$query1 \n"; exit; } } foreach $name (keys(%VALUES)) { $VALUES{$name} = &sanitize($VALUES{$name}); } require "timelocal.pl"; if ($VALUES{'eventposteddate'} =~ /(\d+)\/(\d+)\/(\d+)/) { ($month, $mday, $year) = ($1, $2, $3); $newpostdate = &timelocal(0,0,0,$mday,($month-1),$year); } else { $newpostdate = $^T; } if ($VALUES{'eventdate'} =~ /(\d+)\/(\d+)\/(\d+)/) { ($month, $mday, $year) = ($1, $2, $3); $neweventdate = &timelocal(0,0,0,$mday,($month-1),$year); } else { $neweventdate = 0; } # $ENV{"MINERA_DEBUG"} = "query:api"; $query = ("INSERT into hbg (region, citystate, eventdate, postdate, title, organization, description, contact, address, phone, fax, email, id) VALUES ('$VALUES{'eventarea'}', '$VALUES{'eventcity'}', $neweventdate, $newpostdate, '$VALUES{'eventtitle'}', '$VALUES{'eventorganization'}', '$VALUES{'eventdescription'}', '$VALUES{'eventcontact'}', '$VALUES{'eventaddress'}', '$VALUES{'eventphone'}', '$VALUES{'eventfax'}', '$VALUES{'eventemail'}', $id)"); unless ($check = $dbh->Query($query)) { print "Content-type: text/html\n\n Failed:
$query \n";
exit;
}
#print "Content-type: text/html\n\nSuccess: $query\n";
if ($VALUES{'FLAG'} eq "admin") {
print "Location: http://www.itvs.org/programs/babyg/adminevents.cgi\n\n";
}
else {
print "Location: http://www.itvs.org/programs/babyg/eventframe.html\n\n";
}
exit;
sub getid {
$idfile = "/u6/itvs/programs/babyg/eventnumber";
local($oldid);
&lockfile("$idfile.lock");
open(IDNO, "$idfile");
$oldid =
's
sub keepnewlines {
local ($t) = $_[0];
$* = 1; # multi-line string matching
$t =~ s/\r\n/\n/g; # \r and \n are unix-specific
$t =~ tr/\r/\n/s;
$t =~ s/\n/
/g;
return ($t);
}
################################################################
# sanitize
# changes html markup into escape characters and guards against
# other special characters
sub sanitize {
local ($it) = $_[0];
$it =~ s/\&/\&\;/g;
$it =~ s//\>\;/g;
$it =~ s/\"/\"\;/g;
$it =~ tr/\'/\xA7/;
return ($it);
}