[Mapbender-commits] r1989 - branches/2.5/http/php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Sat Jan 19 05:27:56 EST 2008
Author: christoph
Date: 2008-01-19 05:27:56 -0500 (Sat, 19 Jan 2008)
New Revision: 1989
Modified:
branches/2.5/http/php/mod_edit_element_vars.php
branches/2.5/http/php/mod_map1.php
branches/2.5/http/php/mod_mapOV.php
branches/2.5/http/php/mod_simpleWMSpreferences.php
Log:
prepared statements
Modified: branches/2.5/http/php/mod_edit_element_vars.php
===================================================================
--- branches/2.5/http/php/mod_edit_element_vars.php 2008-01-19 09:47:08 UTC (rev 1988)
+++ branches/2.5/http/php/mod_edit_element_vars.php 2008-01-19 10:27:56 UTC (rev 1989)
@@ -110,13 +110,20 @@
<?php
# handle database updates etc.....
if(isset($mySave) && $mySave == '1'){
- if($SYS_DBTYPE=='pgsql'){
- $sql[0] = "SET AUTOCOMMIT=1;";}
- else{
- $sql[0] = "SET AUTOCOMMIT=0;shit happens";
- }
- $sql[1] = "BEGIN;";
- $sql[2] = "DELETE FROM gui_element_vars WHERE fkey_e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."' and ....";
+ if ($SYS_DBTYPE=='pgsql') {
+ $sql[0] = "SET AUTOCOMMIT=1;";
+ }
+ else {
+ $sql[0] = "SET AUTOCOMMIT=0;shit happens";
+ }
+ $v[0] = array();
+ $t[0] = array();
+ $sql[1] = "BEGIN;";
+ $v[1] = array();
+ $t[1] = array();
+ $sql[2] = "DELETE FROM gui_element_vars WHERE fkey_e_id = $1 AND fkey_gui_id = $2";
+ $v[2] = array($e_id, $guiList1);
+ $t[2] = array("s", "s");
if($e_left < 1){$e_left = "NULL";}
@@ -124,25 +131,32 @@
if($e_width < 1){$e_width = "NULL";}
if($e_height < 1){$e_height = "NULL";}
if($e_z_index < 1){$e_z_index = "NULL";}
- $sql[3] = "INSERT INTO gui_element_vars(fkey_gui_id,e_id,e_pos,e_public,e_comment,e_element,e_src,e_attributes,e_left,e_top,e_width,e_height,e_z_index,e_more_styles,e_content,e_closetag,e_js_file,e_mb_mod,e_target,e_requires) ";
- $sql[3] .= "VALUES ('".$guiList1."','".$e_id."','".$e_pos."','".$e_public."','".db_escape_string($e_comment)."','".$e_element."','".$e_src."','".db_escape_string($e_attributes)."',".$e_left.",".$e_top.",".$e_width.",".$e_height.",".$e_z_index.",'".$e_more_styles."','".$e_content."','".$e_closetag."','".$e_js_file."','".$e_mb_mod."','".$e_target."','".$e_requires."')";
+ $sql[3] = "INSERT INTO gui_element_vars ";
+ $sql[3] .= "(fkey_gui_id, e_id, e_pos, e_public, e_comment, e_element, e_src, ";
+ $sql[3] .= "e_attributes, e_left, e_top, e_width, e_height, e_z_index, ";
+ $sql[3] .= "e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, ";
+ $sql[3] .= "e_requires) ";
+ $sql[3] .= "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20)";
+ $v[3] = array($guiList1, $e_id, $e_pos, $e_public, db_escape_string($e_comment), $e_element, $e_src, db_escape_string($e_attributes), $e_left, $e_top, $e_width, $e_height, $e_z_index, $e_more_styles, $e_content, $e_closetag, $e_js_file, $e_mb_mod, $e_target, $e_requires);
+ $t[3] = array("s", "s", "i", "s", "s", "s", "s", "s", "i", "i", "i", "i", "i", "s", "s", "s", "s", "s", "s", "s");
#echo $sql[3];
- foreach ($sql as $mysql){
- $res = db_query($mysql);
- if(!$res){echo $mysql; break;}
+ for ($i = 0; $i < count($sql); $i++) {
+ $res = db_prep_query($sql[$i], $v[$i], $t[$i]);
}
if($res){
- $res = db_query( "COMMIT");
+ $res = db_query( "COMMIT");
$res = db_query( "SET AUTOCOMMIT=1");
}
else{
$res = db_query( "ROLLBACK");
$res = db_query( "SET AUTOCOMMIT=1");
}
- }
+}
if(isset($myDelete) && $myDelete == '1'){
- $sql = "DELETE FROM gui_element_vars WHERE fkey_e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."' AND var_name='".$var_name."'";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui_element_vars WHERE fkey_e_id = $1 AND fkey_gui_id = $2 AND var_name= $3";
+ $v = array($e_id, $guiList1, $var_name);
+ $t = array("s", "s", "s");
+ $res = db_prep_query($sql, $v, $t);
