svn commit: r675 - trunk/mapbender/http/classes/class_gui.php
christoph at osgeo.org
christoph at osgeo.org
Thu Jul 20 08:39:20 EDT 2006
Author: christoph
Date: 2006-07-20 12:39:19+0000
New Revision: 675
Modified:
trunk/mapbender/http/classes/class_gui.php
Log:
switched to prepared statements
Modified: trunk/mapbender/http/classes/class_gui.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/classes/class_gui.php?view=diff&rev=675&p1=trunk/mapbender/http/classes/class_gui.php&p2=trunk/mapbender/http/classes/class_gui.php&r1=674&r2=675
==============================================================================
--- trunk/mapbender/http/classes/class_gui.php (original)
+++ trunk/mapbender/http/classes/class_gui.php 2006-07-20 12:39:19+0000
@@ -19,6 +19,8 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
require_once("../../conf/mapbender.conf");
+$con = db_connect($DBSERVER,$OWNER,$PW);
+db_select_db(DB,$con);
class gui{
@@ -26,113 +28,104 @@
}
// CB - returns true if a gui '$gui_id' exists
-
function guiExists($gui_id){
- global $DBSERVER,$DB,$OWNER,$PW;
- $con = db_connect($DBSERVER,$OWNER,$PW);
- db_select_db(DB,$con);
$sql = "SELECT * FROM gui ";
- $sql .= "WHERE gui_id = '".$gui_id."'";
- $res = db_query($sql);
- $count_g = 0;
- $array = array();
- while($row = db_fetch_array($res)){
- $array[$count_g] = $row["gui_id"];
- $count_g++;
- }
- if ($count_g >0) {
- return true;
- }
- else {
- return false;
- }
+ $sql .= "WHERE gui_id = $1";
+ $v = array($gui_id);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
+ $row = db_fetch_array($res);
+ if ($row) return true;
+ else return false;
}
-
-
// CB - deletes a GUI $guiId and all its links to users, layers etc.
function deleteGui ($guiId) {
- //
- // begin transaction
- //
$guiList = $guiId;
-
- $sql = "BEGIN;";
- $report .= "<br><br>" . $sql . "<br><br>";
+ $sql = "BEGIN";
$res = db_query($sql);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
$error = true;
}
- $sql = "DELETE FROM gui WHERE gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui WHERE gui_id = $1";
+ $v = array($guiList);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
$error = true;
}
- $sql = "DELETE FROM gui_element WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui_element WHERE fkey_gui_id = $1";
+ $v = array($guiList);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
$error = true;
}
- $sql = "DELETE FROM gui_element_vars WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui_element_vars WHERE fkey_gui_id = $1";
+ $v = array($guiList);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
$error = true;
}
- $sql = "DELETE FROM gui_layer WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui_layer WHERE fkey_gui_id = $1";
+ $v = array($guiList);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
$error = true;
}
- $sql = "DELETE FROM gui_mb_group WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui_mb_group WHERE fkey_gui_id = $1";
+ $v = array($guiList);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
$error = true;
}
- $sql = "DELETE FROM gui_mb_user WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui_mb_user WHERE fkey_gui_id = $1";
+ $v = array($guiList);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
$error = true;
}
- $sql = "DELETE FROM gui_treegde WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui_treegde WHERE fkey_gui_id = $1";
+ $v = array($guiList);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
$error = true;
}
- $sql = "DELETE FROM gui_wfs WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui_wfs WHERE fkey_gui_id = $1";
+ $v = array($guiList);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
$error = true;
}
- $sql = "DELETE FROM gui_wms WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
- $res = db_query($sql);
+ $sql = "DELETE FROM gui_wms WHERE fkey_gui_id = $1";
+ $v = array($guiList);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
$error = true;
@@ -140,8 +133,7 @@
// if $error is true, the transaction is aborted -> rollback
if (!$error) {
- $sql = "COMMIT;";
- $report .= "<br><br>" . $sql . "<br><br>";
+ $sql = "COMMIT";
$res = db_query($sql);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
@@ -150,8 +142,7 @@
}
//if $error is false, the transaction is executed -> commit
else {
- $sql = "ROLLBACK;";
- $report .= "<br><br>" . $sql . "<br><br>";
+ $sql = "ROLLBACK";
$res = db_query($sql);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
@@ -161,8 +152,6 @@
return !$error;
}
-
-
// CB - rename a GUI
function renameGui ($guiId, $newGuiName) {
$error = false;
@@ -177,28 +166,18 @@
