1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

def add_endpoint(form_content):
    global PAGE
    
    Possible_Fields = ['customer','city','system_name',
            'subnet','DNS_Name','MCU_prefix',
            'comments','ip_address','H323_Name',
            'state','E164','common_name', 'customer_prefix', 
            'gateway', 'action']
    for entry in form_content:
        if not entry in Possible_Fields:
            print_malformed_request("*** Malformed request, unrecognized directive.", "Please Hit the back button and retry.")
    
    del form_content['action']
    
    db = db_session()
    cursor = db.cursor
    cursor.execute("SELECT * FROM org_list WHERE org_tag = %s", form_content['customer'])
    result = cursor.fetchall()
    if not result:
        print_malformed_request("*** Malformed request, an unknown organization was specified.", "Please Hit the back button and retry.")
        
    keys = form_content.keys()
    #escape the keys to prevent sql injection
    keys = map(MySQLdb.escape_string, keys)
    key_str = ",".join(keys)
    val_list = []
    for key in keys:
        val_list.append(form_content[key][0])
    #escape the values to prevent sql injection
    val_list = map(MySQLdb.escape_string, val_list)
    val_str = "'" + "','".join(val_list) + "'"
    query =  "INSERT INTO cam_info (" + key_str + ") VALUES (" + val_str+ ")"
    cursor.execute(query)

    redirect('main_page')