--- a/betweenpoint.submit.php
+++ b/betweenpoint.submit.php
@@ -5,9 +5,9 @@
exit;
}
print_r($_REQUEST);
-$reverse=$_REQUEST["reverse"];
-$from=$_REQUEST["from"];
-$to=$_REQUEST["to"];
+$reverse=(isset($_REQUEST["reverse"]) ? $_REQUEST["reverse"] : "off");
+$from=pg_escape_string($_REQUEST["from"]);
+$to=pg_escape_string($_REQUEST["to"]);
$routes=$_REQUEST["routes"] ;
$points=$_REQUEST["between_points"];
$sql = "INSERT INTO between_stops (fromLocation, toLocation, points, routes) VALUES('$from','$to','$points','$routes')";
@@ -16,8 +16,11 @@
echo("Error in SQL query: " . pg_last_error() ."
\n");
}
if ($reverse === "on") {
- $points = implode(";",array_reverse(explode(";",$points)));
-$sql = "INSERT INTO between_stops ( toLocation, fromLocation, points, routes) VALUES('$from','$to','$points','$routes')";
+ $ep = explode(";",$points);
+ $epr = array_reverse($ep);
+ $p = implode(";",$epr).";";
+ $pointsString = substr($p,1);
+$sql = "INSERT INTO between_stops ( toLocation, fromLocation, points, routes) VALUES('$from','$to','$pointsString','$routes')";
$result = pg_query($conn, $sql);
if (!$result) {
echo("Error in SQL query: " . pg_last_error() ."
\n");