[Mapbender-commits] r2082 - in branches: . 2.4.5/http/classes 2.4.5/http/extensions 2.4.5/http/frames 2.4.5/http/html 2.4.5/http/javascripts 2.4.5/http/php

svn_mapbender at osgeo.org svn_mapbender at osgeo.org
Wed Feb 13 03:21:38 EST 2008


Author: christoph
Date: 2008-02-13 03:21:37 -0500 (Wed, 13 Feb 2008)
New Revision: 2082

Added:
   branches/2.4.5/
   branches/2.4.5/http/classes/class_wmc.php
Removed:
   branches/2.4.5/http/classes/class_wmc.php
   branches/2.4.5/http/html/mod_treefolder_auge.php
   branches/2.4.5/http/javascripts/mod_measure4326.php
   branches/2.4.5/http/javascripts/transform_coordinatesWGS84.php
Modified:
   branches/2.4.5/http/classes/class_gui.php
   branches/2.4.5/http/classes/class_log.php
   branches/2.4.5/http/classes/class_wfs.php
   branches/2.4.5/http/classes/class_wfs_conf.php
   branches/2.4.5/http/classes/class_wms.php
   branches/2.4.5/http/extensions/wz_jsgraphics.js
   branches/2.4.5/http/frames/login.php
   branches/2.4.5/http/javascripts/map.php
   branches/2.4.5/http/javascripts/mod_addWMSfromList.php
   branches/2.4.5/http/javascripts/mod_addWMSfromfilteredList.php
   branches/2.4.5/http/javascripts/mod_addWMSfromfilteredListDB.php
   branches/2.4.5/http/javascripts/mod_digitize_tab.php
   branches/2.4.5/http/javascripts/mod_sandclock2.php
   branches/2.4.5/http/javascripts/mod_setPOI2Scale.php
   branches/2.4.5/http/javascripts/mod_wfs_SpatialRequest.php
   branches/2.4.5/http/javascripts/mod_wfs_gazetteer_client.php
   branches/2.4.5/http/javascripts/mod_zoomCoords.php
   branches/2.4.5/http/javascripts/mod_zoomFull.php
   branches/2.4.5/http/javascripts/mod_zoomOut1.php
   branches/2.4.5/http/php/createImageFromText.php
   branches/2.4.5/http/php/mb_listWMCs.php
   branches/2.4.5/http/php/mod_WMSpreferences.php
   branches/2.4.5/http/php/mod_changeEPSG.php
   branches/2.4.5/http/php/mod_deleteGUI.php
   branches/2.4.5/http/php/mod_deleteWFS.php
   branches/2.4.5/http/php/mod_editFilteredGroup.php
   branches/2.4.5/http/php/mod_editFilteredUser.php
   branches/2.4.5/http/php/mod_editGroup.php
   branches/2.4.5/http/php/mod_editGuiWms.php
   branches/2.4.5/http/php/mod_editGuiWmsMeta.php
   branches/2.4.5/http/php/mod_editUser.php
   branches/2.4.5/http/php/mod_editWMS_Metadata.php
   branches/2.4.5/http/php/mod_edit_element_vars.php
   branches/2.4.5/http/php/mod_edit_metadata.php
   branches/2.4.5/http/php/mod_evalArea.php
   branches/2.4.5/http/php/mod_gazLayerObj_conf.php
   branches/2.4.5/http/php/mod_gazLayerObj_edit.php
   branches/2.4.5/http/php/mod_gazetteer_conf.php
   branches/2.4.5/http/php/mod_gazetteer_edit.php
   branches/2.4.5/http/php/mod_getStyles.php
   branches/2.4.5/http/php/mod_loadCapabilitiesList.php
   branches/2.4.5/http/php/mod_map1.php
   branches/2.4.5/http/php/mod_mapOV.php
   branches/2.4.5/http/php/mod_renameGUI.php
   branches/2.4.5/http/php/mod_simpleWMSpreferences.php
   branches/2.4.5/http/php/mod_treefolderAdmin.php
   branches/2.4.5/http/php/mod_treefolderClient.php
   branches/2.4.5/http/php/mod_wfs_conf.php
   branches/2.4.5/http/php/mod_wfs_edit.php
   branches/2.4.5/http/php/mod_wfsrequest.php
   branches/2.4.5/http/php/nestedSets.php
Log:


