[Mapbender-commits] r2372 - branches/2.5/http/sld

svn_mapbender at osgeo.org svn_mapbender at osgeo.org
Thu Apr 10 15:52:55 EDT 2008 

Author: mschulz
Date: 2008-04-10 15:52:55 -0400 (Thu, 10 Apr 2008)
New Revision: 2372

Modified:
   branches/2.5/http/sld/sld_config.php
   branches/2.5/http/sld/sld_function_handler.php
   branches/2.5/http/sld/sld_main.php
Log:
replace remaining sql with prepared statements

Modified: branches/2.5/http/sld/sld_config.php
===================================================================
--- branches/2.5/http/sld/sld_config.php	2008-04-10 13:54:06 UTC (rev 2371)
+++ branches/2.5/http/sld/sld_config.php	2008-04-10 19:52:55 UTC (rev 2372)
@@ -62,8 +62,11 @@
 	require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
 	$con = db_connect($DBSERVER,$OWNER,$PW);
 	db_select_db($DB,$con);
-	$sql = "SELECT * FROM wms WHERE wms_id = ".$wms_id.";"; 
-	$res = db_query($sql);
+	$sql = "SELECT * FROM wms WHERE wms_id = $1"; 
+	$v = array($wms_id);
+	$t = array('i');
+	$res = db_prep_query($sql,$v,$t);
+	
 	$mapfileUrl = "";
 	if ( db_fetch_row($res, 0) )
 	{

Modified: branches/2.5/http/sld/sld_function_handler.php
===================================================================
--- branches/2.5/http/sld/sld_function_handler.php	2008-04-10 13:54:06 UTC (rev 2371)
+++ branches/2.5/http/sld/sld_function_handler.php	2008-04-10 19:52:55 UTC (rev 2372)
@@ -45,15 +45,13 @@
 {	
 	$con = db_connect($DBSERVER,$OWNER,$PW);
 	db_select_db($DB,$con);
-	$sql = "UPDATE sld_user_layer SET sld_xml='".$data."' WHERE fkey_gui_id='".$_SESSION["sld_gui_id"]."' AND fkey_layer_id=".$_SESSION["sld_layer_id"]." AND fkey_mb_user_id=".$_SESSION["mb_user_id"].";";
-	$res = db_query($sql);
+	$sql = "UPDATE sld_user_layer SET sld_xml=$1 WHERE fkey_gui_id=$2 AND fkey_layer_id=$3 AND fkey_mb_user_id=$4";
+	$v = array($data, $_SESSION["sld_gui_id"], $_SESSION["sld_layer_id"], $_SESSION["mb_user_id"]);
+	$t = array('s', 's', 'i', 'i');
+	$res = db_prep_query($sql,$v,$t);
 }
 
 
-
-
-
-
 if (isset($_REQUEST["function"]))
 {
 	//MAIN FUNCTIONS:
@@ -77,8 +75,10 @@
 		{ //Used for the preview
 			$con = db_connect($DBSERVER,$OWNER,$PW);
 			db_select_db($DB,$con);
-			$sql = "SELECT * FROM sld_user_layer WHERE fkey_gui_id='".$_REQUEST["gui_id"]."' AND fkey_layer_id=".$_REQUEST["layer_id"]." AND fkey_mb_user_id=".$_REQUEST["user_id"].";";
-			$res = db_query($sql);
+			$sql = "SELECT * FROM sld_user_layer WHERE fkey_gui_id=$1 AND fkey_layer_id=$2 AND fkey_mb_user_id=$3";
+			$v = array($_REQUEST["sld_gui_id"], $_REQUEST["sld_layer_id"], $_REQUEST["user_id"]);
+			$t = array('s', 'i', 'i');
+			$res = db_prep_query($sql,$v,$t);
 			if ( db_fetch_row($res, 0) )
 			{
 				//forcesld is used for the preview image to force the sld
@@ -100,15 +100,19 @@
 			
 			foreach ($layer_names as $layer_name)
 			{
-				$sql = "SELECT * FROM layer WHERE layer_name='".$layer_name."';";
-				$res = db_query($sql);
+				$sql = "SELECT * FROM layer WHERE layer_name=$1";
+				$v = array($layer_name);
+				$t = array('s');
+				$res = db_prep_query($sql,$v,$t);
 
 				$layer_id = "";
 				if ( db_fetch_row($res, 0) )
 				{
 					$layer_id = db_result($res, 0, "fkey_layer_id");
-					$sql = "SELECT * FROM sld_user_layer WHERE fkey_layer_id=".$layer_id." AND fkey_mb_user_id=".$_REQUEST["user_id"].";";
-					$res = db_query($sql);
+					$sql = "SELECT * FROM sld_user_layer WHERE fkey_layer_id=$1 AND fkey_mb_user_id=$2";
+					$v = array($layer_id, $_REQUEST["user_id"]);
+					$t = array('i', 'i');
+					$res = db_prep_query($sql,$v,$t);
 					if ( db_fetch_row($res, 0) )
 					{
 						if ( db_result($res, 0, "use_sld") == "1" )
@@ -128,8 +132,10 @@
 		
