svn commit: r306 - trunk/mapbender/http/php/mod_editGuiWms.php
uli at osgeo.org
uli at osgeo.org
Tue May 16 05:55:51 EDT 2006
Author: uli
Date: 2006-05-16 09:55:51+0000
New Revision: 306
Modified:
trunk/mapbender/http/php/mod_editGuiWms.php
Log:
db_prep_query included
Modified: trunk/mapbender/http/php/mod_editGuiWms.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/php/mod_editGuiWms.php?view=diff&rev=306&p1=trunk/mapbender/http/php/mod_editGuiWms.php&p2=trunk/mapbender/http/php/mod_editGuiWms.php&r1=305&r2=306
==============================================================================
--- trunk/mapbender/http/php/mod_editGuiWms.php (original)
+++ trunk/mapbender/http/php/mod_editGuiWms.php 2006-05-16 09:55:51+0000
@@ -1,6 +1,6 @@
<?php
# $Id: mod_editGuiWms.php,v 1.21 2006/03/09 10:50:48 uli_rothstein Exp $
-# $Header: /cvsroot/mapbender/mapbender/http/php/mod_editGuiWms.php,v 1.21 2006/03/09 10:50:48 uli_rothstein Exp $
+#
# Copyright (C) 2002 CCGIS
#
# This program is free software; you can redistribute it and/or modify
@@ -18,12 +18,11 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
session_start();
-import_request_variables("PG");
-require_once("../php/mb_validateSession.php");
require_once("../../conf/mapbender.conf");
-$con = db_connect($DBSERVER,$OWNER,$PW);
+$con = db_connect(DBSERVER,OWNER,PW);
db_select_db(DB,$con);
-$gui_id = $_SESSION["mb_user_gui"];
+import_request_variables("PG");
+require_once("../php/mb_validatePermission.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
@@ -146,8 +145,10 @@
#delete gui_wms from gui
if($del && $del == 'true'){
- $sql="SELECT DISTINCT gui_wms_position from gui_wms WHERE fkey_gui_id = '".$guiList."' and fkey_wms_id='".$wmsList."';";
- $res = db_query($sql);
+ $sql="SELECT DISTINCT gui_wms_position from gui_wms WHERE fkey_gui_id = $1 and fkey_wms_id = $2";
+ $v = array($guiList,$wmsList);
+ $t = array('s','i');
+ $res = db_prep_query($sql,$v,$t);
$cnt = 0;
while($row = db_fetch_array($res)){
$wms_position = $row["gui_wms_position"];
@@ -155,17 +156,23 @@
}
#if($cnt > 1){die("Error: WMS (ID) not unique!");}
- $sql = "Delete from gui_wms where fkey_gui_id = '".$guiList."' and fkey_wms_id='".$wmsList."';";
- $res = db_query($sql);
+ $sql = "Delete from gui_wms where fkey_gui_id = $1 and fkey_wms_id = $2 ";
+ $v = array($guiList,$wmsList);
+ $t = array('s','i');
+ $res = db_prep_query($sql,$v,$t);
- $sql = "Delete from gui_layer where fkey_gui_id = '".$guiList."' and gui_layer_wms_id = ".$wmsList.";";
- $res = db_query($sql);
+ $sql = "Delete from gui_layer where fkey_gui_id = $1 and gui_layer_wms_id = $2";
+ $v = array($guiList,$wmsList);
+ $t = array('s','i');
+ $res = db_prep_query($sql,$v,$t);
$del='false';
- $sql = "UPDATE gui_wms SET gui_wms_position = (gui_wms_position - 1) WHERE gui_wms_position > " . $wms_position;
- $sql .= " AND fkey_gui_id = '".$guiList."'";
- $res = db_query($sql);
+ $sql = "UPDATE gui_wms SET gui_wms_position = (gui_wms_position - 1) WHERE gui_wms_position > $1";
+ $sql .= " AND fkey_gui_id = $2 ";
+ $v = array($wms_position,$guiList);
+ $t = array('i','s');
+ $res = db_prep_query($sql,$v,$t);
unset($wmsList);
}
@@ -174,22 +181,27 @@
if($up && $up == 'true'){
if ($wmsList!=""){
