svn commit: r304 - trunk/mapbender/http/php/mod_loadWFSCapabilities.php

Tue May 16 05:03:13 EDT 2006

Author: uli
Date: 2006-05-16 09:03:13+0000
New Revision: 304

Modified:
   trunk/mapbender/http/php/mod_loadWFSCapabilities.php

Log:
db_prep_query included

Modified: trunk/mapbender/http/php/mod_loadWFSCapabilities.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/php/mod_loadWFSCapabilities.php?view=diff&rev=304&p1=trunk/mapbender/http/php/mod_loadWFSCapabilities.php&p2=trunk/mapbender/http/php/mod_loadWFSCapabilities.php&r1=303&r2=304
==============================================================================

--- trunk/mapbender/http/php/mod_loadWFSCapabilities.php	(original)
+++ trunk/mapbender/http/php/mod_loadWFSCapabilities.php	2006-05-16 09:03:13+0000
@@ -88,7 +88,7 @@
 <body>
 
 <?php
-$con = db_connect($DBSERVER,$OWNER,$PW);
+$con = db_connect(DBSERVER,OWNER,PW);
 
 echo "<form name='form1' action='" . $PHP_SELF . "?".SID."' method='post'>";
 
@@ -97,8 +97,11 @@
 echo "<td>";
 echo"GUI";
 echo"<br>";
-$sql = "SELECT * from gui_mb_user, gui WHERE gui.gui_id=gui_mb_user.fkey_gui_id AND gui.gui_public=1 AND gui_mb_user.fkey_mb_user_id=".$_SESSION["mb_user_id"]."  Order BY fkey_gui_id ;";
-$res = db_query($sql);
+$sql = "SELECT * from gui_mb_user, gui WHERE gui.gui_id = gui_mb_user.fkey_gui_id ";
+$sql .= "AND gui.gui_public = 1 AND gui_mb_user.fkey_mb_user_id = $1 Order BY fkey_gui_id ;";
+$v = array($_SESSION["mb_user_id"]);
+$t = array('i');
+$res = db_prep_query($sql,$v,$t);
 $count=0;
 while($row = db_fetch_array($res)){
 	$gui_id[$count]=$row["gui_id"];
@@ -127,8 +130,11 @@
 
 
 if(isset($guiList) && $guiList!=""){
-  $sql="SELECT Distinct wfs.wfs_title from gui_wfs LEFT JOIN wfs ON gui_wfs.fkey_wfs_id=wfs.wfs_id where gui_wfs.fkey_gui_id='".$guiList."' order by wfs.wfs_title";
-  $res = db_query($sql);
+	$sql = "SELECT Distinct wfs.wfs_title from gui_wfs LEFT JOIN wfs ON gui_wfs.fkey_wfs_id=wfs.wfs_id ";
+	$sql .= "where gui_wfs.fkey_gui_id = $1 order by wfs.wfs_title";
+	$v = array($guiList);
+	$t = array('s');
+	$res = db_prep_query($sql,$v,$t);
 
   $count=0;
   echo"<select size='8' name='wfsList' style='width:200px'>";


