svn commit: r303 - trunk/mapbender/http/php/mod_editSelf.php
uli at osgeo.org
uli at osgeo.org
Tue May 16 04:59:16 EDT 2006
Author: uli
Date: 2006-05-16 08:59:16+0000
New Revision: 303
Modified:
trunk/mapbender/http/php/mod_editSelf.php
Log:
db_prep_query included
Modified: trunk/mapbender/http/php/mod_editSelf.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/php/mod_editSelf.php?view=diff&rev=303&p1=trunk/mapbender/http/php/mod_editSelf.php&p2=trunk/mapbender/http/php/mod_editSelf.php&r1=302&r2=303
==============================================================================
--- trunk/mapbender/http/php/mod_editSelf.php (original)
+++ trunk/mapbender/http/php/mod_editSelf.php 2006-05-16 08:59:16+0000
@@ -126,8 +126,10 @@
#delete
if($action == 'delete'){
- $sql = "DELETE FROM mb_user WHERE mb_user_id = " . $selected_user;
- $res = db_query($sql);
+ $sql = "DELETE FROM mb_user WHERE mb_user_id = $1 ";
+ $v = array($selected_user);
+ $t = array('i');
+ $res = db_prep_query($sql,$v,$t);
session_destroy();
echo "You have deleted your account.<br><br>";
die();
@@ -136,43 +138,74 @@
#save
if($action == 'save'){
- $sql = "SELECT mb_user_id FROM mb_user WHERE mb_user_name = '".$name."' ";
- $res = db_query($sql);
+ $sql = "SELECT mb_user_id FROM mb_user WHERE mb_user_name = $1 ";
+ $v = array($name);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
if(db_fetch_row($res)){
echo "<script language='JavaScript'>alert('Username must be unique!');</script>";
}
else{
- $sql = "Insert INTO mb_user (mb_user_name, mb_user_password,mb_user_owner, mb_user_description, mb_user_email, mb_user_phone, mb_user_department, mb_user_resolution) VALUES ";
- $sql.= "('".$name."', password('".$password."'),".$owner_id.",'".$description."', '".$email."', '".$phone."', '".$department."', ".$resolution.");";
- $res = db_query($sql);
- $selected_user = db_insert_id();
+ $sql = "Insert INTO mb_user (mb_user_name, mb_user_password,mb_user_owner, mb_user_description,";
+ $sql .= " mb_user_email, mb_user_phone, mb_user_department, mb_user_resolution) VALUES ";
+ $sql.= "($1, ";
+ if(SYS_DBTYPE == "mysql") {
+ $sql .= "password($2)";
+ }
+ else {
+ if (MD5 == 'false'){
+ $sql .= "$2'";
+ }
+ else{
+ $sql .= "md5($2)";
+ }
+ }
+ $sql.= ", $3, $4, $5, $6, $7, $8);";
+ $v = array($name,$password,$owner_id,$description,$email,$phone,$department,$resolution);
+ $t = array('s','s','i','s','s','s','s','i');
+ $res = db_prep_query($sql,$t,$v);
+ $selected_user = db_insert_id();
}
}
#update
if($action == 'update'){
- $sql = "SELECT mb_user_id FROM mb_user WHERE mb_user_name = '".$name."' AND mb_user_id <> ".$selected_user;
- $res = db_query($sql);
- if(db_fetch_row($res)){
- echo "<script language='JavaScript'>alert('Username must be unique!');</script>";
- }
- else{
- $sql = "UPDATE mb_user SET mb_user_name ='".$name."'";
- if($password != ""){
- $sql.=", mb_user_password = password('".$password."')";
- }
- $sql.=", mb_user_description = '".$description."'";
- $sql.=", mb_user_login_count = '".$login_count."'";
- $sql.=", mb_user_email = '".$email."'";
- $sql.=", mb_user_phone = '".$phone."'";
- $sql.=", mb_user_department = '".$department."'";
- $sql.=", mb_user_resolution = ".$resolution;
- $sql.=" where mb_user_id = " . $selected_user;
- $res = db_query($sql);
+ $sql = "SELECT mb_user_id FROM mb_user WHERE mb_user_name = $1 AND mb_user_id <> $2";
+ $v = array($name,$selected_user);
+ $t = array('s','i');
+ $res = db_prep_query($sql,$v,$t);
+ if(db_fetch_row($res)){
+ echo "<script language='JavaScript'>alert('Username must be unique!');</script>";
+ }
+ else{
+ $sql = "UPDATE mb_user SET mb_user_name = $1, mb_user_password = ";
+ if($password != ""){
+ if(SYS_DBTYPE == "mysql") {
+ $sql .= "password($2)";
+ }
+ else {
+ if (MD5 == 'false'){
+ $sql .= "$2'";
+ }
+ else{
+ $sql .= "md5($2)";
+ }
+ }
+ }
+ $sql.=", mb_user_description = $3";
+ $sql.=", mb_user_login_count = $4";
+ $sql.=", mb_user_email = $5";
+ $sql.=", mb_user_phone = $6";
+ $sql.=", mb_user_department = $7";
+ $sql.=", mb_user_resolution = $8";
+ $sql.=" where mb_user_id = $9";
+ $v = array($name,$password,$description,$login_count,$email,$phone,$department,$resolution,$selected_user);
+ $t = array('s','s','s','i','s','s','s','i','i');
+ $res = db_prep_query($sql,$v,$t);
if($password && $res){
echo "<script language='JavaScript'>alert('Password has been updated successfully!');</script>";
}
- }
+ }
}
if (!isset($name) || $selected_user == 'new'){
$name = "";
@@ -196,8 +229,10 @@
echo "<table border='0'>";
if(isset($selected_user) && $selected_user != 0){
- $sql = "SELECT * FROM mb_user WHERE mb_user_id = '".$_SESSION["mb_user_id"]."'";
- $res = db_query($sql);
+ $sql = "SELECT * FROM mb_user WHERE mb_user_id = $1";
+ $v = array($_SESSION["mb_user_id"]);
+ $t = array('i');
+ $res = db_prep_query($sql,$v,$t);
if(db_fetch_row($res)){
$name = db_result($res,0,"mb_user_name");
$password = db_result($res,0,"mb_user_password");
More information about the Mapbender_commits
mailing list