 			$con = db_connect($DBSERVER,$OWNER,$PW);
 			db_select_db($DB,$con);
-			$sql = "SELECT fkey_layer_id FROM gui_layer WHERE fkey_gui_id='".$_REQUEST["gui_id"]."' AND gui_layer_wms_id=".$_REQUEST["wms_id"].";";
-			$res = db_query($sql);
+			$sql = "SELECT fkey_layer_id FROM gui_layer WHERE fkey_gui_id=$1 AND gui_layer_wms_id=$2";
+			$v = array($_REQUEST["sld_gui_id"], $_REQUEST["sld_wms_id"]);
+			$t = array('s', 'i');
+			$res = db_prep_query($sql,$v,$t);
 			
 			$sld_xml = "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n";
 			$sld_xml .= "<StyledLayerDescriptor version=\"1.0.0\" xmlns=\"http://www.opengis.net/sld\" xmlns:ogc=\"http://www.opengis.net/ogc\">\n";			
@@ -137,8 +143,10 @@
 			while ($row = db_fetch_row($res))
 			{
 				$layer_id = $row[0];
-				$sql = "SELECT * FROM sld_user_layer WHERE fkey_layer_id=".$layer_id." AND fkey_gui_id='".$_REQUEST["gui_id"]."';";
-				$res2 = db_query($sql);
+				$sql = "SELECT * FROM sld_user_layer WHERE fkey_layer_id=$1 AND fkey_gui_id=$2";
+				$v = array($layer_id, $_REQUEST["sld_gui_id"]);
+				$t = array('i', 's');
+				$res2 = db_prep_query($sql,$v,$t);
 				if ( db_fetch_row($res2, 0) )
 				{
 					if ( db_result($res2, 0, "use_sld") == "1" )
@@ -160,14 +168,18 @@
 		{
 			$con = db_connect($DBSERVER,$OWNER,$PW);
 			db_select_db($DB,$con);
-			$sql = "UPDATE sld_user_layer SET use_sld=".$_REQUEST["use_sld"]." WHERE fkey_gui_id='".$_SESSION["sld_gui_id"]."' AND fkey_layer_id='".$_SESSION["sld_layer_id"]."' AND fkey_mb_user_id='".$_SESSION["mb_user_id"]."';";
-			$res = db_query($sql);
+			$sql = "UPDATE sld_user_layer SET use_sld=$1 WHERE fkey_gui_id=$2 AND fkey_layer_id=$3 AND fkey_mb_user_id=$4";
+			$v = array($_REQUEST["use_sld"], $_SESSION["sld_gui_id"], $_SESSION["sld_layer_id"], $_SESSION["mb_user_id"]);
+			$t = array('i', 's', 'i', 'i');
+			$res = db_prep_query($sql,$v,$t);
 			
 			# update gui_wms_sldurl
 			if ($_REQUEST["use_sld"]=="1") {
 				$sld_url = $_REQUEST["mb_sld_url"];
-				$sql = "UPDATE gui_wms SET gui_wms_sldurl='".$sld_url."' WHERE fkey_gui_id='".$_SESSION["sld_gui_id"]."' AND fkey_wms_id=".$_SESSION["sld_wms_id"];
-				$res = db_query($sql); 
+				$sql = "UPDATE gui_wms SET gui_wms_sldurl=$1 WHERE fkey_gui_id=$2 AND fkey_wms_id=$3";
+				$v = array($sld_url, $_SESSION["sld_gui_id"], $_SESSION["sld_wms_id"]);
+				$t = array('s', 's', 'i');
+				$res = db_prep_query($sql,$v,$t); 
 			}
 		}
 	}

Modified: branches/2.5/http/sld/sld_main.php
===================================================================
--- branches/2.5/http/sld/sld_main.php	2008-04-10 13:54:06 UTC (rev 2371)
+++ branches/2.5/http/sld/sld_main.php	2008-04-10 19:52:55 UTC (rev 2372)
@@ -72,8 +72,10 @@
 else
 {
 	//Try to read sld from the DB
-	$sql = "SELECT * FROM sld_user_layer WHERE fkey_gui_id='".$_SESSION["sld_gui_id"]."' AND fkey_layer_id='".$layer_id."' AND fkey_mb_user_id='".$mb_user_id."';";
-	$res = db_query($sql);
+	$sql = "SELECT * FROM sld_user_layer WHERE fkey_gui_id = $1 AND fkey_layer_id = $2 AND fkey_mb_user_id = $3";
+	$v = array($_SESSION["sld_gui_id"], $layer_id, $mb_user_id);
+	$t = array('s', 'i', 'i');
+	$res = db_prep_query($sql,$v,$t);
 	if (!$res || db_numrows($res)== 0)
 	{
 		//No user specific sld found in DB -> get it from the mapserver
@@ -81,8 +83,10 @@
 		$data = readSld($file);
 		$data = char_encode($data);
 		//write the sld to the DB
-		$sql = "INSERT INTO sld_user_layer(fkey_mb_user_id, fkey_layer_id, sld_xml, use_sld, fkey_gui_id) VALUES('".$mb_user_id."','".$layer_id."','".$data."',0,'".$_SESSION["sld_gui_id"]."' );";
-		$res = @db_query($sql);
+		$sql = "INSERT INTO sld_user_layer(fkey_mb_user_id, fkey_layer_id, sld_xml, use_sld, fkey_gui_id) VALUES ($1, $2, $3, 0, $4);";
+		$v = array($mb_user_id, $layer_id, $data, $_SESSION["sld_gui_id"]);
+		$t = array('i', 'i', 's', 's');
+		$res = @db_prep_query($sql,$v,$t);
 		//Use the new sld
 	}
 	else

More information about the Mapbender_commits mailing list