new_city_submit.php at Protoforge

<?php
require_once('config.inc.php');
require(PF_INCLUDE.'verifyUserID.inc.php');

session_start();

try {

	if (isset($_POST['redirect'])) { $redirect = $_POST['redirect']; }
	else if (isset($_GET['redirect'])) { $redirect = $_GET['redirect']; }

	if (!isset($_POST['country_iso_id']) || empty($_POST['country_iso_id'])) {
		throw new Exception( 'Please make sure you have a country selected before adding a city.' );
	}
	if (!isset($_POST['state_id']) || empty($_POST['state_id']) || $_POST['state_id'] < 1) {
		throw new Exception( 'Please make sure you have a state selected before adding a city.' );
	}
	if (empty($_POST['city_name'])) {
		throw new Exception( 'City name can not be empty.' );
	}

	if (require_once(PF_BASE.'connect.php'))
		$link = connect();

	if (ctype_digit($_POST['state_id'])) {
		$state_id = intval($_POST['state_id']);
	} else {
		throw new Exception('input must be numeric');
	}

	$city_name = mysql_real_escape_string(strip_tags($_POST['city_name']));

	$city_query = 'INSERT INTO cities (CITY_ID,CITY_NAME,STATE_ID) values (null,\''.$city_name.'\',\''.$state_id.'\')';
	$city_result = mysql_query($city_query);
	if (!$city_result) {
		throw new Exception('Insert failed: ' . mysql_error());
	}

	$d = new Decode($redirect);
	header('Location: '.$d->redirect());

} catch (Exception $e) {
	$pfutil = new PFUtil();
	$pfutil->error_page( $e->getMessage() );
}
?>