svn commit: r291 - trunk/mapbender/http/classes/class_administration.php
uli at osgeo.org
uli at osgeo.org
Mon May 15 10:39:51 EDT 2006
Author: uli
Date: 2006-05-15 14:39:51+0000
New Revision: 291
Modified:
trunk/mapbender/http/classes/class_administration.php
Log:
db_prep_query included
Modified: trunk/mapbender/http/classes/class_administration.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/classes/class_administration.php?view=diff&rev=291&p1=trunk/mapbender/http/classes/class_administration.php&p2=trunk/mapbender/http/classes/class_administration.php&r1=290&r2=291
==============================================================================
--- trunk/mapbender/http/classes/class_administration.php (original)
+++ trunk/mapbender/http/classes/class_administration.php 2006-05-15 14:39:51+0000
@@ -107,7 +107,7 @@
$sql .= "FROM mb_user ";
$sql .= "JOIN gui_mb_user ON mb_user.mb_user_id = gui_mb_user.fkey_mb_user_id ";
$sql .= "WHERE gui_mb_user.mb_user_type = 'owner' ";
- $sql .= "AND gui_mb_user.fkey_gui_id = '".$gui_id."' ";
+ $sql .= "AND gui_mb_user.fkey_gui_id = $1 ";
$sql .= "GROUP BY mb_user.mb_user_name ";
$sql .= ") ";
$sql .= "UNION ( ";
@@ -117,10 +117,12 @@
$sql .= "JOIN mb_user ON mb_user.mb_user_id = mb_user_mb_group.fkey_mb_user_id ";
$sql .= "JOIN gui_mb_user ON mb_user.mb_user_id = gui_mb_user.fkey_mb_user_id ";
$sql .= "WHERE gui_mb_group.mb_group_type = 'owner' ";
- $sql .= "AND gui_mb_group.fkey_gui_id = '".$gui_id."' ";
+ $sql .= "AND gui_mb_group.fkey_gui_id = $2 ";
$sql .= "GROUP BY mb_user.mb_user_name)";
$owner = array();
- $res = db_query($sql);
+ $v = array($gui_id,$gui_id);
+ $t = array('s','s');
+ $res = db_prep_query($sql,$v,$t);
$cnt = 0;
while($row = db_fetch_array($res)){
$owner[$cnt] = $row["mb_user_name"];
@@ -256,12 +258,11 @@
}
function deleteWmc($wmc_id, $user_id){
- global $DBSERVER,$DB,$OWNER,$PW;
- $con = db_connect($DBSERVER,$OWNER,$PW);
- db_select_db(DB,$con);
$sql = "DELETE FROM mb_user_wmc ";
- $sql .= "WHERE fkey_user_id = '".$user_id."' AND wmc_id = '" . $wmc_id . "'";
- $res = db_query($sql);
+ $sql .= "WHERE fkey_user_id = $1 AND wmc_id = $2";
+ $v = array($user_id,$wmc_id);
+ $t = array('i','s');
+ $res = db_prep_query($sql,$v,$t);
if ($res) {
return true;
}
@@ -272,9 +273,10 @@
function insertGui($guiId) {
if (!$this->guiExists($guiId)) {
- $sql = "INSERT INTO gui VALUES ('" . $guiId . "', '" . $guiId . "', '', '1')";
- $res = db_query($sql);
-
+ $sql = "INSERT INTO gui VALUES ($1, $2, '', '1')";
+ $v = array($guiId,$guiId);
+ $t = array('s','s');
+ $res = db_prep_query($sql,$v,$t);
if ($res) {
return true;
}
@@ -283,12 +285,10 @@
}
function delAllUsersOfGui($guiId) {
- global $DBSERVER,$DB,$OWNER,$PW;
- $con = db_connect($DBSERVER,$OWNER,$PW);
- db_select_db(DB,$con);
- $sql = "DELETE FROM gui_mb_user WHERE fkey_gui_id = '" . $guiId . "'";
- $res = db_query($sql);
-
+ $sql = "DELETE FROM gui_mb_user WHERE fkey_gui_id = $1 ";
+ $v = array($guiId);
+ $t = array('s');
+ $res = db_prep_query($sql);
if (!$res) {
return false;
}
@@ -303,21 +303,28 @@
}
function getUserByWms($wms_id){
- global $DBSERVER,$DB,$OWNER,$PW;
- $sql = "SELECT fkey_gui_id FROM gui_wms WHERE fkey_wms_id = ".$wms_id." GROUP BY fkey_gui_id";
+ $sql = "SELECT fkey_gui_id FROM gui_wms WHERE fkey_wms_id = $1 GROUP BY fkey_gui_id";
+ $v = array($wms_id);
+ $t = array('i');
$count=0;
- $res = db_query($sql);
+ $res = db_prep_query($sql,$v,$t);
while($row = db_fetch_array($res)){
$gui[$count] = $row["fkey_gui_id"];
$count++;
}
