--- a/betweenpoint.submit.php +++ b/betweenpoint.submit.php @@ -5,9 +5,9 @@ exit; } print_r($_REQUEST); -$reverse=$_REQUEST["reverse"]; -$from=$_REQUEST["from"]; -$to=$_REQUEST["to"]; +$reverse=(isset($_REQUEST["reverse"]) ? $_REQUEST["reverse"] : "off"); +$from=pg_escape_string($_REQUEST["from"]); +$to=pg_escape_string($_REQUEST["to"]); $routes=$_REQUEST["routes"] ; $points=$_REQUEST["between_points"]; $sql = "INSERT INTO between_stops (fromLocation, toLocation, points, routes) VALUES('$from','$to','$points','$routes')"; @@ -16,9 +16,11 @@ echo("Error in SQL query: " . pg_last_error() ."<br>\n"); } if ($reverse === "on") { - $p = implode(";",array_reverse(explode(";",$points))).";"; - $points = str_replace(";","",$p,1); -$sql = "INSERT INTO between_stops ( toLocation, fromLocation, points, routes) VALUES('$from','$to','$points','$routes')"; + $ep = explode(";",$points); + $epr = array_reverse($ep); + $p = implode(";",$epr).";"; + $pointsString = substr($p,1); +$sql = "INSERT INTO between_stops ( toLocation, fromLocation, points, routes) VALUES('$from','$to','$pointsString','$routes')"; $result = pg_query($conn, $sql); if (!$result) { echo("Error in SQL query: " . pg_last_error() ."<br>\n");