svn commit: r315 - trunk/mapbender/http/php/mod_editElementVars.php
uli at osgeo.org
uli at osgeo.org
Tue May 16 08:45:55 EDT 2006
Author: uli
Date: 2006-05-16 12:45:54+0000
New Revision: 315
Modified:
trunk/mapbender/http/php/mod_editElementVars.php
Log:
db_prep_query included
Modified: trunk/mapbender/http/php/mod_editElementVars.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/php/mod_editElementVars.php?view=diff&rev=315&p1=trunk/mapbender/http/php/mod_editElementVars.php&p2=trunk/mapbender/http/php/mod_editElementVars.php&r1=314&r2=315
==============================================================================
--- trunk/mapbender/http/php/mod_editElementVars.php (original)
+++ trunk/mapbender/http/php/mod_editElementVars.php 2006-05-16 12:45:54+0000
@@ -114,20 +114,27 @@
# handle database updates etc.....
- if(isset($mySave) && ($mySave == '1')){
- $sql = "DELETE FROM gui_element_vars WHERE fkey_gui_id ='".$fkey_gui_id."' AND fkey_e_id ='".$fkey_e_id."' AND var_name ='".$var_name."';";
- $res = db_query($sql);
- $sql = "INSERT INTO gui_element_vars(fkey_gui_id,fkey_e_id,var_name,var_value,context,var_type) ";
- $sql .= "VALUES ('".$fkey_gui_id."','".$fkey_e_id."','".$var_name."','".db_escape_string($var_value)."','".db_escape_string($context)."','".$var_type."');";
- $res = db_query($sql);
- $mySave = 0;
- }
+if(isset($mySave) && ($mySave == '1')){
+ $sql = "DELETE FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2 AND var_name = $3";
+ $v = array($fkey_gui_id,$fkey_e_id,$var_name);
+ $t = array('s','s','s');
+ $res = db_prep_query($sql,$v,$t);
+ $sql = "INSERT INTO gui_element_vars(fkey_gui_id,fkey_e_id,var_name,var_value,context,var_type) ";
+ $sql .= "VALUES ($1, $2, $3, $4, $5, $6)";
+ //db_escape_string($var_value)?,db_escape_string($context)?
+ $v = array($fkey_gui_id,$fkey_e_id,$var_name,$var_value,$context,$var_type);
+ $t = array('s','s','s','s','s','s');
+ $res = db_prep_query($sql,$v,$t);
+ $mySave = 0;
+}
- if(isset($myDelete) && ($myDelete == '1')){
- $sql = "DELETE FROM gui_element_vars WHERE fkey_gui_id ='".$fkey_gui_id."' AND fkey_e_id ='".$fkey_e_id."' AND var_name ='".$var_name."';";
- $res = db_query($sql);
- $myDelete = 0;
- }
+if(isset($myDelete) && ($myDelete == '1')){
+ $sql = "DELETE FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2 AND var_name = $3";
+ $v = array($fkey_gui_id,$fkey_e_id,$var_name);
+ $t = array('s','s','s');
+ $res = db_prep_query($sql,$v,$t);
+ $myDelete = 0;
+}
?>
<script type="text/javascript">
@@ -178,9 +185,11 @@
echo "<input type='button' class='' name='' value='return' onclick=\"".$href."\"> \n";
echo "</div>\n";
- $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$fkey_gui_id."' AND fkey_e_id = '".$fkey_e_id."';";
- $res = db_query($sql);
- $cnt = 0;
+ $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2";
+ $v = array($fkey_gui_id,$fkey_e_id);
+ $t = array('s','s');
+ $res = db_prep_query($sql,$v,$t);
+ $cnt = 0;
echo "<div class='myElements'>\n<table>\n";
@@ -198,8 +207,10 @@
echo "<table class='myForm'>\n";
$formOk = 0;
if(isset($myElement)){
- $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$fkey_gui_id."' AND fkey_e_id = '".$fkey_e_id."' AND var_name = '".$myElement."';";
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2 AND var_name = $3";
+ $v = array($fkey_gui_id,$fkey_e_id,$myElement);
+ $t = array('s','s','s');
+ $res = db_prep_query($sql,$v,$t);
if(db_fetch_row($res)){
echo "<tr><td>Name:</td><td><input type='text' class='textfield' name='var_name' value='".db_result($res,0,"var_name")."'></td></tr>\n";
echo "<tr><td>Value:</td><td><textarea cols='32' rows='5' name='var_value' >".stripslashes(db_result($res,0,"var_value"))."</textarea></td></tr>\n";
More information about the Mapbender_commits
mailing list