$sql = "SELECT\n\t mk.*, m.free_marker\n FROM {$_TABLES['maps_markers']} AS mk\n\t\t\tLEFT JOIN {$_TABLES['maps_maps']} AS m\n\t\t\t\t ON mk.mid = m.mid\n\t\t\tWHERE mkid = {$_REQUEST['mkid']} LIMIT 1"; $res = DB_query($sql, 0); $A = DB_fetchArray($res); if ($A['owner_id'] != $_USER['uid'] or $_MAPS_CONF['marker_edition'] == 0 or $A['free_marker'] != 1) { echo COM_refresh($_CONF['site_url']); exit; } $_REQUEST['mid'] = $A['mid']; // prepare strings for insertion $_REQUEST['modified'] = date("YmdHis"); // lat, lng can only contain numbers and a decimal if (empty($_REQUEST['lat']) || empty($_REQUEST['lng'])) { $address = $_REQUEST['address']; $coords = MAPS_getCoords($address, $lat, $lng); if ($lat == 0 && $lng == 0) { $display .= getMarkerForm($_REQUEST); $display .= COM_siteFooter(); COM_output($display); exit; } } else { $lat = strval($_REQUEST['lat']); $lng = strval($_REQUEST['lng']); } // addslashes $_REQUEST['name'] = addslashes($_REQUEST['name']); $_REQUEST['description'] = addslashes($_REQUEST['description']); $_REQUEST['address'] = addslashes($_REQUEST['address']); $_REQUEST['street'] = addslashes($_REQUEST['street']); $_REQUEST['city'] = addslashes($_REQUEST['city']); $_REQUEST['state'] = addslashes($_REQUEST['state']);
$display .= getMarkerForm($A); } else { echo COM_refresh($_CONF['site_url']); } break; case 'editsubmission': // Get the marker to edit and display the form if (isset($_GET['mkid'])) { $sql = "SELECT * FROM {$_TABLES['maps_submission']} WHERE mkid = {$_GET['mkid']} LIMIT 1"; $res = DB_query($sql); $nRows = DB_numRows($res); if ($nRows < 1) { //echo COM_refresh($_MAPS_CONF['site_url'] . '/index.php'); //exit (); } $A = DB_fetchArray($res); $display .= getMarkerForm($A); } else { echo COM_refresh($_CONF['site_url']); } break; case 'new': default: $marker['mk_default'] = 1; $marker['lat'] = '37.4217913'; $marker['lng'] = '-122.08371390000002'; $display .= getMarkerForm($marker); break; } $display .= COM_siteFooter(0); COM_output($display);