From: Michael J. Rubinsky <mrubinsk@horde.org>
Date: Wed, 10 Feb 2010 17:13:16 +0000 (-0500)
Subject: Use placeholders instead of interpolation - and fix logic in setLocation()
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=8a666796027da9a11eb1a77dda1de44130849684;p=horde.git

Use placeholders instead of interpolation - and fix logic in setLocation()
---

diff --git a/kronolith/lib/Geo/Sql.php b/kronolith/lib/Geo/Sql.php
index 2091256b4..d9c6961c8 100644
--- a/kronolith/lib/Geo/Sql.php
+++ b/kronolith/lib/Geo/Sql.php
@@ -111,16 +111,19 @@ class Kronolith_Geo_Sql extends Kronolith_Geo
     public function setLocation($event_id, $point)
     {
         /* First make sure it doesn't already exist */
-        $sql = "SELECT COUNT(*) FROM kronolith_events_geo WHERE event_id = ('" . $event_id . "')";
-        $count = $this->_db->getOne($sql);
+        $sql = 'SELECT COUNT(*) FORM kronolith_events_geo WHERE event_id = ?';
+        $count = $this->_db->getOne($sql, array($event_id));
         if ($count instanceof PEAR_Error) {
             throw new Horde_Exception($count->getMessage());
         }
 
-            /* Do we actually have data? */
+        /* Do we actually have data? If not, see if we are deleting an
+         * existing entry.
+         */
         if ((empty($point['lat']) || empty($point['lon'])) && $count) {
             // Delete the record.
-            $sql = "DELETE FROM kronolith_events_geo WHERE event_id = '" . $event_id . "'";
+            $this->removeLocation($event_id);
+            return;
         } elseif (empty($point['lat']) || empty($point['lon'])) {
             return;
         }