Copied: branches/2.4.5 (from rev 2000, tags/2.4.4)

Modified: branches/2.4.5/http/classes/class_gui.php
===================================================================
--- tags/2.4.4/http/classes/class_gui.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/classes/class_gui.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -1,5 +1,4 @@
 <?php
-
 # $Id$
 # http://www.mapbender.org/index.php/class_gui.php
 # Copyright (C) 2002 CCGIS
@@ -19,252 +18,201 @@
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
+
 $con = db_connect($DBSERVER,$OWNER,$PW);
 db_select_db(DB,$con);
 
-class gui{
+/**
+ * GUI is a set of GUI elements and services. 
+ */
+class gui {
 
-	function gui() {
+	public function __construct () {
 	}
 
- 	// CB - returns true if a gui '$gui_id' exists
- 	function guiExists($gui_id){
-		$sql = "SELECT * FROM gui ";
-		$sql .= "WHERE gui_id = $1";
+ 	/**
+ 	 * Checks if a GUI with a given ID exists in the database
+ 	 * 
+ 	 * @param integer $gui_id the ID of the GUI that is being checked
+ 	 * @return boolean true if a gui '$gui_id' exists; else false
+ 	 */
+ 	public function guiExists ($gui_id){
+		$sql = "SELECT * FROM gui WHERE gui_id = $1";
 		$v = array($gui_id);
 		$t = array('s');
 		$res = db_prep_query($sql,$v,$t);
 		$row = db_fetch_array($res);
-		if ($row) return true;
-		else return false;
+		if ($row) {
+			return true;	
+		}
+		return false;
  	}
 
-	// CB - deletes a GUI $guiId and all its links to users, layers etc.
-	function deleteGui ($guiId) {
+	
+	/**
+	 * Deletes a GUI $guiId and all its links to users, layers etc.
+	 * 
+	 * @param Integer $guiId the GUI that is going to be deleted
+	 * @return boolean true if the deletion succeded, else false
+	 */
+	public function deleteGui ($guiId) {
 		$guiList = $guiId;
 
-		$sql = "BEGIN";
-		$res = db_query($sql);
-		if (!$res) {
-			$report .=  "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-			$error = true;
-		}
+		$sql = array();
+		$v = array();			
+		$t = array();
 
-		$sql = "DELETE FROM gui WHERE gui_id = $1";
-		$v = array($guiList);
-		$t = array('s');
-		$res = db_prep_query($sql,$v,$t);
-		if (!$res) {
-			$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-			$error = true;
-		}
+		array_push($sql, "BEGIN");
+		array_push($v, array());
+		array_push($t, array());
+		
+		array_push($sql, "DELETE FROM gui WHERE gui_id = $1");
+		array_push($v, array($guiList));
+		array_push($t, array('s'));
 
-		$sql = "DELETE FROM gui_element WHERE fkey_gui_id = $1";
-		$v = array($guiList);
-		$t = array('s');
-		$res = db_prep_query($sql,$v,$t);
-		if (!$res) {
-			$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-			$error = true;
-		}
+		array_push($sql, "DELETE FROM gui_element WHERE fkey_gui_id = $1");
+		array_push($v, array($guiList));
+		array_push($t, array('s'));
 
-		$sql = "DELETE FROM gui_element_vars WHERE fkey_gui_id = $1";
-		$v = array($guiList);
-		$t = array('s');
-		$res = db_prep_query($sql,$v,$t);
-		if (!$res) {
-			$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-			$error = true;
-		}
+		array_push($sql, "DELETE FROM gui_element_vars WHERE fkey_gui_id = $1");
+		array_push($v, array($guiList));
+		array_push($t, array('s'));
 