$e_id = ""; $e_pos = ""; $e_public = ""; $e_comment = ""; $e_element = "";
$e_src = ""; $e_attributes = ""; $e_left = ""; $e_top = ""; $e_width = ""; $e_height = ""; $e_z_index = "";
$e_more_styles = ""; $e_content = ""; $e_closetag = ""; $e_js_file = ""; $e_mb_mod = ""; $e_target = ""; $e_requires = "";
@@ -154,24 +168,37 @@
echo "</script>";
}
if(isset($all) && $all == '1'){
- $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$guiList2."' AND fkey_e_id = '".$e_id."' and var_name='".$var_name."' ;";
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2 and var_name= $3;";
+ $v = array($guiList2, $e_id, $var_name);
+ $t = array("s", "s", "s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while(db_fetch_row($res)){
- $sql_del = "DELETE FROM gui_element_vars WHERE fkey_gui_id = '".$guiList1."' AND fkey_e_id = '".db_result($res,$cnt,"fkey_e_id")."' and var_name='".$var_name."' ";
- $res_del = db_query($sql_del);
+ $sql_del = "DELETE FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2 and var_name= $3";
+ $v = array($guiList1, db_result($res,$cnt,"fkey_e_id"), $var_name);
+ $t = array("s", "s", "s");
+ $res_del = db_prep_query($sql_del, $v, $t);
if(db_result($res,$cnt,"e_left") == ""){$myleft = 'NULL';} else{$myleft = db_result($res,$cnt,"e_left");}
if(db_result($res,$cnt,"e_top") == ""){$mytop = 'NULL';} else{$mytop = db_result($res,$cnt,"e_top");}
if(db_result($res,$cnt,"e_width") == ""){$mywidth = 'NULL';} else{$mywidth = db_result($res,$cnt,"e_width");}
if(db_result($res,$cnt,"e_height") == ""){$myheight = 'NULL';} else{$myheight = db_result($res,$cnt,"e_height");}
if(db_result($res,$cnt,"e_z_index") == ""){$my_z_index = 'NULL';} else{$my_z_index = db_result($res,$cnt,"e_z_index");}
- $sql_ins = "INSERT INTO gui_element_vars(fkey_gui_id,e_id,e_pos,e_public,e_comment,e_element,e_src,e_attributes,e_left,e_top,e_width,e_height,e_z_index,e_more_styles,e_content,e_closetag,e_js_file,e_mb_mod,e_target,e_requires) ";
- $sql_ins .= "VALUES ('".$guiList1."','".db_result($res,$cnt,"e_id")."','".db_result($res,$cnt,"e_pos")."','".db_result($res,$cnt,"e_public")."','".db_escape_string(db_result($res,$cnt,"e_comment"))."','".db_result($res,$cnt,"e_element")."','".db_result($res,$cnt,"e_src")."','".db_escape_string(db_result($res,$cnt,"e_attributes"))."',".$myleft.",";
- $sql_ins .= $mytop.",".$mywidth.",".$myheight.",".$my_z_index.",'".db_result($res,$cnt,"e_more_styles")."','".db_escape_string(db_result($res,$cnt,"e_content"))."','".db_result($res,$cnt,"e_closetag")."','".db_result($res,$cnt,"e_js_file")."','".db_result($res,$cnt,"e_mb_mod")."','".db_result($res,$cnt,"e_target")."','".db_result($res,$cnt,"e_requires")."')";
+ $sql_ins = "INSERT INTO gui_element_vars ";
+ $sql_ins .= "(fkey_gui_id, e_id, e_pos,e_public, e_comment, e_element, ";
+ $sql_ins .= "e_src, e_attributes, e_left, e_top, e_width, e_height, ";
+ $sql_ins .= "e_z_index, e_more_styles, e_content, e_closetag, e_js_file, ";
+ $sql_ins .= "e_mb_mod, e_target, e_requires) ";
+ $sql_ins .= "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, ";
+ $sql_ins .= "$10, $11, $12, $13, $14, $15, $16, $17, $18, ";
+ $sql_ins .= "$19, $20)";
+ $v = array($guiList1, db_result($res,$cnt,"e_id"), db_result($res,$cnt,"e_pos"), db_result($res,$cnt,"e_public"), db_escape_string(db_result($res,$cnt,"e_comment")), db_result($res,$cnt,"e_element"), db_result($res,$cnt,"e_src"), db_escape_string(db_result($res,$cnt,"e_attributes")), $myleft, $mytop, $mywidth, $myheight, $my_z_index, db_result($res,$cnt,"e_more_styles"), db_escape_string(db_result($res,$cnt,"e_content")), db_result($res,$cnt,"e_closetag"), db_result($res,$cnt,"e_js_file"), db_result($res,$cnt,"e_mb_mod"), db_result($res,$cnt,"e_target"), db_result($res,$cnt,"e_requires"));
+ $t = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i", "i", "i", "i", "s", "s", "s", "s", "s", "s", "s");
