Index: trunk/cgi-bin/newcity.cgi
===================================================================
--- trunk/cgi-bin/newcity.cgi	(revision 431)
+++ trunk/cgi-bin/newcity.cgi	(revision 517)
@@ -13,6 +13,7 @@
 use warnings;
 #use CGI::Carp qw(fatalsToBrowser);
+use CGI::Simple;
+use HTML::Template;
 use DBI;
-use CommonWeb qw(:ALL);
 #use POSIX qw(ceil);
 use NetAddr::IP;
@@ -35,29 +36,44 @@
 }
 
-my %webvar = parse_post();
-cleanInput(\%webvar);
+# Set up the CGI object...
+my $q = new CGI::Simple;
+# ... and get query-string params as well as POST params if necessary
+$q->parse_query_string;
+
+# Convenience;  saves changing all references to %webvar
+##fixme:  tweak for handling <select multiple='y' size=3> (list with multiple selection)
+my %webvar = $q->Vars;
 
 my ($dbh,$errstr) = connectDB_My;
 my $sth;
 
+$ENV{HTML_TEMPLATE_ROOT} = '../templates';
+
+my $page = HTML::Template->new(filename => "newcity.tmpl");
+
+if ($webvar{city}) {
+  if ($webvar{pop} eq 'on') {
+    $sth = $dbh->prepare("insert into cities (city,routing) values (?,'y')");
+  } else {
+    $sth = $dbh->prepare("insert into cities (city,routing) values (?,'n')");
+  }
+##fixme:  don't allow duplicate cities
+  $sth->execute($webvar{city});
+  $page->param(city => $webvar{city});
+  if ($sth->err) {
+    $page->param(err => $sth->errstr);
+    my $msg = "$authuser could not add city '$webvar{city}' to database: ".$sth->errstr;
+    mailNotify($dbh, 'f:nci', "IPDB city add failure", $msg);
+    syslog "err", $msg;
+  } else {
+    syslog "notice", "$authuser added city/location '$webvar{pop}'".
+	(($webvar{pop} eq 'on') ? ' as POP location' : '');
+  }
+}
+
 print "Content-type: text/html\n\n";
 
-if ($webvar{pop} eq 'on') {
-  $sth = $dbh->prepare("insert into cities (city,routing) values ('$webvar{city}','y')");
-} else {
-  $sth = $dbh->prepare("insert into cities (city,routing) values ('$webvar{city}','n')");
-}
-$sth->execute;
-
-if ($sth->err) {
-  print "Error adding city to database: ".$sth->errstr;
-  mailNotify($dbh, 'f:nci', "IPDB city add failure",
-	"$authuser could not add city '$webvar{city}' to database: ".$sth->errstr);
-  syslog "err", "$authuser could not add city '$webvar{city}' to database: ".$sth->errstr;
-} else {
-  print "City added.  Closing this window should refresh the page.";
-  syslog "notice", "$authuser added city/location '$webvar{pop}'".
-	(($webvar{pop} eq 'on') ? ' as POP location' : '');
-}
+print $page->output;
 
 finish($dbh);
+