+ $c = 1;
+ $v = array();
+ $t = array();
if(count($gui)>0){
$sql = "(SELECT mb_user.mb_user_name FROM mb_user JOIN gui_mb_user ";
$sql .= "ON mb_user.mb_user_id = gui_mb_user.fkey_mb_user_id ";
$sql .= " WHERE gui_mb_user.fkey_gui_id IN (";
for($i=0; $i<count($gui); $i++){
if($i>0){ $sql .= ",";}
- $sql .= "'".$gui[$i]."'";
+ $sql .= "$".$c;
+ array_push($v,$gui[$i]);
+ array_push($t, 's');
+ $c++;
}
$sql .= ") GROUP BY mb_user.mb_user_name) UNION";
$sql .= "(SELECT mb_user.mb_user_name FROM gui_mb_group JOIN mb_user_mb_group ON mb_user_mb_group.fkey_mb_group_id = gui_mb_group.fkey_mb_group_id JOIN mb_user ";
@@ -325,11 +332,14 @@
$sql .= " WHERE gui_mb_group.fkey_gui_id IN (";
for($i=0; $i<count($gui); $i++){
if($i>0){ $sql .= ",";}
- $sql .= "'".$gui[$i]."'";
+ $sql .= "$".$c;
+ array_push($v,$gui[$i]);
+ array_push($t, 's');
+ $c++;
}
$sql .= ") GROUP BY mb_user.mb_user_name )";
$user = array();
- $res = db_query($sql);
+ $res = db_prep_query($sql,$v,$t);
$cnt = 0;
while($row = db_fetch_array($res)){
$user[$cnt] = $row["mb_user_name"];
@@ -354,11 +364,10 @@
}
function getWmcById($id){
- global $DBSERVER,$DB,$OWNER,$PW;
- $con = db_connect($DBSERVER,$OWNER,$PW);
- db_select_db(DB,$con);
- $sql = "SELECT wmc FROM mb_user_wmc WHERE wmc_id = '".$id."'";
- $res = db_query($sql);
+ $sql = "SELECT wmc FROM mb_user_wmc WHERE wmc_id = $1 ";
+ $v = array($id);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
$row = db_fetch_array($res);
if ($row) {
return $row["wmc"];
@@ -369,12 +378,11 @@
}
function resetLoginCount($userId) {
- global $DBSERVER,$DB,$OWNER,$PW;
- $con = db_connect($DBSERVER,$OWNER,$PW);
- db_select_db(DB,$con);
$sql = "UPDATE mb_user SET mb_user_login_count = '0' ";
- $sql .= "WHERE mb_user_id = '" . $userId . "'";
- $res = db_query($sql);
+ $sql .= "WHERE mb_user_id = $1 ";
+ $v = array($userId);
+ $t = array('i');
+ $res = db_prep_query($sql,$v,$t);
if (!$res) {
return false;
@@ -385,12 +393,11 @@
}
function getUserIdByUserName($username){
- global $DBSERVER,$DB,$OWNER,$PW;
- $con = db_connect($DBSERVER,$OWNER,$PW);
- db_select_db(DB,$con);
$sql = "SELECT mb_user_id FROM mb_user ";
- $sql .= "WHERE mb_user_name = '".$username."' GROUP BY mb_user_id";
- $res = db_query($sql);
+ $sql .= "WHERE mb_user_name = $1 GROUP BY mb_user_id";
+ $v = array($username);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
$count_g = 0;
$array = array();
while($row = db_fetch_array($res)){
@@ -406,12 +413,11 @@
}
function setUserAsGuiOwner($guiId, $userId) {
- global $DBSERVER,$DB,$OWNER,$PW;
- $con = db_connect($DBSERVER,$OWNER,$PW);
- db_select_db(DB,$con);
$sql = "UPDATE gui_mb_user SET mb_user_type = 'owner' ";
- $sql .= "WHERE fkey_gui_id = '" . $guiId . "' AND fkey_mb_user_id = '".$userId."'";
- $res = db_query($sql);
+ $sql .= "WHERE fkey_gui_id = $1 AND fkey_mb_user_id = $2 ";
+ $v = array($guiId,$userId);
+ $t = array('s','i');
+ $res = db_prep_query($sql,$v,$t);
if (!$res) {
return false;
@@ -422,12 +428,11 @@
}
function getGuiIdByGuiName($guiTitle){
- global $DBSERVER,$DB,$OWNER,$PW;
- $con = db_connect($DBSERVER,$OWNER,$PW);
- db_select_db(DB,$con);
$sql = "SELECT gui_id FROM gui ";
- $sql .= "WHERE gui_name = '".$guiTitle."' GROUP BY gui_id";
- $res = db_query($sql);
+ $sql .= "WHERE gui_name = $1 GROUP BY gui_id";
+ $v = array($guiTitle);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
$count_g = 0;
$array = array();
while($row = db_fetch_array($res)){
@@ -443,14 +448,12 @@
}
function getGuisByOwner($user_id){
- global $DBSERVER,$DB,$OWNER,$PW;
