svn commit: r298 - trunk/mapbender/http/php/mod_exportGUI.php
uli at osgeo.org
uli at osgeo.org
Tue May 16 03:45:30 EDT 2006
Author: uli
Date: 2006-05-16 07:45:29+0000
New Revision: 298
Modified:
trunk/mapbender/http/php/mod_exportGUI.php
Log:
db_prep_query included
verification of user permissions
Modified: trunk/mapbender/http/php/mod_exportGUI.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/php/mod_exportGUI.php?view=diff&rev=298&p1=trunk/mapbender/http/php/mod_exportGUI.php&p2=trunk/mapbender/http/php/mod_exportGUI.php&r1=297&r2=298
==============================================================================
--- trunk/mapbender/http/php/mod_exportGUI.php (original)
+++ trunk/mapbender/http/php/mod_exportGUI.php 2006-05-16 07:45:29+0000
@@ -19,11 +19,11 @@
session_start();
import_request_variables("PG");
-require_once("../php/mb_validateSession.php");
require_once("../../conf/mapbender.conf");
-$con = db_connect($DBSERVER,$OWNER,$PW);
+$con = db_connect(DBSERVER,OWNER,PW);
db_select_db(DB,$con);
-$gui_id = $_SESSION["mb_user_gui"];
+require_once("../php/mb_validatePermission.php");
+$self = $PHP_SELF . "?".SID."&guiID=".$_REQUEST["guiID"]."&elementID=".$_REQUEST["elementID"];
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
@@ -69,20 +69,22 @@
if($guiList){
$insert = "";
//gui
- $sql_gui = "SELECT * FROM gui WHERE gui_name = '".$guiList."'";
- $res_gui = db_query($sql_gui);
- //echo $sql_gui."<BR>";
+ $sql_gui = "SELECT * FROM gui WHERE gui_name = $1 ";
+ $v = array($guiList);
+ $t = array('s');
+ $res_gui = db_prep_query($sql_gui,$v,$t);
- echo "";
$i = 0;
while ($row = db_fetch_row($res_gui)){
$insert = "INSERT INTO gui (gui_id, gui_name, gui_description, gui_public) VALUES ";
- $insert.= "('".db_result($res_gui, 0, 0)."','".db_result($res_gui, 0, 1)."','".db_result($res_gui, 0, 2)."',".db_result($res_gui, 0, 3).");\n";
+ $insert.= "('".db_result($res_gui, 0, 0)."','".db_result($res_gui, 0, 1)."','".db_result($res_gui, 0, 2)."',".db_result($res_gui, 0, 3).")";
}
//gui_element
- $sql_gel = "SELECT * from gui_element WHERE fkey_gui_id = '".$guiList."'";
- $res_gel = db_query($sql_gel);
+ $sql_gel = "SELECT * from gui_element WHERE fkey_gui_id = $1 ";
+ $v = array($guiList);
+ $t = array('s');
+ $res_gel = db_prep_query($sql_gel,$v,$t);
$cnt_gel = 0;
while ($row = db_fetch_array($res_gel)){
@@ -113,8 +115,10 @@
}
- $sql_gelvars = "SELECT * from gui_element_vars WHERE fkey_gui_id = '".$guiList."'";
- $res_gelvars = db_query($sql_gelvars);
+ $sql_gelvars = "SELECT * from gui_element_vars WHERE fkey_gui_id = $1 ";
+ $v = array($guiList);
+ $t = array('s');
+ $res_gelvars = db_query($sql_gelvars,$v,$t);
$cnt_gelvars = 0;
while ($row = db_fetch_row($res_gelvars)){
@@ -156,17 +160,19 @@
###
if(!$guiList){
+ $v = array();
+ $t = array();
$sql = "SELECT * FROM gui WHERE gui_id IN (";
for($i=0; $i<count($permguis); $i++){
if($i>0){ $sql .= ",";}
- $sql .= "'".$permguis[$i]."'";
+ $sql .= "$".($i + 1);
+ array_push($v,$permguis[$i]);
+ array_push($t,'s');
}
$sql .= ") ORDER BY gui_name";
-
-
- $res = db_query($sql);
+ $res = db_prep_query($sql,$v,$t);
$cnt = 0;
- echo "<form name='form1' action='" . $PHP_SELF . "?".SID."' method='post'>";
+ echo "<form name='form1' action='" . $self ."' method='post'>";
echo "<select class='guiList' size='20' name='guiList' class='guiList' onchange='document.forms[0].submit()'>";
while($row = db_fetch_array($res)){
print_r($row);
More information about the Mapbender_commits
mailing list