From 8a666796027da9a11eb1a77dda1de44130849684 Mon Sep 17 00:00:00 2001
From: "Michael J. Rubinsky" <mrubinsk@horde.org>
Date: Wed, 10 Feb 2010 12:13:16 -0500
Subject: [PATCH] Use placeholders instead of interpolation - and fix logic in
 setLocation()

---
 kronolith/lib/Geo/Sql.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/kronolith/lib/Geo/Sql.php b/kronolith/lib/Geo/Sql.php
index 2091256b4..d9c6961c8 100644
--- a/kronolith/lib/Geo/Sql.php
+++ b/kronolith/lib/Geo/Sql.php
@@ -111,16 +111,19 @@ class Kronolith_Geo_Sql extends Kronolith_Geo
     public function setLocation($event_id, $point)
     {
         /* First make sure it doesn't already exist */
-        $sql = "SELECT COUNT(*) FROM kronolith_events_geo WHERE event_id = ('" . $event_id . "')";
-        $count = $this->_db->getOne($sql);
+        $sql = 'SELECT COUNT(*) FORM kronolith_events_geo WHERE event_id = ?';
+        $count = $this->_db->getOne($sql, array($event_id));
         if ($count instanceof PEAR_Error) {
             throw new Horde_Exception($count->getMessage());
         }
 
-            /* Do we actually have data? */
+        /* Do we actually have data? If not, see if we are deleting an
+         * existing entry.
+         */
         if ((empty($point['lat']) || empty($point['lon'])) && $count) {
             // Delete the record.
-            $sql = "DELETE FROM kronolith_events_geo WHERE event_id = '" . $event_id . "'";
+            $this->removeLocation($event_id);
+            return;
         } elseif (empty($point['lat']) || empty($point['lon'])) {
             return;
         }
-- 
2.11.0