- $connect = db_connect($DBSERVER,$OWNER,$PW);
- db_select_db(DB);
$sql_guis = "SELECT gui.gui_id FROM gui,gui_mb_user ";
- $sql_guis .= "WHERE (gui.gui_id = gui_mb_user.fkey_gui_id AND gui_mb_user.fkey_mb_user_id = ".$user_id.") ";
- $sql_guis .= " AND gui.gui_public = 1 AND gui_mb_user.mb_user_type = 'owner' GROUP BY gui.gui_id";
- $res_guis = db_query($sql_guis);
-
+ $sql_guis .= "WHERE (gui.gui_id = gui_mb_user.fkey_gui_id AND gui_mb_user.fkey_mb_user_id = $1) ";
+ $sql_guis .= " AND gui.gui_public = 1 AND gui_mb_user.mb_user_type = 'owner' GROUP BY gui.gui_id";
+ $v = array($user_id);
+ $t = array('i');
+ $res_guis = db_prep_query($sql_guis,$v,$t);
$count_g = 0;
$arrayGuis = array();
while($row = db_fetch_array($res_guis)){
@@ -461,12 +464,11 @@
}
function getWmcByOwner($user_id){
- global $DBSERVER,$DB,$OWNER,$PW;
- $connect = db_connect($DBSERVER,$OWNER,$PW);
- db_select_db(DB);
$sql_wmc = "SELECT wmc_id FROM mb_user_wmc ";
- $sql_wmc .= "WHERE fkey_user_id = '".$user_id."' GROUP BY wmc_id";
- $res_wmc = db_query($sql_wmc);
+ $sql_wmc .= "WHERE fkey_user_id = $1 GROUP BY wmc_id";
+ $v = array($user_id);
+ $t = array('i');
+ $res_wmc = db_prep_query($sql_wmc,$v,$t);
$count_g = 0;
$arrayWmc = array();
while($row = db_fetch_array($res_wmc)){
@@ -544,24 +546,30 @@
}
function getWmsOwner($wms_id){
- $sql = "SELECT fkey_gui_id FROM gui_wms WHERE fkey_wms_id = ".$wms_id." GROUP BY fkey_gui_id";
+ $sql = "SELECT fkey_gui_id FROM gui_wms WHERE fkey_wms_id = $1 GROUP BY fkey_gui_id";
+ $v = array($wms_id);
+ $t = array('i');
$count=0;
- $res = db_query($sql);
+ $res = db_prep_query($sql,$v,$t);
while($row = db_fetch_array($res)){
$gui[$count] = $row["fkey_gui_id"];
$count++;
}
+ $v = array();
+ $t = array();
if(count($gui)>0){
$sql = "SELECT mb_user.mb_user_name FROM mb_user JOIN gui_mb_user ";
$sql .= "ON mb_user.mb_user_id = gui_mb_user.fkey_mb_user_id WHERE";
$sql .= " gui_mb_user.fkey_gui_id IN (";
for($i=0; $i<count($gui); $i++){
if($i>0){ $sql .= ",";}
- $sql .= "'".$gui[$i]."'";
+ $sql .= "$".($i+1);
+ array_push($v,$gui[$i]);
+ array_push($t,'s');
}
$sql .= ")";
$sql .= " AND gui_mb_user.mb_user_type = 'owner' GROUP BY mb_user.mb_user_name";
- $res = db_query($sql);
+ $res = db_prep_query($sql,$v,$t);
$i=0;
$wmsowner = array();
while($row = db_fetch_array($res)){
@@ -573,12 +581,10 @@
}
function insertUserAsGuiOwner($guiId, $userId){
- global $DBSERVER,$DB,$OWNER,$PW;
- $con = db_connect($DBSERVER,$OWNER,$PW);
- db_select_db($DB,$con);
- $sql = "INSERT INTO gui_mb_user VALUES ('" . $guiId . "', '" . $userId . "', 'owner')";
- $res = db_query($sql);
-
+ $sql = "INSERT INTO gui_mb_user VALUES ($1, $2, 'owner')";
+ $v = array($guiId,$userId);
+ $t = array('s','i');
+ $res = db_prep_query($sql,$v,$t);
if (!$res) {
return false;
}
@@ -590,16 +596,19 @@
function checkModulePermission($arrayGuis, $modulePath, $column){
$check = true;
if($check == true){
- global $DBSERVER,$DB,$OWNER,$PW;
$perm = false;
if(count($arrayGuis)>0){
+ $v = array();
+ $t = array();
$sql = "SELECT ".$column." FROM gui_element WHERE fkey_gui_id IN(";
for($i=0; $i<count($arrayGuis); $i++){
if($i > 0){ $sql .= ","; }
- $sql .= "'".$arrayGuis[$i]."'";
+ $sql .= "$".($i+1);
+ array_push($v,$arrayGuis[$i]);
+ array_push($t,'s');
}
$sql .= ")";
- $res = db_query($sql);
+ $res = db_prep_query($sql,$v,$t);
$cnt = 0;
while($row = db_fetch_array($res)){
if(strpos(stripslashes($row[$column]),$modulePath) !== false){
More information about the Mapbender_commits
mailing list