-		$sql = "DELETE FROM gui_layer WHERE fkey_gui_id = $1";
-		$v = array($guiList);
-		$t = array('s');
-		$res = db_prep_query($sql,$v,$t);
-		if (!$res) {
-			$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-			$error = true;
-		}
+		array_push($sql, "DELETE FROM gui_layer WHERE fkey_gui_id = $1");
+		array_push($v, array($guiList));
+		array_push($t, array('s'));
 
-		$sql = "DELETE FROM gui_mb_group WHERE fkey_gui_id = $1";
-		$v = array($guiList);
-		$t = array('s');
-		$res = db_prep_query($sql,$v,$t);
-		if (!$res) {
-			$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-			$error = true;
-		}
+		array_push($sql, "DELETE FROM gui_mb_group WHERE fkey_gui_id = $1");
+		array_push($v, array($guiList));
+		array_push($t, array('s'));
 
-		$sql = "DELETE FROM gui_mb_user WHERE fkey_gui_id = $1";
-		$v = array($guiList);
-		$t = array('s');
-		$res = db_prep_query($sql,$v,$t);
-		if (!$res) {
-			$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-			$error = true;
-		}
+		array_push($sql, "DELETE FROM gui_mb_user WHERE fkey_gui_id = $1");
+		array_push($v, array($guiList));
+		array_push($t, array('s'));
 
-		$sql = "DELETE FROM gui_treegde WHERE fkey_gui_id = $1";
-		$v = array($guiList);
-		$t = array('s');
-		$res = db_prep_query($sql,$v,$t);
-		if (!$res) {
-			$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-			$error = true;
-		}
+		array_push($sql, "DELETE FROM gui_treegde WHERE fkey_gui_id = $1");
+		array_push($v, array($guiList));
+		array_push($t, array('s'));
 
-		$sql = "DELETE FROM gui_wfs WHERE fkey_gui_id = $1";
-		$v = array($guiList);
-		$t = array('s');
-		$res = db_prep_query($sql,$v,$t);
-		if (!$res) {
-			$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-			$error = true;
-		}
+		array_push($sql, "DELETE FROM gui_wfs WHERE fkey_gui_id = $1");
+		array_push($v, array($guiList));
+		array_push($t, array('s'));
 
-		$sql = "DELETE FROM gui_wms WHERE fkey_gui_id = $1";
-		$v = array($guiList);
-		$t = array('s');
-		$res = db_prep_query($sql,$v,$t);
-		if (!$res) {
-			$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-			$error = true;
-		}
+		array_push($sql, "DELETE FROM gui_wms WHERE fkey_gui_id = $1");
+		array_push($v, array($guiList));
+		array_push($t, array('s'));
 
-		// if $error is true, the transaction is aborted -> rollback
-		if (!$error) {
-			$sql = "COMMIT";
-			$res = db_query($sql);
+		array_push($sql, "COMMIT");
+		array_push($v, array());
+		array_push($t, array());
+
+		// execute all SQLs
+		for ($i = 0; $i < count($sql); $i++) {
+			$res = db_prep_query($sql[$i], $v[$i], $t[$i]);
+			// if an SQL fails, send a ROLLBACK and return false
 			if (!$res) {
-				$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-				$error = true;
+				db_query("ROLLBACK");
+				return false;
 			}
 		}
-		//if $error is false, the transaction is executed -> commit
-		else {
-			$sql = "ROLLBACK";
-			$res = db_query($sql);
-			if (!$res) {
-				$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-				$error = true;
-			}
-		}
-		return !$error;
+		return true;
 	}
 
