['name'];
//sanitize
$mun = $_POST['municipality'];
//TODO:sanitize
$id = $_POST['id'];
//sanitize
$redirect_URL = "{$base}/view/";
require_once "_config.php";
if ($address && $name && !OFFLINE) {
    $gCode = geoCodeConvert($address);
    if ($gCode) {
        $message = 'Modified';
        if (!$id) {
            mysqlQuery("INSERT INTO geocodes(latitude, longitude) VALUES ('0', '0')");
            $gid = mysql_insert_id();
            mysqlQuery("INSERT INTO locations(address, geoCodeId, name, municipality_id) VALUES ('0', '0', '0', '0')");
            $id = mysql_insert_id();
            $message = 'Added';
        }
        $query = "UPDATE geocodes SET latitude='%s', longitude='%s' WHERE '{$s}'";
        mysqlQuery($query, array($gCode['latitude'], $gCode['longitude'], $gid));
        $query = "UPDATE locations SET address='%s', geocodeId='%s', name='%s', municipality_id='%s' WHERE id='%s'";
        mysqlQuery($query, array($address, $gid, $name, $mun, $id));
        $message .= ' GeoCode successfully. gCode = ' . $gCode['latitude'] . "," . $gCode['longitude'] . " " . $name . " " . $address . " " . $mun . " " . $id;
        $redirect_URL .= 'list';
    } else {
        $message = 'Error: Not a valid address.';
        $redirect_URL .= 'editLocation';
<?php

require_once "_config.php";
$name = $_POST['name'];
//sanitize
$zoom = $_POST['zoom'];
//TODO:sanitize
$id = $_POST['id'];
//sanitize
$redirect_URL = "{$base}/view/";
if ($name && $zoom && $id && !OFFLINE) {
    $name2 = urlencode($name);
    $geoCode = geoCodeConvert($name2);
    $geoCode = $geoCode['latitude'] . "," . $geoCode['longitude'];
    if ($geoCode) {
        $message = 'Modified';
        if ($id == "new") {
            mysqlQuery("INSERT INTO municipalities(name, zoom, longitude, latitude) VALUES ('0', '0', '0', '0')");
            $id = mysql_insert_id();
            $message = 'Added';
        }
        //FIXME: update to new database structures.
        $query = "UPDATE municipalities SET name='%s', geoCode='%s', zoom = '%s' WHERE id='%s'";
        mysqlQuery($query, array($name, $geoCode, $zoom, $id));
        $message .= ' municipality successfully. gCode = ' . $geoCode . " " . $name . " " . $zoom . " " . $id;
        $redirect_URL .= 'list';
    } else {
        $message = 'Error: Not a valid Municipality.';
        $redirect_URL .= 'editMunicipality';
    }
} else {