[Mapbender-commits] r1206 - trunk/mapbender/http/php

[svn_mapbender at osgeo.org]

Author: christoph
Date: 2007-03-09 10:00:55 -0500 (Fri, 09 Mar 2007)
New Revision: 1206

Modified:
   trunk/mapbender/http/php/mb_listWMCs.php
Log:
added prepared statements

Modified: trunk/mapbender/http/php/mb_listWMCs.php
===================================================================
--- trunk/mapbender/http/php/mb_listWMCs.php	2007-03-08 13:58:56 UTC (rev 1205)
+++ trunk/mapbender/http/php/mb_listWMCs.php	2007-03-09 15:00:55 UTC (rev 1206)
@@ -51,15 +51,19 @@
 	$display = "<h2 style='font-family: Arial, Helvetica, sans-serif; color: #808080;background-color: White;'><font align='left' color='#000000'>Ma</font><font color='#0000CE'>p</font><font color='#C00000'>b</font><font color='#000000'>ender WMC list </font> </h2>";
 	$display .= "<table width='90%' style='font-family: Arial, Helvetica, sans-serif;font-size : 12px;color: #808080;' border='1' cellpadding='3' rules='rows'><tr style='background-color:#F0F0F0;' width='80px'><td ><b>WMC name</b></td><td><b>last update</b></td><td colspan=5></td></tr>";
 	if(count($wmcList)>0){
+		$v = array();
+		$t = array();
 		$sql_list_wmcs = "SELECT DISTINCT wmc_id, wmc_title, wmc_timestamp FROM mb_user_wmc ";
 		$sql_list_wmcs .= "WHERE wmc_id IN (";
 		for($i=0; $i<count($wmcList); $i++){
 			if($i>0){$sql_list_wmcs .= ",";}
-			$sql_list_wmcs .= "'". $wmcList[$i]."'";
+			$sql_list_wmcs .= "$".($i+1);
+			array_push($v, $wmcList[$i]);
+			array_push($t, 's');
 		}
 		$sql_list_wmcs .= ") ";
 		$sql_list_wmcs .= "ORDER BY wmc_timestamp DESC";
-		$res_list_wmcs = db_query($sql_list_wmcs);
+		$res_list_wmcs = db_prep_query($sql_list_wmcs, $v, $t);
 		$cnt_list_wmcs = 0;
 		while($row = db_fetch_array($res_list_wmcs)){
 			$display .= "<tr  onmouseover='this.style.backgroundColor = \"#F08080\"' onmouseout='this.style.backgroundColor = \"#ffffff\"'";