-	// CB - rename a GUI
-	function renameGui ($guiId, $newGuiName) {
-		$error = false;
+	/** Renames the GUI $guiID to $newGUIName
+	 * 
+	 * @param Integer $guiId ID of the GUI
+	 * @param String $newGuiName the new name of the GUI
+	 * @return boolean true if the renaming succeded, else false
+	 */
+	public function renameGui ($guiId, $newGuiName) {
 		if ($this->copyGui($guiId, $newGuiName, true)) {
 			$this->deleteGui($guiId);
+			return true;
 		}
-		else {
-			$error = true;
-		}
-		return !$error;
+		return false;
 	}
 
-	// CB - copies a GUI $guiId and all its links to users, layers etc. to GUI $newGuiName
- 	function copyGui ($guiId, $newGuiName, $withUsers) {
-		$error = false;
+	/**
+	 * 
+ 	 * Copies a GUI $guiId and all its links to users, layers etc. to GUI $newGuiName
+ 	 * 
+	 * @param Integer $guiId ID of the GUI
+	 * @param String $newGuiName the new name of the GUI
+	 * @param boolean $withUsers true if the users, that may access the GUI $guiId, shall have access to the new GUI; else false.
+	 * 
+	 * @return boolean true if the renaming succeded, else false
+	 */ 
+ 	public function copyGui ($guiId, $newGuiName, $withUsers) {
 		$guiList = $guiId;
 		if (!$this->guiExists($newGuiName)) {
-			$sql = "BEGIN";
-			$res = db_query($sql);
-			if (!$res) {
-				$report .=  "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-				$error = true;
-			}
+			
+			$sql = array();
+			$v = array();			
+			$t = array();
+						
+			array_push($sql, "BEGIN");
+			array_push($v, array());
+			array_push($t, array());
 
-			$sql = "INSERT INTO gui (gui_id, gui_name, gui_description, gui_public) SELECT '" . $newGuiName . "', '" . $newGuiName . "',gui_description, gui_public FROM gui WHERE gui_id = '" . $guiList . "';";
-			$res = db_query($sql);
-			if (!$res) {
-				$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-				$error = true;
-			}
+			array_push($sql, "INSERT INTO gui (gui_id, gui_name, gui_description, gui_public) SELECT $1, $2, gui_description, gui_public FROM gui WHERE gui_id = $3;");
+			array_push($v, array ($newGuiName, $newGuiName, $guiList));
+			array_push($t, array ("s", "s", "s"));;
+			
+			array_push($sql, "INSERT INTO gui_element (fkey_gui_id, e_id, e_pos, e_public, e_comment, e_element, e_src, e_attributes, e_left, e_top, e_width, e_height, e_z_index, e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, e_requires, e_url) SELECT $1, e_id, e_pos, e_public, e_comment, e_element, e_src, e_attributes, e_left, e_top, e_width, e_height, e_z_index, e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, e_requires, e_url FROM gui_element WHERE fkey_gui_id = $2;");
+			array_push($v, array($newGuiName, $guiList));
+			array_push($t, array("s", "s"));
 
-			$sql = "INSERT INTO gui_element (fkey_gui_id, e_id, e_pos, e_public, e_comment, e_element, e_src, e_attributes, e_left, e_top, e_width, e_height, e_z_index, e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, e_requires, e_url) SELECT '" . $newGuiName . "', e_id, e_pos, e_public, e_comment, e_element, e_src, e_attributes, e_left, e_top, e_width, e_height, e_z_index, e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, e_requires, e_url FROM gui_element WHERE fkey_gui_id = '" . $guiList . "';";
-			$res = db_query($sql);
-			if (!$res) {
-				$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-				$error = true;
-			}
+			array_push($sql, "INSERT INTO gui_element_vars (fkey_gui_id, fkey_e_id, var_name, var_value, context, var_type) SELECT $1, fkey_e_id, var_name, var_value, context, var_type FROM gui_element_vars WHERE fkey_gui_id = $2;");
+			array_push($v, array($newGuiName, $guiList));
+			array_push($t, array("s", "s"));
 
