#!/usr/local/bin/perl

use DBI;
use CGI;
use CGI::Carp qw(fatalsToBrowser);

$buffer = $ENV{'QUERY_STRING'};

@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
  ($name, $value) = split(/=/, $pair);
  $name =~ tr/+/ /;
  $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
  $value =~ tr/+/ /;
  $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
  $FORM{$name} = $value;
}


##Untaint Variables#############################################################
if ($FORM{$state} == 'AL') {$state = 'AL'; $statename = 'Alabama'};
if ($FORM{$state} == 'AK') {$state = 'AK'; $statename = 'Alaska'};
if ($FORM{$state} == 'AZ') {$state = 'AZ'; $statename = 'Arizona'};
if ($FORM{$state} == 'AR') {$state = 'AR'; $statename = 'Arkansas'};
if ($FORM{$state} == 'CA') {$state = 'CA'; $statename = 'California'};
if ($FORM{$state} == 'CO') {$state = 'CO'; $statename = 'Colorado'};
if ($FORM{$state} == 'CT') {$state = 'CT'; $statename = 'Connecticut'};
if ($FORM{$state} == 'DE') {$state = 'DE'; $statename = 'Delaware'};
if ($FORM{$state} == 'FL') {$state = 'FL'; $statename = 'Florida'};
if ($FORM{$state} == 'GA') {$state = 'GA'; $statename = 'Georgia'};
if ($FORM{$state} == 'HI') {$state = 'HI'; $statename = 'Hawaii'};
if ($FORM{$state} == 'ID') {$state = 'ID'; $statename = 'Idaho'};
if ($FORM{$state} == 'IN') {$state = 'IN'; $statename = 'Indiana'};
if ($FORM{$state} == 'IL') {$state = 'IL'; $statename = 'Illinois'};
if ($FORM{$state} == 'IA') {$state = 'IA'; $statename = 'Iowa'};
if ($FORM{$state} == 'KS') {$state = 'KS'; $statename = 'Kansas'};
if ($FORM{$state} == 'KY') {$state = 'KY'; $statename = 'Kentucky'};
if ($FORM{$state} == 'LA') {$state = 'LA'; $statename = 'Louisiana'};
if ($FORM{$state} == 'ME') {$state = 'ME'; $statename = 'Maine'};
if ($FORM{$state} == 'MD') {$state = 'MD'; $statename = 'Maryland'};
if ($FORM{$state} == 'MA') {$state = 'MA'; $statename = 'Massachusetts'};
if ($FORM{$state} == 'MI') {$state = 'MI'; $statename = 'Michigan'};
if ($FORM{$state} == 'MN') {$state = 'MN'; $statename = 'Minnesota'};
if ($FORM{$state} == 'MO') {$state = 'MO'; $statename = 'Missouri'};
if ($FORM{$state} == 'MS') {$state = 'MS'; $statename = 'Mississippi'};
if ($FORM{$state} == 'MT') {$state = 'MT'; $statename = 'Montana'};
if ($FORM{$state} == 'NE') {$state = 'NE'; $statename = 'Nebraska'};
if ($FORM{$state} == 'NV') {$state = 'NV'; $statename = 'Nevada'};
if ($FORM{$state} == 'NH') {$state = 'NH'; $statename = 'New Hampshire'};
if ($FORM{$state} == 'NJ') {$state = 'NJ'; $statename = 'New Jersey'};
if ($FORM{$state} == 'NM') {$state = 'NM'; $statename = 'New Mexico'};
if ($FORM{$state} == 'NY') {$state = 'NY'; $statename = 'New York'};
if ($FORM{$state} == 'NC') {$state = 'NC'; $statename = 'North Carolina'};
if ($FORM{$state} == 'ND') {$state = 'ND'; $statename = 'North Dakota'};
if ($FORM{$state} == 'OH') {$state = 'OH'; $statename = 'Ohio'};
if ($FORM{$state} == 'OR') {$state = 'OR'; $statename = 'Oregon'};
if ($FORM{$state} == 'OK') {$state = 'OK'; $statename = 'Oklahoma'};
if ($FORM{$state} == 'PA') {$state = 'PA'; $statename = 'Pennsylvania'};
if ($FORM{$state} == 'RI') {$state = 'RI'; $statename = 'Rhode Island'};
if ($FORM{$state} == 'SC') {$state = 'SC'; $statename = 'South Carolina'};
if ($FORM{$state} == 'SD') {$state = 'SD'; $statename = 'South Dakota'};
if ($FORM{$state} == 'TN') {$state = 'TN'; $statename = 'Tennessee'};
if ($FORM{$state} == 'TX') {$state = 'TX'; $statename = 'Texas'};
if ($FORM{$state} == 'UT') {$state = 'UT'; $statename = 'Utah'};
if ($FORM{$state} == 'VT') {$state = 'VT'; $statename = 'Vermont'};
if ($FORM{$state} == 'VA') {$state = 'VA'; $statename = 'Virginia'};
if ($FORM{$state} == 'WA') {$state = 'WA'; $statename = 'Washington State'};
if ($FORM{$state} == 'DC') {$state = 'DC'; $statename = 'Washington DC'};
if ($FORM{$state} == 'WV') {$state = 'WV'; $statename = 'West Virginia'};
if ($FORM{$state} == 'WI') {$state = 'WI'; $statename = 'Wisconsin'};
if ($FORM{$state} == 'WY') {$state = 'WY'; $statename = 'Wyoming'};

## Canada ##################################

if ($FORM{$state} == 'AB') {$state = 'AB'; $statename = 'Alberta'};
if ($FORM{$state} == 'BC') {$state = 'BC'; $statename = 'British Columbia'};
if ($FORM{$state} == 'LB') {$state = 'LB'; $statename = 'Labrador'};
if ($FORM{$state} == 'MB') {$state = 'MB'; $statename = 'Manitoba'};
if ($FORM{$state} == 'NB') {$state = 'NB'; $statename = 'New Brunswick'};
if ($FORM{$state} == 'NL') {$state = 'NL'; $statename = 'Newfoundland and Labrador'};
if ($FORM{$state} == 'NS') {$state = 'NS'; $statename = 'Nova Scotia'};
if ($FORM{$state} == 'NT') {$state = 'NT'; $statename = 'Northwest Territories'};
if ($FORM{$state} == 'NU') {$state = 'NU'; $statename = 'Nunavut'};
if ($FORM{$state} == 'PE') {$state = 'PE'; $statename = 'Prince Edward Island'};
if ($FORM{$state} == 'ON') {$state = 'ON'; $statename = 'Ontario'};
if ($FORM{$state} == 'QC') {$state = 'QC'; $statename = 'Quebec'};
if ($FORM{$state} == 'SA') {$state = 'SA'; $statename = 'Saskatchewan'};
if ($FORM{$state} == 'YU') {$state = 'YU'; $statename = 'Yukon Territory'};




##Start database connections####################################################
$database = "database";
$db_server = "x";
$user = "x";
$password = "x";

##Connect to database, insert statement, & disconnect ##########################
$dbh = DBI->connect("DBI:mysql:$database:$db_server", $user, $password);

$statement = "SELECT DISTINCT city FROM database WHERE state='$state' ORDER BY city";


$sth = $dbh->prepare($statement) or die "Couldn't prepare the query: ".$sth->errstr;

$rv = $sth->execute or die "Couldn't execute query: ".$dbh->errstr;


################################################################################