prepare("DELETE FROM location WHERE id = :id AND district=:district");} else { $stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");} $stmt->bindValue(":id",$numDelete); $stmt->bindValue(":district",$strDistrict); $stmt->execute(); $stmt = $db->prepare("DELETE FROM comment WHERE loc_id= :loc_id"); $stmt->bindValue(":loc_id",$numDelete); $stmt->execute(); $stmt = $db->prepare("SELECT * FROM files where loc_id = :loc_id"); $stmt->bindValue(":loc_id", $numDelete, PDO::PARAM_INT); if ($row = $result->fetch(PDO::FETCH_ASSOC)) { $strFilename = $row['filename']; $strFilename = $uploaddir . $strFilename; unset($strFilename); } $stmt = $db->prepare("DELETE FROM files WHERE loc_id= :loc_id"); $stmt->bindValue(":loc_id",$numDelete); $stmt->execute(); } // ------- Kommentar löschen ------------ // keine Überprüfung - ob richtiger District if (isset($_GET['delcid'])) { if($_GET['csrf'] !== $_SESSION['csrf_token']) { die("Ungültiger Token"); } $numDelete=(int)$_GET['delcid']; $stmt = $db->prepare("DELETE FROM comment WHERE id= :id"); $stmt->bindValue(":id",$numDelete); $stmt->execute(); } // --------- Feigabe verändern ------------- // Keine Überprüfung, ob richtiger District if (isset($_GET['approvalId'])) { if($_GET['csrf'] !== $_SESSION['csrf_token']) { die("Ungültiger Token"); } $numApproval=(int)$_GET['approvalId']; $stmt = $db->prepare("UPDATE location SET approval = not approval WHERE id= :id"); $stmt->bindValue(":id",$numApproval); $stmt->execute(); } // ----------- Bild löschen ----------------- // Keine Überprüfung, ob richtiger District if (isset($_GET['delfid'])) { if($_GET['csrf'] !== $_SESSION['csrf_token']) { die("Ungültiger Token"); } $numDelete=(int)$_GET['delfid']; $stmt = $db->prepare("SELECT * FROM files where id = :id"); $stmt->bindParam(':id', $id); //$result = $stmt->execute(); if ($row=$result->fetch(PDO::FETCH_ASSOC)) { $strFilename = $row['filename']; $strFilename = $uploaddir . $strFilename; unset($strFilename); } $stmt = $db->prepare("DELETE FROM files WHERE id= :id"); $stmt->bindValue(":id",$numDelete); $stmt->execute(); } // Karte zeigen if (isset($_GET['showmap'])) { $numShowmap=(int)$_GET['showmap']; $boolShowmap=$numShowmap==1; } $arrTopic = array ( 1 => "Fußverkehr", 2 => "Radverkehr", 3 => "Bus und Bahn", 4 => "Pkw-Verkehr", 5 => "Lkw-Verkehr" ); $arrIcon = array ( 1 => "", 2 => "", 3 => "", 4 => "", 5 => "" ); ?>