-			$sql = "INSERT INTO gui_element_vars (fkey_gui_id, fkey_e_id, var_name, var_value, context, var_type) SELECT '" . $newGuiName . "', fkey_e_id, var_name, var_value, context, var_type FROM gui_element_vars WHERE fkey_gui_id = '" . $guiList . "';";
-			$res = db_query($sql);
-			if (!$res) {
-				$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-				$error = true;
-			}
+			array_push($sql, "INSERT INTO gui_layer (fkey_gui_id, fkey_layer_id, gui_layer_wms_id, gui_layer_status, gui_layer_selectable, gui_layer_visible, gui_layer_queryable, gui_layer_querylayer, gui_layer_minscale, gui_layer_maxscale, gui_layer_priority, gui_layer_style, gui_layer_wfs_featuretype) SELECT $1, fkey_layer_id, gui_layer_wms_id, gui_layer_status, gui_layer_selectable, gui_layer_visible, gui_layer_queryable, gui_layer_querylayer, gui_layer_minscale, gui_layer_maxscale, gui_layer_priority, gui_layer_style, gui_layer_wfs_featuretype FROM gui_layer WHERE fkey_gui_id = $2;");
+			array_push($v, array($newGuiName, $guiList));
+			array_push($t, array("s", "s"));
 
-			$sql = "INSERT INTO gui_layer (fkey_gui_id, fkey_layer_id, gui_layer_wms_id, gui_layer_status, gui_layer_selectable, gui_layer_visible, gui_layer_queryable, gui_layer_querylayer, gui_layer_minscale, gui_layer_maxscale, gui_layer_priority, gui_layer_style, gui_layer_wfs_featuretype) SELECT '" . $newGuiName . "', fkey_layer_id, gui_layer_wms_id, gui_layer_status, gui_layer_selectable, gui_layer_visible, gui_layer_queryable, gui_layer_querylayer, gui_layer_minscale, gui_layer_maxscale, gui_layer_priority, gui_layer_style, gui_layer_wfs_featuretype FROM gui_layer WHERE fkey_gui_id = '" . $guiList . "';";
-			$res = db_query($sql);
-			if (!$res) {
-				$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-				$error = true;
-			}
-
-			$sql = "INSERT INTO gui_mb_group (fkey_gui_id, fkey_mb_group_id, mb_group_type) SELECT '" . $newGuiName . "', fkey_mb_group_id, mb_group_type FROM gui_mb_group WHERE fkey_gui_id = '" . $guiList . "';";
-			$res = db_query($sql);
-			if (!$res) {
-				$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-				$error = true;
-			}
-
 			if ($withUsers == true) {
+				/* group of original gui is copied as well */
+				array_push($sql, "INSERT INTO gui_mb_group (fkey_gui_id, fkey_mb_group_id, mb_group_type) SELECT $1, fkey_mb_group_id, mb_group_type FROM gui_mb_group WHERE fkey_gui_id = $2;");
+				array_push($v, array($newGuiName, $guiList));
+				array_push($t, array("s", "s"));
+
 				/* users of original gui are copied as well */
-				$sql = "INSERT INTO gui_mb_user (fkey_gui_id, fkey_mb_user_id, mb_user_type) SELECT '" . $newGuiName . "', fkey_mb_user_id, mb_user_type FROM gui_mb_user WHERE fkey_gui_id = '" . $guiList . "';";
-				$res = db_query($sql);
-				if (!$res) {
-					$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-					$error = true;
-				}
+				array_push($sql, "INSERT INTO gui_mb_user (fkey_gui_id, fkey_mb_user_id, mb_user_type) SELECT $1, fkey_mb_user_id, mb_user_type FROM gui_mb_user WHERE fkey_gui_id = $2;");
+				array_push($v, array($newGuiName, $guiList));
+				array_push($t, array("s", "s"));
 			}
 			else {
 				// users of original gui are not copied, the current user is set as owner 
-				$sql = "INSERT INTO gui_mb_user (fkey_gui_id, fkey_mb_user_id, mb_user_type) VALUES ($1, $2, 'owner')";
-				$v = array($newGuiName, $_SESSION["mb_user_id"]);
-				$t = array('s', 'i');
-				$res = db_prep_query($sql,$v,$t);
-				if (!$res) {
-					$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-					$error = true;
-				}
+				array_push($sql, "INSERT INTO gui_mb_user (fkey_gui_id, fkey_mb_user_id, mb_user_type) VALUES ($1, $2, 'owner')");
+				array_push($v, array($newGuiName, $_SESSION["mb_user_id"]));
+				array_push($t, array('s', 'i'));
 			}
-			$sql = "INSERT INTO gui_treegde (fkey_gui_id, fkey_layer_id, id, lft, rgt, my_layer_title, layer, wms_id) SELECT '" . $newGuiName . "', fkey_layer_id, id, lft, rgt, my_layer_title, layer, wms_id FROM gui_treegde WHERE fkey_gui_id = '" . $guiList . "';";
-			$res = db_query($sql);
-			if (!$res) {
-				$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-				$error = true;
-			}
+			array_push($sql, "INSERT INTO gui_treegde (fkey_gui_id, fkey_layer_id, id, lft, rgt, my_layer_title, layer, wms_id) SELECT $1, fkey_layer_id, id, lft, rgt, my_layer_title, layer, wms_id FROM gui_treegde WHERE fkey_gui_id = $2;");
+			array_push($v, array($newGuiName, $guiList));
+			array_push($t, array("s", "s"));
 
