372
seCure develoPment For mobIle APPs
// do not sanitize string or remove characters - not the result
wanted in this case
$lat = filter_var($latLon[0], FILTER_VALIDATE_FLOAT);
$lon = filter_var($latLon[1], FILTER_VALIDATE_FLOAT);
}
if(isset($remove) && true == $remove)
{
// only call db if there is valid data - don't waste expensive
call
if(false != $lat && false != $lon)
{
//call Data Repository singleton to remove marker
$results = $db->removeMarker($lat, $lon);
}
if(!$results)
{
returnErrorToBrowser("Could Not Remove Marker!");
}
echo "Marker Removed!";
exit();
}
if(isset($save) && true == $save)
{
// only call db if Latitude and Longitude are valid floats,
and not false
//don't waste expensive call
if(false != ...