$event_id = strip_tags($_POST['eventid']); } else { $event_id = 0; } if (isset($_POST['eventgroupid']) && is_numeric($_POST['eventgroupid'])) { $event_group_id = strip_tags($_POST['eventgroupid']); } else { $event_group_id = 0; } if (isset($_POST['extend']) && strlen($_POST['extend']) < 4) { $ext = strip_tags($_POST['extend']); } else { $ext = ''; } $dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname); $RS = DB_listLocations($dbi, $loc_id, $loc_name, $loc_active, $loc_plz, $event_id, $event_group_id); $OUT = '<table class=\'tchild\' id=\'locationtable\' name=\'locationtable\'>'; if ($ext == 'yes') { // L.id,L.lname,L.lcity,L.lplz,L.laddress,L.lphone,L.lactive,L.lcoordinates,E.id,E.evname,T.id,T.tname foreach ($RS as $r) { $OUT = $OUT . '<tr><td>' . $r[11] . '</td><td>' . $r[1] . '</td><td>' . $r[4] . '</td><td>' . $r[2] . '<br/>' . $r[3] . '</td><td>' . $r[5] . '</td><td>'; if (strlen($r[7]) > 5) { $OUT = $OUT . '<button onclick=\'showmap(' . $r[0] . ')\'>Map</button>'; } //if (strlen($r[7])>5) $OUT=$OUT._button('Map','showmap('.$r[0].')'); $OUT = $OUT . '</td></tr>'; $captain = DB_getCaptainDataTeam($dbi, $r[10]); $OUT = $OUT . '<tr><td></td><td>' . $captain['pfname'] . ' ' . $captain['plname'] . '</td><td>' . $captain['ptel1'] . '</td><td>' . $captain['ptel2'] . '</td></tr>'; $OUT = $OUT . '<tr><td colspan=\'6\' class=\'bluebox\'></td></tr>'; } } else {
function Select_Location($idname = 'vloc', $onChangeAction = '', $lidsel = 0, $loc_name = '', $loc_plz = '', $loc_active = 1) { global $dbi; $RS = DB_listLocations($dbi, 0, $loc_name, $loc_active, $loc_plz); $OUT = RecordsetToSelectOptionList($RS, array(0, 1, 3), $idname, $lidsel, $onChangeAction); return $OUT; }
<?php // syntax to test this service: fretAllLocations.php (no params) foreach ($_GET as $secvalue) { if (eregi("<[^>]*script*\"?[^>]*>", $secvalue) or eregi("\\([^>]*.*\"?[^>]*\\)", $secvalue)) { die("I don't like you..."); } } require_once "code/config.php"; require_once "includes/sql_layer.php"; require_once "api_rs.php"; require_once "api_format.php"; $dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname); $RS = DB_listLocations($dbi); $OUT = RecordsetToCSV($RS); header('Content-Type: application/xhtml+xml; charset=ISO-8859-1'); echo $OUT;