$filter = $input;
//TODO: sanitize locSearch input
$locSearch = $_POST['locSearch'];
//TODO: sanitize locSearch input
$prodCatId = $_POST['prodCat'];
//dynamically create array for drop down list
if ($filter == NULL || $filter == 'All' || is_numeric($filter)) {
$municipalities = array("" => "Select a city...", "All" => "All");
$municipalities = fetchMunicipalities($municipalities);
$smarty->assign('municipalities', $municipalities);
$smarty->assign('id', $filter);
if (!$locSearch) {
$query = getLocationQuery($filter, $municipalities);
$points = mysqlResultAsArray($query);
} else {
$locGCode = geoCodeConvert($locSearch);
if ($locGCode) {
//temporary
$msg = "location search. Geocode: " . $locGCode;
} else {
$pointsQuery = "SELECT * FROM locations WHERE MATCH (name) AGAINST ('" . $locSearch . "')";
if ($prodCatId) {
$pointsQuery .= "AND product_id=" . $prodCatId;
}
$points = mysqlResultAsArray($pointsQuery);
}
//temporary
$_SESSION['msg'] = $msg;
}
$smarty->assign('points', $points);
$mun = mysqlResultAsArray("SELECT * FROM municipalities");
<?php
$address = $_POST['address'];
$name = $_POST['name'];
//sanitize
$mun = $_POST['municipality'];
//TODO:sanitize
$id = $_POST['id'];
//sanitize
$redirect_URL = "{$base}/view/";
require_once "_config.php";
if ($address && $name && !OFFLINE) {
$gCode = geoCodeConvert($address);
if ($gCode) {
$message = 'Modified';
if (!$id) {
mysqlQuery("INSERT INTO geocodes(latitude, longitude) VALUES ('0', '0')");
$gid = mysql_insert_id();
mysqlQuery("INSERT INTO locations(address, geoCodeId, name, municipality_id) VALUES ('0', '0', '0', '0')");
$id = mysql_insert_id();
$message = 'Added';
}
$query = "UPDATE geocodes SET latitude='%s', longitude='%s' WHERE '{$s}'";
mysqlQuery($query, array($gCode['latitude'], $gCode['longitude'], $gid));
$query = "UPDATE locations SET address='%s', geocodeId='%s', name='%s', municipality_id='%s' WHERE id='%s'";
mysqlQuery($query, array($address, $gid, $name, $mun, $id));
$message .= ' GeoCode successfully. gCode = ' . $gCode['latitude'] . "," . $gCode['longitude'] . " " . $name . " " . $address . " " . $mun . " " . $id;
$redirect_URL .= 'list';
} else {
$message = 'Error: Not a valid address.';
$redirect_URL .= 'editLocation';
<?php
require_once "_config.php";
$name = $_POST['name'];
//sanitize
$zoom = $_POST['zoom'];
//TODO:sanitize
$id = $_POST['id'];
//sanitize
$redirect_URL = "{$base}/view/";
if ($name && $zoom && $id && !OFFLINE) {
$name2 = urlencode($name);
$geoCode = geoCodeConvert($name2);
$geoCode = $geoCode['latitude'] . "," . $geoCode['longitude'];
if ($geoCode) {
$message = 'Modified';
if ($id == "new") {
mysqlQuery("INSERT INTO municipalities(name, zoom, longitude, latitude) VALUES ('0', '0', '0', '0')");
$id = mysql_insert_id();
$message = 'Added';
}
//FIXME: update to new database structures.
$query = "UPDATE municipalities SET name='%s', geoCode='%s', zoom = '%s' WHERE id='%s'";
mysqlQuery($query, array($name, $geoCode, $zoom, $id));
$message .= ' municipality successfully. gCode = ' . $geoCode . " " . $name . " " . $zoom . " " . $id;
$redirect_URL .= 'list';
} else {
$message = 'Error: Not a valid Municipality.';
$redirect_URL .= 'editMunicipality';
}
} else {