$sql = "SELECT gui_wms_position ";
- $sql .= "FROM gui_wms WHERE fkey_gui_id = '".$guiList."' AND fkey_wms_id = ".$wmsList;
- $res = db_query($sql);
+ $sql .= "FROM gui_wms WHERE fkey_gui_id = $1 AND fkey_wms_id = $2";
+ $v = array($guiList,$wmsList);
+ $t = array('s','i');
+ $res = db_prep_query($sql,$v,$t);
if($row = db_fetch_array($res)){
$wms_position = $row["gui_wms_position"];
}
}
if($wms_position > 0){
$sql = "UPDATE gui_wms SET ";
- $sql .= "gui_wms_position = ".($wms_position - 1);
- $sql .= " WHERE fkey_gui_id = '".$guiList."' AND fkey_wms_id='".$wmsList."';";
- $res = db_query($sql);
+ $sql .= "gui_wms_position = $1";
+ $sql .= " WHERE fkey_gui_id = $2 AND fkey_wms_id = $3";
+ $v = array(($wms_position - 1),$guiList,$wmsList);
+ $t = array('i','s','i');
+ $res = db_prep_query($sql,$v,$t);
$sql = "UPDATE gui_wms SET ";
- $sql .= "gui_wms_position = " . $wms_position;
- $sql .= " WHERE gui_wms_position = ".($wms_position - 1)." AND fkey_gui_id = '".$guiList."' AND fkey_wms_id <> '".$wmsList."';";
- //echo $sql;
- $res = db_query($sql);
+ $sql .= "gui_wms_position = $1";
+ $sql .= " WHERE gui_wms_position = $2 AND fkey_gui_id = $3 AND fkey_wms_id <> $4 ";
+ $v = array($wms_position,($wms_position - 1),$guiList,$wmsList);
+ $t = array('i','i','s','i');
+ $res = db_prep_query($sql,$v,$t);
}
}
@@ -197,64 +209,74 @@
$max = 0;
if ($wmsList!=""){
$sql = "SELECT gui_wms_position ";
- $sql .= "FROM gui_wms WHERE fkey_gui_id = '".$guiList."' AND fkey_wms_id='".$wmsList."';";
- $res = db_query($sql);
+ $sql .= "FROM gui_wms WHERE fkey_gui_id = $1 AND fkey_wms_id = $2";
+ $v = array($guiList,$wmsList);
+ $t = array('s','i');
+ $res = db_prep_query($sql,$v,$t);
if($row = db_fetch_array($res)){
$wms_position = $row["gui_wms_position"];
}
- $sql = "SELECT MAX(gui_wms_position) as max FROM gui_wms WHERE fkey_gui_id = '".$guiList."' ";
- $res = db_query($sql);
+ $sql = "SELECT MAX(gui_wms_position) as max FROM gui_wms WHERE fkey_gui_id = $1 ";
+ $v = array($guiList);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
if($row = db_fetch_array($res)){
$max = $row["max"];
}
}
if($wms_position < $max){
$sql = "UPDATE gui_wms SET ";
- $sql .= "gui_wms_position = ".($wms_position + 1);
- $sql .= " WHERE fkey_gui_id = '".$guiList."' AND fkey_wms_id='".$wmsList."';";
- $res = db_query($sql);
+ $sql .= "gui_wms_position = $1";
+ $sql .= " WHERE fkey_gui_id = $2 AND fkey_wms_id = $3";
+ $v = array(($wms_position + 1),$guiList,$wmsList);
+ $t = array('i','s','i');
+ $res = db_prep_query($sql,$v,$t);
$sql = "UPDATE gui_wms SET ";
- $sql .= "gui_wms_position = " . $wms_position;
- $sql .= " WHERE gui_wms_position = ".($wms_position + 1)." AND fkey_gui_id = '".$guiList."' AND fkey_wms_id <> '".$wmsList."';";
- $res = db_query($sql);
+ $sql .= "gui_wms_position = $1";
+ $sql .= " WHERE gui_wms_position = $2 AND fkey_gui_id = $3 AND fkey_wms_id <> $4";
+ $v = array($wms_position,($wms_position + 1),$guiList,$wmsList);
+ $t = array('i','i','s','i');
+ $res = db_prep_query($sql,$v,$t);
}
}
/*handle Updates*/
if(isset($update_content) && $update_content == "1"){
if(isset($this_gui_wms_epsg)){
- $sql = "UPDATE gui_wms set gui_wms_epsg = '".$this_gui_wms_epsg."', gui_wms_mapformat = '".$this_gui_wms_mapformat."', ";