- $res_ins = db_query($sql_ins);
- if(!$res_ins){echo db_error($connect); }
+ $res_ins = db_prep_query($sql_ins, $v, $t);
+ if (!$res_ins) {
+ echo db_error($connect);
+ }
$cnt++;
}
}
@@ -179,8 +206,10 @@
echo "<script language='javascript'>";
echo "var varIDs = new Array();";
if(isset($guiList1)){
- $sql = "SELECT var_name FROM gui_element_vars WHERE fkey_gui_id = '".$guiList1."' AND fkey_e_id = '".$e_id."'";
- $res = db_query($sql);
+ $sql = "SELECT var_name FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2";
+ $v = array($guiList1, $e_id);
+ $t = array("s", "s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while(db_fetch_row($res)){
echo "varIDs[".$cnt."] = '".db_result($res,$cnt,"var_name")."'; ";
@@ -284,8 +313,10 @@
if(isset($guiList1)){
echo "<div class='guiList2_header'>Templates</div>";
- $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$guiList1."' AND fkey_e_id='".$e_id."'";
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2";
+ $v = array($guiList1, $e_id);
+ $t = array("s", "s");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
echo "<div class='myElements'><table>";
while($row = db_fetch_array($res)){
@@ -303,9 +334,11 @@
#Formular:
echo "<table class='myForm'>";
if(isset($guiList1) && isset($var_name)){
- $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$guiList1."' AND fkey_e_id = '".$e_id."' AND var_name='".$var_name."'";
+ $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = '".$e_id."' AND var_name = $2";
+ $v = array($guiList1, $var_name);
+ $t = array("s", "s");
//echo $sql;
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
if($row = db_fetch_array($res)){
echo "<tr><td>ID: </td><td><input type='text' class='textfield' readonly name='e_id' value='".$e_id."'></td></tr>";
echo "<tr><td>Var Type: </td><td><input type='text' class='textfield' name='type' value='".$row["type"]."'></td></tr>";
Modified: branches/2.5/http/php/mod_map1.php
===================================================================
--- branches/2.5/http/php/mod_map1.php 2008-01-19 09:47:08 UTC (rev 1988)
+++ branches/2.5/http/php/mod_map1.php 2008-01-19 10:27:56 UTC (rev 1989)
@@ -37,8 +37,10 @@
<title>mod_map1</title>
<?php
-$sql = "SELECT e_width, e_height FROM gui_element WHERE e_id = 'mapframe1' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res = db_query($sql);
+$sql = "SELECT e_width, e_height FROM gui_element WHERE e_id = 'mapframe1' AND fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_width = $row["e_width"];
Modified: branches/2.5/http/php/mod_mapOV.php
===================================================================
--- branches/2.5/http/php/mod_mapOV.php 2008-01-19 09:47:08 UTC (rev 1988)
+++ branches/2.5/http/php/mod_mapOV.php 2008-01-19 10:27:56 UTC (rev 1989)
@@ -45,8 +45,10 @@
?>
<?php
$gui_id = $_SESSION["mb_user_gui"];
-$sql = "SELECT e_width,e_height, e_target FROM gui_element WHERE e_id = 'overview' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
+$sql = "SELECT e_width,e_height, e_target FROM gui_element WHERE e_id = 'overview' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
echo "<script type='text/javascript'>";
while($row = db_fetch_array($res)){
Modified: branches/2.5/http/php/mod_simpleWMSpreferences.php
===================================================================
--- branches/2.5/http/php/mod_simpleWMSpreferences.php 2008-01-19 09:47:08 UTC (rev 1988)
+++ branches/2.5/http/php/mod_simpleWMSpreferences.php 2008-01-19 10:27:56 UTC (rev 1989)
@@ -76,8 +76,10 @@
<?php
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
-$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res = db_query($sql);
+$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$e_target = $row["e_target"];
More information about the Mapbender_commits
mailing list