} else { $sql = "INSERT INTO debug (content, date) values ('" . mysql_real_escape_string($short) . "', '{$date}');"; mysql_query($sql); } $requesta = json_decode(urldecode($_POST['payload']), true); $id = $requesta['data']['ushahidi_id']; $randIdent = $requesta['data']['randIdent']; $message = $requesta['data']['sms_text']; if ($id == '') { $sql = "INSERT INTO debug (content, date) values ('BAD ID: " . mysql_real_escape_string($short) . "', '{$date}');"; mysql_query($sql); print "no id\n"; die; } $sql = "SELECT location_name FROM location JOIN incident ON incident.location_id = location.id WHERE incident.id = {$id};"; $current_loc_name = DBQuery::return_value_from_sql($sql); if ($current_loc_name != $unknown_loc && $current_loc_name != '') { // SOMEONE HAS SET THIS LOCATION WHILE BEING PROCESSED AT CF: ignore CF. print "\n<p>Location {$current_loc_name} already exists in Ushahidi instance<p>\n"; die; } $sql = "SELECT randomIdentifier FROM incident_automated WHERE idIncident = '{$id}' AND randomIdentifier = '" . $randIdent . "'; "; $matchRand = DBQuery::values_exist($sql); if (!$matchRand) { print "nomatching rand\n{$sql}\n"; $sql = "INSERT INTO debug (content, date) values ('BAD RAND: incident_id = {$id} for " . mysql_real_escape_string($short) . "', '{$date}');"; mysql_query($sql); //die; #security - ignore requests where the random identifier isnt the one we gave for this task // repress this for now and continue: some ids changed post-migration } $sql = "UPDATE incident_automated SET returned_json = '" . mysql_real_escape_string($_POST['payload']) . "', status = '2' WHERE idIncident = '{$id}'";
/** * returns the value of $ret_field if a record with $field = $value exists in the given $table * return an empty string otherwise */ public static function return_value($field, $value, $table, $ret_field) { $sql = "SELECT {$ret_field} FROM {$table} WHERE {$field} = '{$value}';"; print "{$sql}"; return DBQuery::return_value_from_sql($sql); }