- $sql .= "gui_wms_featureinfoformat = '".$this_gui_wms_featureinfoformat."', gui_wms_exceptionformat = '".$this_gui_wms_exceptionformat."', ";
- $sql .= "gui_wms_visible = '".$this_gui_wms_visible."' ";
- $sql .= "WHERE fkey_gui_id = '".$this_gui."' AND fkey_wms_id = ".$this_wms;
- $res = db_query($sql);
+ $sql = "UPDATE gui_wms set gui_wms_epsg = $1, gui_wms_mapformat = $2, ";
+ $sql .= "gui_wms_featureinfoformat = $3, gui_wms_exceptionformat = $4, ";
+ $sql .= "gui_wms_visible = $5 ";
+ $sql .= "WHERE fkey_gui_id = $6 AND fkey_wms_id = $7";
+ $v = array($this_gui_wms_epsg,$this_gui_wms_mapformat,$this_gui_wms_featureinfoformat,$this_gui_wms_exceptionformat,$this_gui_wms_visible,$this_gui,$this_wms);
+ $t = array('s','s','s','s','i','s','i');
+ $res = db_prep_query($sql,$v,$t);
}
else{
- $sql = "UPDATE gui_wms set gui_wms_mapformat = '".$this_gui_wms_mapformat."', ";
- $sql .= "gui_wms_featureinfoformat = '".$this_gui_wms_featureinfoformat."', gui_wms_exceptionformat = '".$this_gui_wms_exceptionformat."', ";
- $sql .= "gui_wms_visible = '".$this_gui_wms_visible."' ";
- $sql .= "WHERE fkey_gui_id = '".$this_gui."' AND fkey_wms_id = ".$this_wms;
- $res = db_query($sql);
+ $sql = "UPDATE gui_wms set gui_wms_mapformat = $1, ";
+ $sql .= "gui_wms_featureinfoformat = $2, gui_wms_exceptionformat = $3, ";
+ $sql .= "gui_wms_visible = $4 ";
+ $sql .= "WHERE fkey_gui_id = $5 AND fkey_wms_id = $6";
+ $v = array($this_gui_wms_mapformat,$this_gui_wms_featureinfoformat,$this_gui_wms_exceptionformat,$this_gui_wms_visible,$this_gui,$this_wms);
+ $t = array('s','s','s','i','s','i');
+ $res = db_prep_query($sql,$v,$t);
}
/**/
$cnt = 0;
while(list($key,$val) = each($_REQUEST)){
- if(preg_match("/___/", $key)){
- $myKey = explode("___", $key);
- if($myKey[1]!="layer_parent" && $myKey[1]!='layer_id' )
- {
- $sql = "UPDATE gui_layer SET ".$myKey[1]." = ".$val." WHERE fkey_gui_id = '".$this_gui."' AND fkey_layer_id = ".str_replace("L_","",$myKey[0]);
-
- if(!$res = db_query($sql))
- {
- echo "FEHLER in ZEILE 249";
- }
- }
- #echo $sql."<br>";
- }
- }
+ if(preg_match("/___/", $key)){
+ $myKey = explode("___", $key);
+ if($myKey[1]!="layer_parent" && $myKey[1]!='layer_id' ){
+ $sql = "UPDATE gui_layer SET ".$myKey[1]." = $1 WHERE fkey_gui_id = $2 AND fkey_layer_id = $3";
+ $v = array($val,$this_gui,str_replace("L_","",$myKey[0]));
+ $t = array('i','s','i');
+ if(!$res = db_prep_query($sql,$v,$t)){
+ echo "FEHLER in ZEILE 249";
+ }
+ }
+ }
+ }
}
echo "<form name='form1' action='" . $PHP_SELF . "?".SID."' method='post'>";
@@ -272,9 +294,11 @@
echo "<tr>";
echo "<td>";
-$sql = "SELECT * from gui_mb_user JOIN gui ON gui.gui_id=gui_mb_user.fkey_gui_id WHERE gui.gui_public=1 AND gui_mb_user.fkey_mb_user_id=".$mb_user_id." AND gui_mb_user.mb_user_type='owner' Order BY fkey_gui_id ;";
-
-$res = db_query($sql);
+$sql = "SELECT * from gui_mb_user JOIN gui ON gui.gui_id = gui_mb_user.fkey_gui_id WHERE ";
+$sql .= "gui.gui_public = 1 AND gui_mb_user.fkey_mb_user_id = $1 AND gui_mb_user.mb_user_type = 'owner' Order BY fkey_gui_id ";
+$v = array($mb_user_id,);
+$t = array('i',);
+$res = db_prep_query($sql,$v,$t);
$count=0;
while($row = db_fetch_array($res)){
$gui_id[$count]=$row["gui_id"];
@@ -305,9 +329,11 @@
echo "</td>";
echo "<td>";
