[Mapbender-commits] r2372 - branches/2.5/http/sld
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Thu Apr 10 15:52:55 EDT 2008
Author: mschulz
Date: 2008-04-10 15:52:55 -0400 (Thu, 10 Apr 2008)
New Revision: 2372
Modified:
branches/2.5/http/sld/sld_config.php
branches/2.5/http/sld/sld_function_handler.php
branches/2.5/http/sld/sld_main.php
Log:
replace remaining sql with prepared statements
Modified: branches/2.5/http/sld/sld_config.php
===================================================================
--- branches/2.5/http/sld/sld_config.php 2008-04-10 13:54:06 UTC (rev 2371)
+++ branches/2.5/http/sld/sld_config.php 2008-04-10 19:52:55 UTC (rev 2372)
@@ -62,8 +62,11 @@
require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
- $sql = "SELECT * FROM wms WHERE wms_id = ".$wms_id.";";
- $res = db_query($sql);
+ $sql = "SELECT * FROM wms WHERE wms_id = $1";
+ $v = array($wms_id);
+ $t = array('i');
+ $res = db_prep_query($sql,$v,$t);
+
$mapfileUrl = "";
if ( db_fetch_row($res, 0) )
{
Modified: branches/2.5/http/sld/sld_function_handler.php
===================================================================
--- branches/2.5/http/sld/sld_function_handler.php 2008-04-10 13:54:06 UTC (rev 2371)
+++ branches/2.5/http/sld/sld_function_handler.php 2008-04-10 19:52:55 UTC (rev 2372)
@@ -45,15 +45,13 @@
{
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
- $sql = "UPDATE sld_user_layer SET sld_xml='".$data."' WHERE fkey_gui_id='".$_SESSION["sld_gui_id"]."' AND fkey_layer_id=".$_SESSION["sld_layer_id"]." AND fkey_mb_user_id=".$_SESSION["mb_user_id"].";";
- $res = db_query($sql);
+ $sql = "UPDATE sld_user_layer SET sld_xml=$1 WHERE fkey_gui_id=$2 AND fkey_layer_id=$3 AND fkey_mb_user_id=$4";
+ $v = array($data, $_SESSION["sld_gui_id"], $_SESSION["sld_layer_id"], $_SESSION["mb_user_id"]);
+ $t = array('s', 's', 'i', 'i');
+ $res = db_prep_query($sql,$v,$t);
}
-
-
-
-
if (isset($_REQUEST["function"]))
{
//MAIN FUNCTIONS:
@@ -77,8 +75,10 @@
{ //Used for the preview
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
- $sql = "SELECT * FROM sld_user_layer WHERE fkey_gui_id='".$_REQUEST["gui_id"]."' AND fkey_layer_id=".$_REQUEST["layer_id"]." AND fkey_mb_user_id=".$_REQUEST["user_id"].";";
- $res = db_query($sql);
+ $sql = "SELECT * FROM sld_user_layer WHERE fkey_gui_id=$1 AND fkey_layer_id=$2 AND fkey_mb_user_id=$3";
+ $v = array($_REQUEST["sld_gui_id"], $_REQUEST["sld_layer_id"], $_REQUEST["user_id"]);
+ $t = array('s', 'i', 'i');
+ $res = db_prep_query($sql,$v,$t);
if ( db_fetch_row($res, 0) )
{
//forcesld is used for the preview image to force the sld
@@ -100,15 +100,19 @@
foreach ($layer_names as $layer_name)
{
- $sql = "SELECT * FROM layer WHERE layer_name='".$layer_name."';";
- $res = db_query($sql);
+ $sql = "SELECT * FROM layer WHERE layer_name=$1";
+ $v = array($layer_name);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
$layer_id = "";
if ( db_fetch_row($res, 0) )
{
$layer_id = db_result($res, 0, "fkey_layer_id");
- $sql = "SELECT * FROM sld_user_layer WHERE fkey_layer_id=".$layer_id." AND fkey_mb_user_id=".$_REQUEST["user_id"].";";
- $res = db_query($sql);
+ $sql = "SELECT * FROM sld_user_layer WHERE fkey_layer_id=$1 AND fkey_mb_user_id=$2";
+ $v = array($layer_id, $_REQUEST["user_id"]);
+ $t = array('i', 'i');
+ $res = db_prep_query($sql,$v,$t);
if ( db_fetch_row($res, 0) )
{
if ( db_result($res, 0, "use_sld") == "1" )
@@ -128,8 +132,10 @@
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
- $sql = "SELECT fkey_layer_id FROM gui_layer WHERE fkey_gui_id='".$_REQUEST["gui_id"]."' AND gui_layer_wms_id=".$_REQUEST["wms_id"].";";