-			$sql = "INSERT INTO gui_wfs (fkey_gui_id, fkey_wfs_id) SELECT '" . $newGuiName . "', fkey_wfs_id FROM gui_wfs WHERE fkey_gui_id = '" . $guiList . "';";
-			$res = db_query($sql);
-			if (!$res) {
-				$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-				$error = true;
-			}
+			array_push($sql, "INSERT INTO gui_wfs (fkey_gui_id, fkey_wfs_id) SELECT $1, fkey_wfs_id FROM gui_wfs WHERE fkey_gui_id = $2;");
+			array_push($v, array($newGuiName, $guiList));
+			array_push($t, array("s", "s"));
 
-			$sql = "INSERT INTO gui_wms (fkey_gui_id, fkey_wms_id, gui_wms_position, gui_wms_mapformat, gui_wms_featureinfoformat, gui_wms_exceptionformat, gui_wms_epsg, gui_wms_visible) SELECT '" . $newGuiName . "', fkey_wms_id, gui_wms_position, gui_wms_mapformat, gui_wms_featureinfoformat, gui_wms_exceptionformat, gui_wms_epsg, gui_wms_visible FROM gui_wms WHERE fkey_gui_id = '" . $guiList . "';";
-			$res = db_query($sql);
-			if (!$res) {
-				$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-				$error = true;
-			}
+			array_push($sql, "INSERT INTO gui_wms (fkey_gui_id, fkey_wms_id, gui_wms_position, gui_wms_mapformat, gui_wms_featureinfoformat, gui_wms_exceptionformat, gui_wms_epsg, gui_wms_visible) SELECT $1, fkey_wms_id, gui_wms_position, gui_wms_mapformat, gui_wms_featureinfoformat, gui_wms_exceptionformat, gui_wms_epsg, gui_wms_visible FROM gui_wms WHERE fkey_gui_id = $2;");
+			array_push($v, array($newGuiName, $guiList));
+			array_push($t, array("s", "s"));
+			
+			array_push($sql, "COMMIT");
+			array_push($v, array());
+			array_push($t, array());
 
