//adding or removing tags for specified a locations
if (!empty($_POST)) {
    extract($_POST);
}
//var_dump($sl_id); exit;
if (is_array($sl_id) == 1) {
    $rplc_arr = array_fill(0, count($sl_id), "%d");
    //var_dump($rplc_arr); //die();
    $id_string = implode(",", array_map(array($wpdb, "prepare"), $rplc_arr, $sl_id));
} else {
    $id_string = $wpdb->prepare("%d", $sl_id);
}
if ($act == "add_tag") {
    //adding tags
    //die("UPDATE ".SL_TABLE." SET sl_tags=CONCAT(IFNULL(sl_tags, ''), %s ) WHERE sl_id IN ($id_string)");
    $wpdb->query($wpdb->prepare("UPDATE " . SL_TABLE . " SET sl_tags=CONCAT(IFNULL(sl_tags, ''), %s ) WHERE sl_id IN ({$id_string})", sl_prepare_tag_string(strtolower($sl_tags))));
    sl_process_tags(sl_prepare_tag_string(strtolower($sl_tags)), "insert", $sl_id);
} elseif ($act == "remove_tag") {
    //removing tags
    if (empty($sl_tags)) {
        //if no tag is specified, all tags will be removed from selected locations
        $wpdb->query("UPDATE " . SL_TABLE . " SET sl_tags='' WHERE sl_id IN ({$id_string})");
        sl_process_tags("", "delete", $id_string);
    } else {
        //$wpdb->query($wpdb->prepare("UPDATE ".SL_TABLE." SET sl_tags='".sl_prepare_tag_string("%s")."' WHERE sl_id IN (%s)", $sl_tags, $id_string));
        $wpdb->query($wpdb->prepare("UPDATE " . SL_TABLE . " SET sl_tags=REPLACE(sl_tags, %s, '') WHERE sl_id IN ({$id_string})", $sl_tags . ","));
        $wpdb->query($wpdb->prepare("UPDATE " . SL_TABLE . " SET sl_tags=REPLACE(sl_tags, %s, '') WHERE sl_id IN ({$id_string})", $sl_tags . ","));
        sl_process_tags($sl_tags, "delete", $id_string);
    }
}
function sl_add_location()
{
    global $wpdb;
    $fieldList = "";
    $valueList = "";
    foreach ($_POST as $key => $value) {
        if (preg_match("@sl_@", $key)) {
            if ($key == "sl_tags") {
                $value = sl_prepare_tag_string($value);
            }
            $fieldList .= "{$key},";
            if (is_array($value)) {
                $value = serialize($value);
                //for arrays being submitted
                $valueList .= "'{$value}',";
                //$field_value_str.=$key."='$value',";
            } else {
                $valueList .= $wpdb->prepare("%s", comma(stripslashes($value))) . ",";
                //$field_value_str.=$key."=".$wpdb->prepare("%s", trim(comma(stripslashes($value)))).", ";
            }
        }
    }
    $fieldList = substr($fieldList, 0, strlen($fieldList) - 1);
    $valueList = substr($valueList, 0, strlen($valueList) - 1);
    $wpdb->query("INSERT INTO " . SL_TABLE . " ({$fieldList}) VALUES ({$valueList})");
    $new_loc_id = $wpdb->insert_id;
    $address = "{$_POST['sl_address']}, {$_POST['sl_address2']}, {$_POST['sl_city']}, {$_POST['sl_state']} {$_POST['sl_zip']}";
    sl_do_geocoding($address);
    if (!empty($_POST['sl_tags'])) {
        sl_process_tags($_POST['sl_tags'], "insert", $new_loc_id);
    }
}
     }
 }
 $field_value_str = substr($field_value_str, 0, strlen($field_value_str) - 2);
 $edit = $_GET['edit'];
 extract($_POST);
 $the_address = "{$sl_address}, {$sl_address2}, {$sl_city}, {$sl_state} {$sl_zip}";
 if (empty($_POST['no_geocode']) || $_POST['no_geocode'] != 1) {
     //no_geocode sent by addons that manually edit the the coordinates. Prevents sl_do_geocoding() from overwriting the manual edit.
     $old_address = $wpdb->get_results("SELECT * FROM " . SL_TABLE . " WHERE sl_id='" . esc_sql($_GET['edit']) . "'", ARRAY_A);
 }
 //die("UPDATE ".SL_TABLE." SET $field_value_str WHERE sl_id='%d'");
 //$wpdb->query($wpdb->prepare("UPDATE ".SL_TABLE." SET $field_value_str WHERE sl_id='%d'", $_GET['edit']));
 $wpdb->query($wpdb->prepare("UPDATE " . SL_TABLE . " SET " . str_replace("%", "%%", $field_value_str) . " WHERE sl_id='%d'", $_GET['edit']));
 //Thank you WP user @kostofffan; fixes 'empty query' bug when user is trying to update location with a '%' sign in it
 if (!empty($_POST['sl_tags'])) {
     sl_process_tags($_POST['sl_tags'], "insert", $_GET['edit']);
 }
 if ((empty($_POST['sl_longitude']) || $_POST['sl_longitude'] == $old_address[0]['sl_longitude']) && (empty($_POST['sl_latitude']) || $_POST['sl_latitude'] == $old_address[0]['sl_latitude'])) {
     if ($the_address != $old_address[0]['sl_address'] . " " . $old_address[0]['sl_address2'] . ", " . $old_address[0]['sl_city'] . ", " . $old_address[0]['sl_state'] . " " . $old_address[0]['sl_zip'] || ($old_address[0]['sl_latitude'] === "" || $old_address[0]['sl_longitude'] === "")) {
         sl_do_geocoding($the_address, $_GET['edit']);
         if (!empty($GLOBALS['sdg_reply']) && $GLOBALS['sdg_reply'] == "1st_attempt") {
             //added - v3.73, 7/10/15 - refresh page here only if successful on first geocoding attempt; 2nd attempt refreshing handled in sl_do_geocoding()
             print "<script>location.replace('" . str_replace("&edit={$_GET['edit']}", "", $_SERVER['REQUEST_URI']) . "');</script>";
         }
     } else {
         //added - v3.73, 7/10/15 - refresh page if nothing about address changes
         print "<script>location.replace('" . str_replace("&edit={$_GET['edit']}", "", $_SERVER['REQUEST_URI']) . "');</script>";
     }
 }
 //commented out - v3.73, 7/10/15 - in order to allow time to view geocoding status message when updating single location
 //print "<script>location.replace('".str_replace("&edit=$_GET[edit]", "", $_SERVER['REQUEST_URI'])."');</script>";
<?php

if ($_POST) {
    extract($_POST);
}
if (is_array($sl_id) == 1) {
    $rplc_arr = array_fill(0, count($sl_id), "%d");
    $id_string = implode(",", array_map(array($wpdb, "prepare"), $rplc_arr, $sl_id));
} else {
    $id_string = $wpdb->prepare("%d", $sl_id);
}
$wpdb->query("DELETE FROM " . SL_TABLE . " WHERE sl_id IN ({$id_string})");
sl_process_tags("", "delete", $id_string);