// CB - copies a GUI $guiId and all its links to users, layers etc. to GUI $newGuiName
function copyGui ($guiId, $newGuiName, $withUsers) {
- global $DBSERVER,$DB,$OWNER,$PW;
$error = false;
-
$guiList = $guiId;
- //
- // begin transaction
- //
-
if (!$this->guiExists($newGuiName)) {
-
- $sql = "BEGIN;";
- $report .= "<br><br>" . $sql . "<br><br>";
+ $sql = "BEGIN";
$res = db_query($sql);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
$error = true;
}
- // INSERT
$sql = "INSERT INTO gui SELECT '" . $newGuiName . "', '" . $newGuiName . "',gui_description, gui_public FROM gui WHERE gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
$res = db_query($sql);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
@@ -206,7 +185,6 @@
}
$sql = "INSERT INTO gui_element SELECT '" . $newGuiName . "', e_id, e_pos, e_public, e_comment, e_element, e_src, e_attributes, e_left, e_top, e_width, e_height, e_z_index, e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, e_requires FROM gui_element WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
$res = db_query($sql);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
@@ -214,7 +192,6 @@
}
$sql = "INSERT INTO gui_element_vars SELECT '" . $newGuiName . "', fkey_e_id, var_name, var_value, context, var_type FROM gui_element_vars WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
$res = db_query($sql);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
@@ -222,7 +199,6 @@
}
$sql = "INSERT INTO gui_layer SELECT '" . $newGuiName . "', fkey_layer_id, gui_layer_wms_id, gui_layer_status, gui_layer_selectable, gui_layer_visible, gui_layer_queryable, gui_layer_querylayer, gui_layer_minscale, gui_layer_maxscale, gui_layer_priority, gui_layer_style, gui_layer_wfs_featuretype FROM gui_layer WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
$res = db_query($sql);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
@@ -230,7 +206,6 @@
}
$sql = "INSERT INTO gui_mb_group SELECT '" . $newGuiName . "', fkey_mb_group_id, mb_group_type FROM gui_mb_group WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
$res = db_query($sql);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
@@ -240,7 +215,6 @@
if ($withUsers == true) {
/* users of original gui are copied as well */
$sql = "INSERT INTO gui_mb_user SELECT '" . $newGuiName . "', fkey_mb_user_id, mb_user_type FROM gui_mb_user WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
$res = db_query($sql);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
@@ -249,18 +223,16 @@
}
else {
// users of original gui are not copied, the current user is set as owner
- $sql = "INSERT INTO gui_mb_user VALUES ('" . $newGuiName . "', '" . $_SESSION["mb_user_id"] . "', 'owner');";
- $report .= "<br><br>" . $sql . "<br><br>";
- $res = db_query($sql);
+ $sql = "INSERT INTO gui_mb_user VALUES ($1, $2, 'owner')";
+ $v = array($newGuiName, $_SESSION["mb_user_id"]);
+ $t = array('s', 'i');
+ $res = db_prep_query($sql,$v,$t);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
$error = true;
}
}
-
-
$sql = "INSERT INTO gui_treegde SELECT '" . $newGuiName . "', fkey_layer_id, id, lft, rgt, my_layer_title, layer, wms_id FROM gui_treegde WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
$res = db_query($sql);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
@@ -268,7 +240,6 @@
}
$sql = "INSERT INTO gui_wfs SELECT '" . $newGuiName . "', fkey_wfs_id FROM gui_wfs WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
$res = db_query($sql);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
@@ -276,7 +247,6 @@
}
$sql = "INSERT INTO gui_wms SELECT '" . $newGuiName . "', fkey_wms_id, gui_wms_position, gui_wms_mapformat, gui_wms_featureinfoformat, gui_wms_exceptionformat, gui_wms_epsg, gui_wms_visible FROM gui_wms WHERE fkey_gui_id = '" . $guiList . "';";
- $report .= "<br><br>" . $sql . "<br><br>";
$res = db_query($sql);
if (!$res) {
$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
@@ -285,23 +255,15 @@
// if $error is false, the transaction is executed -> commit
if (!$error) {
- $sql = "COMMIT;";
- $report .= "<br><br>" . $sql . "<br><br>";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
- }
- // if $error is true, the transaction is aborted -> rollback
+ $sql = "COMMIT";
+ }
else {
- $sql = "ROLLBACK;";
- $report .= "<br><br>" . $sql . "<br><br>";
- $res = db_query($sql);
- if (!$res) {
- $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
- $error = true;
- }
+ $sql = "ROLLBACK";
+ }
+ $res = db_query($sql);
+ if (!$res) {
+ $report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
+ $error = true;
}
return !$error;
}
More information about the Mapbender_commits
mailing list