$wpdb->query($wpdb->prepare("DELETE FROM " . SL_TABLE . " WHERE sl_id='%d'", $_GET['delete'])); sl_process_tags("", "delete", $_GET['delete']); } /*elseif (empty($_GET['q'])) { print "<div class='sl_admin_warning'>Security Check doesn't validate for deleting this location, make sure to delete by clicking the 'Delete' link next to a specific location.</div>"; }*/ } if (!empty($_POST) && !empty($_GET['edit']) && $_POST['act'] != "delete") { $field_value_str = ""; foreach ($_POST as $key => $value) { if (preg_match("@\\-{$_GET['edit']}@", $key)) { $key = str_replace("-{$_GET['edit']}", "", $key); // stripping off number at the end (giving problems when constructing address string below) if ($key == "sl_tags") { //print "before: $value <br><br>"; $value = sl_prepare_tag_string($value); //print "after: $value \r\n"; die(); } if (is_array($value)) { $value = serialize($value); //for arrays being submitted $field_value_str .= $key . "='{$value}',"; } else { $field_value_str .= $key . "=" . $wpdb->prepare("%s", trim(comma(stripslashes($value)))) . ", "; } $_POST["{$key}"] = $value; } } $field_value_str = substr($field_value_str, 0, strlen($field_value_str) - 2); $edit = $_GET['edit']; extract($_POST);
//adding or removing tags for specified a locations if (!empty($_POST)) { extract($_POST); } //var_dump($sl_id); exit; if (is_array($sl_id) == 1) { $rplc_arr = array_fill(0, count($sl_id), "%d"); //var_dump($rplc_arr); //die(); $id_string = implode(",", array_map(array($wpdb, "prepare"), $rplc_arr, $sl_id)); } else { $id_string = $wpdb->prepare("%d", $sl_id); } if ($act == "add_tag") { //adding tags //die("UPDATE ".SL_TABLE." SET sl_tags=CONCAT(IFNULL(sl_tags, ''), %s ) WHERE sl_id IN ($id_string)"); $wpdb->query($wpdb->prepare("UPDATE " . SL_TABLE . " SET sl_tags=CONCAT(IFNULL(sl_tags, ''), %s ) WHERE sl_id IN ({$id_string})", sl_prepare_tag_string(strtolower($sl_tags)))); sl_process_tags(sl_prepare_tag_string(strtolower($sl_tags)), "insert", $sl_id); } elseif ($act == "remove_tag") { //removing tags if (empty($sl_tags)) { //if no tag is specified, all tags will be removed from selected locations $wpdb->query("UPDATE " . SL_TABLE . " SET sl_tags='' WHERE sl_id IN ({$id_string})"); sl_process_tags("", "delete", $id_string); } else { //$wpdb->query($wpdb->prepare("UPDATE ".SL_TABLE." SET sl_tags='".sl_prepare_tag_string("%s")."' WHERE sl_id IN (%s)", $sl_tags, $id_string)); $wpdb->query($wpdb->prepare("UPDATE " . SL_TABLE . " SET sl_tags=REPLACE(sl_tags, %s, '') WHERE sl_id IN ({$id_string})", $sl_tags . ",")); $wpdb->query($wpdb->prepare("UPDATE " . SL_TABLE . " SET sl_tags=REPLACE(sl_tags, %s, '') WHERE sl_id IN ({$id_string})", $sl_tags . ",")); sl_process_tags($sl_tags, "delete", $id_string); } }
function sl_add_location() { global $wpdb; $fieldList = ""; $valueList = ""; foreach ($_POST as $key => $value) { if (preg_match("@sl_@", $key)) { if ($key == "sl_tags") { $value = sl_prepare_tag_string($value); } $fieldList .= "{$key},"; if (is_array($value)) { $value = serialize($value); //for arrays being submitted $valueList .= "'{$value}',"; //$field_value_str.=$key."='$value',"; } else { $valueList .= $wpdb->prepare("%s", comma(stripslashes($value))) . ","; //$field_value_str.=$key."=".$wpdb->prepare("%s", trim(comma(stripslashes($value)))).", "; } } } $fieldList = substr($fieldList, 0, strlen($fieldList) - 1); $valueList = substr($valueList, 0, strlen($valueList) - 1); $wpdb->query("INSERT INTO " . SL_TABLE . " ({$fieldList}) VALUES ({$valueList})"); $new_loc_id = $wpdb->insert_id; $address = "{$_POST['sl_address']}, {$_POST['sl_address2']}, {$_POST['sl_city']}, {$_POST['sl_state']} {$_POST['sl_zip']}"; sl_do_geocoding($address); if (!empty($_POST['sl_tags'])) { sl_process_tags($_POST['sl_tags'], "insert", $new_loc_id); } }