svn commit: r318 - trunk/mapbender/http/php/mod_exportElement.php

[uli at osgeo.org]

Author: uli
Date: 2006-05-16 12:53:10+0000
New Revision: 318

Modified:
   trunk/mapbender/http/php/mod_exportElement.php

Log:
db_prep_query included

Modified: trunk/mapbender/http/php/mod_exportElement.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/php/mod_exportElement.php?view=diff&rev=318&p1=trunk/mapbender/http/php/mod_exportElement.php&p2=trunk/mapbender/http/php/mod_exportElement.php&r1=317&r2=318
==============================================================================
--- trunk/mapbender/http/php/mod_exportElement.php	(original)
+++ trunk/mapbender/http/php/mod_exportElement.php	2006-05-16 12:53:10+0000
@@ -39,8 +39,10 @@
 $con = db_connect($DBSERVER,$OWNER,$PW);
 db_select_db(DB,$con);
 $insert = "";
-$sql = "SELECT * FROM gui_element WHERE fkey_gui_id = '".$_REQUEST["gui"]."' AND e_id='".$_REQUEST["element"]."'";
-$res = db_query($sql);
+$sql = "SELECT * FROM gui_element WHERE fkey_gui_id = $1 AND e_id= $2";
+$v = array($_REQUEST["gui"],$_REQUEST["element"]);
+$t = array('s','s');
+$res = db_prep_query($sql,$v,$t);
 if($row = db_fetch_array($res)) {
    $insert .=  "INSERT INTO gui_element(";
       $insert .=  "fkey_gui_id, ";
@@ -89,8 +91,10 @@
 }
 
 	# export element vars
-	$sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$_REQUEST["gui"]."' AND fkey_e_id='".$_REQUEST["element"]."'";
-	$res = db_query($sql);
+	$sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2";
+	$v = array($_REQUEST["gui"],$_REQUEST["element"]);
+	$t = array('s','s');
+	$res = db_prep_query($sql,$v,$t);
 	$cnt_res = 0;
 	while ($row = db_fetch_array($res)){
    	$insert .=  "INSERT INTO gui_element_vars(";