svn commit: r320 - trunk/mapbender/http/php/mod_wfs.php

[uli at osgeo.org]

Author: uli
Date: 2006-05-16 13:01:02+0000
New Revision: 320

Modified:
   trunk/mapbender/http/php/mod_wfs.php

Log:
db_prep_query included

Modified: trunk/mapbender/http/php/mod_wfs.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/php/mod_wfs.php?view=diff&rev=320&p1=trunk/mapbender/http/php/mod_wfs.php&p2=trunk/mapbender/http/php/mod_wfs.php&r1=319&r2=320
==============================================================================
--- trunk/mapbender/http/php/mod_wfs.php	(original)
+++ trunk/mapbender/http/php/mod_wfs.php	2006-05-16 13:01:02+0000
@@ -75,9 +75,11 @@
 		
 		$sql = "SELECT * FROM wfs_conf ";
 		$sql .= "JOIN wfs ON wfs_conf.fkey_wfs_id = wfs.wfs_id ";
-		$sql .= "WHERE wfs_conf.wfs_conf_id = ".$wfs[$i];
+		$sql .= "WHERE wfs_conf.wfs_conf_id = $1";
 		
-		$res = db_query($sql);
+		$v = array($wfs[$i]);
+		$t = array('i');
+		$res = db_prep_query($sql,$v,$t);
 	
 		if($row = db_fetch_array($res)){
 			$wfs_id  = $row["fkey_wfs_id"];
@@ -101,8 +103,10 @@
 		}else{die("wfs_conf data not available");}
 		
 		$sql = "SELECT * FROM wfs_featuretype_namespace";
-		$sql .= " WHERE fkey_wfs_id = ".$wfs_id." AND fkey_featuretype_id = ".$featuretype_id;
-		$res = db_query($sql);
+		$sql .= " WHERE fkey_wfs_id = $1 AND fkey_featuretype_id = $2";
+		$v = array($wfs_id,$featuretype_id);
+		$t = array('i','i');
+		$res = db_prep_query($sql,$v,$t);
 		echo "wfs_conf[".$i."]['namespaces'] = new Array();";
 		$counter = 0;
 		while($row = db_fetch_array($res)){
@@ -114,8 +118,10 @@
 		
 		
 		$sql = "SELECT * FROM wfs_featuretype ";
-		$sql .= "WHERE fkey_wfs_id = ".$wfs_id." AND featuretype_id = ".$featuretype_id;
-		$res = db_query($sql);
+		$sql .= "WHERE fkey_wfs_id = $1 AND featuretype_id = $2";
+		$v = array($wfs_id,$featuretype_id);
+		$t = array('i','i');
+		$res = db_prep_query($sql,$v,$t);
 		if($row = db_fetch_array($res)){
 			echo "wfs_conf[".$i."]['featuretype_name']  = '".$row["featuretype_name"]."';";
 			echo "wfs_conf[".$i."]['featuretype_srs']  = '".$row["featuretype_srs"]."';";
@@ -124,11 +130,13 @@
 		/* wfs_conf_element */
 		$sql = "SELECT * FROM wfs_conf_element ";
 		$sql .= "JOIN wfs_element ON wfs_conf_element.f_id = wfs_element.element_id ";
-		$sql .= "WHERE wfs_conf_element.fkey_wfs_conf_id = ".$wfs[$i]." ";
+		$sql .= "WHERE wfs_conf_element.fkey_wfs_conf_id = $1";
 		$sql .= " ORDER BY wfs_conf_element.f_respos";
 		#$sql .= "AND wfs_conf_element.f_search = 1 ORDER BY wfs_conf_element.f_search;";
 				
-		$res = db_query($sql);
+		$v = array($wfs[$i]);
+		$t = array('i');
+		$res = db_prep_query($sql,$v,$t);
 		
 		echo "wfs_conf[".$i."]['element']  = new Array();";
 		$cnt = 0;