- $res = db_query($sql);
+ $sql = "SELECT fkey_layer_id FROM gui_layer WHERE fkey_gui_id=$1 AND gui_layer_wms_id=$2";
+ $v = array($_REQUEST["sld_gui_id"], $_REQUEST["sld_wms_id"]);
+ $t = array('s', 'i');
+ $res = db_prep_query($sql,$v,$t);
$sld_xml = "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n";
$sld_xml .= "<StyledLayerDescriptor version=\"1.0.0\" xmlns=\"http://www.opengis.net/sld\" xmlns:ogc=\"http://www.opengis.net/ogc\">\n";
@@ -137,8 +143,10 @@
while ($row = db_fetch_row($res))
{
$layer_id = $row[0];
- $sql = "SELECT * FROM sld_user_layer WHERE fkey_layer_id=".$layer_id." AND fkey_gui_id='".$_REQUEST["gui_id"]."';";
- $res2 = db_query($sql);
+ $sql = "SELECT * FROM sld_user_layer WHERE fkey_layer_id=$1 AND fkey_gui_id=$2";
+ $v = array($layer_id, $_REQUEST["sld_gui_id"]);
+ $t = array('i', 's');
+ $res2 = db_prep_query($sql,$v,$t);
if ( db_fetch_row($res2, 0) )
{
if ( db_result($res2, 0, "use_sld") == "1" )
@@ -160,14 +168,18 @@
{
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db($DB,$con);
- $sql = "UPDATE sld_user_layer SET use_sld=".$_REQUEST["use_sld"]." WHERE fkey_gui_id='".$_SESSION["sld_gui_id"]."' AND fkey_layer_id='".$_SESSION["sld_layer_id"]."' AND fkey_mb_user_id='".$_SESSION["mb_user_id"]."';";
- $res = db_query($sql);
+ $sql = "UPDATE sld_user_layer SET use_sld=$1 WHERE fkey_gui_id=$2 AND fkey_layer_id=$3 AND fkey_mb_user_id=$4";
+ $v = array($_REQUEST["use_sld"], $_SESSION["sld_gui_id"], $_SESSION["sld_layer_id"], $_SESSION["mb_user_id"]);
+ $t = array('i', 's', 'i', 'i');
+ $res = db_prep_query($sql,$v,$t);
# update gui_wms_sldurl
if ($_REQUEST["use_sld"]=="1") {
$sld_url = $_REQUEST["mb_sld_url"];
- $sql = "UPDATE gui_wms SET gui_wms_sldurl='".$sld_url."' WHERE fkey_gui_id='".$_SESSION["sld_gui_id"]."' AND fkey_wms_id=".$_SESSION["sld_wms_id"];
- $res = db_query($sql);
+ $sql = "UPDATE gui_wms SET gui_wms_sldurl=$1 WHERE fkey_gui_id=$2 AND fkey_wms_id=$3";
+ $v = array($sld_url, $_SESSION["sld_gui_id"], $_SESSION["sld_wms_id"]);
+ $t = array('s', 's', 'i');
+ $res = db_prep_query($sql,$v,$t);
}
}
}
Modified: branches/2.5/http/sld/sld_main.php
===================================================================
--- branches/2.5/http/sld/sld_main.php 2008-04-10 13:54:06 UTC (rev 2371)
+++ branches/2.5/http/sld/sld_main.php 2008-04-10 19:52:55 UTC (rev 2372)
@@ -72,8 +72,10 @@
else
{
//Try to read sld from the DB
- $sql = "SELECT * FROM sld_user_layer WHERE fkey_gui_id='".$_SESSION["sld_gui_id"]."' AND fkey_layer_id='".$layer_id."' AND fkey_mb_user_id='".$mb_user_id."';";
- $res = db_query($sql);
+ $sql = "SELECT * FROM sld_user_layer WHERE fkey_gui_id = $1 AND fkey_layer_id = $2 AND fkey_mb_user_id = $3";
+ $v = array($_SESSION["sld_gui_id"], $layer_id, $mb_user_id);
+ $t = array('s', 'i', 'i');
+ $res = db_prep_query($sql,$v,$t);
if (!$res || db_numrows($res)== 0)
{
//No user specific sld found in DB -> get it from the mapserver
@@ -81,8 +83,10 @@
$data = readSld($file);
$data = char_encode($data);
//write the sld to the DB
- $sql = "INSERT INTO sld_user_layer(fkey_mb_user_id, fkey_layer_id, sld_xml, use_sld, fkey_gui_id) VALUES('".$mb_user_id."','".$layer_id."','".$data."',0,'".$_SESSION["sld_gui_id"]."' );";
- $res = @db_query($sql);
+ $sql = "INSERT INTO sld_user_layer(fkey_mb_user_id, fkey_layer_id, sld_xml, use_sld, fkey_gui_id) VALUES ($1, $2, $3, 0, $4);";
+ $v = array($mb_user_id, $layer_id, $data, $_SESSION["sld_gui_id"]);
+ $t = array('i', 'i', 's', 's');
+ $res = @db_prep_query($sql,$v,$t);
//Use the new sld
}
else
More information about the Mapbender_commits
mailing list