-$sql="SELECT * from gui_wms JOIN gui ON gui_wms.fkey_gui_id = gui.gui_id JOIN wms ON gui_wms.fkey_wms_id = wms.wms_id AND gui_wms.fkey_gui_id=gui.gui_id WHERE gui.gui_id='".$selected_gui_id."' ORDER BY gui_wms_position";
-$res = db_query($sql);
-//echo $sql;
+$sql = "SELECT * from gui_wms JOIN gui ON gui_wms.fkey_gui_id = gui.gui_id JOIN wms ON ";
+$sql .= "gui_wms.fkey_wms_id = wms.wms_id AND gui_wms.fkey_gui_id=gui.gui_id WHERE gui.gui_id = $1 ORDER BY gui_wms_position";
+$v = array($selected_gui_id);
+$t = array('s');
+$res = db_prep_query($sql,$v,$t);
$count_wms = 0;
echo "<select size='8' name='wmsList' style='width:200px' onchange='submit()'>";
@@ -337,8 +363,10 @@
if(isset($wmsList)){
#gui_wms
-$sql_gw = "SELECT * FROM gui_wms WHERE fkey_gui_id = '".$guiList."' AND fkey_wms_id = ".$wmsList;
-$res_gw = db_query($sql_gw);
+$sql_gw = "SELECT * FROM gui_wms WHERE fkey_gui_id = $1 AND fkey_wms_id = $2";
+$v = array($guiList,$wmsList);
+$t = array('s','i');
+$res_gw = db_prep_query($sql_gw,$v,$t);
$cnt_gw = 0;
while($row = db_fetch_array($res_gw)){
$gui_wms_position[$cnt_gw] = $row["gui_wms_position"];
@@ -350,8 +378,10 @@
$cnt_gw++;
}
#wms
-$sql_w = "SELECT * FROM wms WHERE wms_id = ".$wmsList;
-$res_w = db_query($sql_w);
+$sql_w = "SELECT * FROM wms WHERE wms_id = $1";
+$v = array($wmsList);
+$t = array('i');
+$res_w = db_prep_query($sql_w,$v,$t);
$cnt_w = 0;
while($row = db_fetch_array($res_w)){
$wms_id[$cnt_w] = $row["wms_id"];
@@ -362,8 +392,10 @@
$cnt_w++;
}
#wms_format
-$sql_wf = "SELECT * FROM wms_format WHERE fkey_wms_id = ".$wmsList;
-$res_wf = db_query($sql_wf);
+$sql_wf = "SELECT * FROM wms_format WHERE fkey_wms_id = $1";
+$v = array($wmsList);
+$t = array('i');
+$res_wf = db_prep_query($sql_wf,$v,$t);
$cnt_wf = 0;
while($row = db_fetch_array($res_wf)){
$data_type[$cnt_wf] = $row["data_type"];
@@ -371,8 +403,10 @@
$cnt_wf++;
}
#gui_layer
-$sql_gl = "SELECT * FROM gui_layer WHERE gui_layer_wms_id = ".$wmsList ." AND fkey_gui_id = '".$guiList."' ORDER BY fkey_layer_id";
-$res_gl = db_query($sql_gl);
+$sql_gl = "SELECT * FROM gui_layer WHERE gui_layer_wms_id = $1 AND fkey_gui_id = $2 ORDER BY fkey_layer_id";
+$v = array($wmsList,$guiList);
+$t = array('i','s');
+$res_gl = db_prep_query($sql_gl,$v,$t);
$cnt_gl = 0;
while($row = db_fetch_array($res_gl)){
$fkey_layer_id[$cnt_gl] = $row["fkey_layer_id"];
@@ -388,8 +422,10 @@
$cnt_gl++;
}
#layer
-$sql_l = "SELECT * FROM layer WHERE fkey_wms_id = ".$wmsList." ORDER BY layer_id";;
-$res_l = db_query($sql_l);
+$sql_l = "SELECT * FROM layer WHERE fkey_wms_id = $1 ORDER BY layer_id";
+$v = array($wmsList);
+$t = array('i');
+$res_l = db_prep_query($sql_l,$v,$t);
$cnt_l = 0;
while($row = db_fetch_array($res_l)){
$layer_id[$cnt_l] = $row["layer_id"];
@@ -403,8 +439,10 @@
}
if($cnt_gl != $cnt_l){echo "error: different layer count";}
#layer_epsg
-$sql_le = "SELECT * FROM layer_epsg WHERE fkey_layer_id = ".$layer_id[0];
-$res_le = db_query($sql_le);
+$sql_le = "SELECT * FROM layer_epsg WHERE fkey_layer_id = $1";
+$v = array($layer_id[0]);
+$t = array('i');
+$res_le = db_prep_query($sql_le,$v,$t);
$cnt_le = 0;
while($row = db_fetch_array($res_le)){
$epsg[$cnt_le] = $row["epsg"];
More information about the Mapbender_commits
mailing list