svn commit: r292 - trunk/mapbender/http/php/mb_getGUIs.php

uli at osgeo.org uli at osgeo.org
Tue May 16 01:47:05 EDT 2006 

Author: uli
Date: 2006-05-16 05:47:04+0000
New Revision: 292

Modified:
   trunk/mapbender/http/php/mb_getGUIs.php

Log:
db_prep_query included


Modified: trunk/mapbender/http/php/mb_getGUIs.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/php/mb_getGUIs.php?view=diff&rev=292&p1=trunk/mapbender/http/php/mb_getGUIs.php&p2=trunk/mapbender/http/php/mb_getGUIs.php&r1=291&r2=292
==============================================================================
--- trunk/mapbender/http/php/mb_getGUIs.php	(original)
+++ trunk/mapbender/http/php/mb_getGUIs.php	2006-05-16 05:47:04+0000
@@ -20,8 +20,10 @@
 function mb_getGUIs($mb_user_id){
 	$arrayGuis = array();
 	if(isset($mb_user_id)){
-		$sql_groups = "SELECT fkey_mb_group_id FROM mb_user_mb_group WHERE fkey_mb_user_id = " . $mb_user_id;
-		$res_groups = db_query($sql_groups);
+		$sql_groups = "SELECT fkey_mb_group_id FROM mb_user_mb_group WHERE fkey_mb_user_id = $1 ";
+		$v = array($mb_user_id);
+		$t = array('i');
+		$res_groups = db_prep_query($sql_groups,$v,$t);
 		$cnt_groups = 0;
 		while(db_fetch_row($res_groups)){
 			$mb_user_groups[$cnt_groups] = db_result($res_groups,$cnt_groups,"fkey_mb_group_id");
@@ -29,24 +31,29 @@
 		}
 		$count_g = 0;
 		if($cnt_groups > 0){
+			$v = array();
+			$t = array();
 			$sql_g = "SELECT DISTINCT gui.gui_id FROM gui JOIN gui_mb_group ";     
 			$sql_g .= " ON gui.gui_id = gui_mb_group.fkey_gui_id WHERE( gui_mb_group.fkey_mb_group_id IN (";  
 			for($i=0; $i<count($mb_user_groups);$i++){
 				if($i > 0){$sql_g .= ",";}
-				$sql_g .= $mb_user_groups[$i];
+				$sql_g .= "$".($i + 1);
+				array_push($v,$mb_user_groups[$i]);
+				array_push($t,'i');
 			}
 			$sql_g .= "))";
-			$res_g = db_query($sql_g);
+			$res_g = db_prep_query($sql_g,$v,$t);
 			while(db_fetch_row($res_g)){
 				$arrayGuis[$count_g] = db_result($res_g, $count_g, "gui_id");
 				$count_g++;
 			}
 		}
 		$sql_guis = "SELECT DISTINCT gui.gui_id FROM gui JOIN gui_mb_user ";  
-		$sql_guis .= "ON gui.gui_id = gui_mb_user.fkey_gui_id WHERE (gui_mb_user.fkey_mb_user_id = ".$mb_user_id.") ";
-		$sql_guis .= " AND gui.gui_public = 1";  
-		
-		$res_guis = db_query($sql_guis);
+		$sql_guis .= "ON gui.gui_id = gui_mb_user.fkey_gui_id WHERE (gui_mb_user.fkey_mb_user_id = $1) ";
+		$sql_guis .= " AND gui.gui_public = 1";
+		$v = array($mb_user_id);
+		$t = array('i');
+		$res_guis = db_prep_query($sql_guis,$v,$t);
 		$count_guis = 0;
 		while(db_fetch_row($res_guis)){
 			if( !in_array(db_result($res_guis,$count_guis,"gui_id"),$arrayGuis)){

More information about the Mapbender_commits mailing list