-			// if $error is false, the transaction is executed -> commit
-			if (!$error) {
-				$sql = "COMMIT";
-			} 
-			else {
-				$sql = "ROLLBACK";
+			// execute all SQLs
+			for ($i = 0; $i < count($sql); $i++) {
+				$res = db_prep_query($sql[$i], $v[$i], $t[$i]);
+				// if an SQL fails, send a ROLLBACK and return false
+				if (!$res) {
+					db_query("ROLLBACK");
+					return false;
+				}
 			}
-			$res = db_query($sql);
-			if (!$res) {
-				$report .= "<br><br>" . $sql . "<br><br>" . db_error() . "<br>";
-				$error = true;
-			}
-			return !$error;
+			return true;
 		}
 		else {
 	      echo "<script language='javascript'>";

Modified: branches/2.4.5/http/classes/class_log.php
===================================================================
--- tags/2.4.4/http/classes/class_log.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/classes/class_log.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -23,7 +23,7 @@
 *modul "GET /map/http/ HTTP/1.1"
 */
 
-class log{
+class log {
 	var $dir = "../../log/";
 	var $log_username = true;
 
@@ -32,12 +32,14 @@
 	 * {'file' || 'db'}
 	 */
 	var $logtype = 'db';
+	
+	function log($module,$req,$time_client,$type = ""){
 
-	function log($module,$req,$time_client){
-
 		$this->url = $req;
+		if($type == "")
+			$type = $this->logtype;
 
-		if($this->logtype == "file"){
+		if($type == "file"){
 			if(is_dir($this->dir)){
 				$logfile = $this->dir . "mb_access_" . date("Y_m_d") . ".log";
 				if(!$h = @fopen($logfile,"a")){
@@ -65,42 +67,22 @@
 				}
 			}
 		}
-		else if($this->logtype == 'db'){
+		else if($type == 'db'){
 
 
 			include_once(dirname(__FILE__)."/../../conf/mapbender.conf");
 			$con = db_connect(DBSERVER,OWNER,PW);
 			db_select_db(DB,$con);
 			for($i = 0; $i < count($this->url); $i++){
-				$sql = "INSERT INTO mb_log(";
+				$sql = "INSERT INTO mb_log (";
+				$sql .= "time_client, time_server, time_readable, mb_session, ";
+				$sql .= "gui, module, ip, username, userid, request";
+				$sql .= ") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)";
 
-				$sql .= "time_client,";
-				$sql .= "time_server,";
-				$sql .= "time_readable,";
-				$sql .= "mb_session,";
-				$sql .= "gui,";
-				$sql .= "module,";
-				$sql .= "ip,";
-				$sql .= "username,";
-				$sql .= "userid,";
-				$sql .= "request";
+				$v = array($time_client, strtotime("now"), "[".date("d/M/Y:H:i:s O")."]", SID, $_SESSION["mb_user_gui"], $module, $_SESSION["mb_user_ip"], $_SESSION["mb_user_name"], $_SESSION["mb_user_id"], $this->url[$i]);
+				$t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s");
+				$res = db_prep_query($sql, $v, $t)or die(db_error());
 
-				$sql .= ") VALUES (";
-
-				$sql .= "'".$time_client."',";
-				$sql .= "'".strtotime("now")."',";
-				$sql .= "'[".date("d/M/Y:H:i:s O")."]',";
-				$sql .= "'".SID."',";
-				$sql .= "'".$_SESSION["mb_user_gui"]."',";
-				$sql .= "'".$module."',";
-				$sql .= "'".$_SESSION["mb_user_ip"]."',";
-				$sql .= "'".$_SESSION["mb_user_name"]."',";
-				$sql .= "'".$_SESSION["mb_user_id"]."',";
-				$sql .= "'".$this->url[$i]."'";
-				$sql .= ")";
-
-				$res = db_query($sql)or die(db_error());
-
 				if(!$res){
 					include_once(dirname(__FILE__)."/class_mb_exception.php");
 					$e = new mb_exception("class_log: Writing table mb_log failed.");

Modified: branches/2.4.5/http/classes/class_wfs.php
===================================================================
--- tags/2.4.4/http/classes/class_wfs.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/classes/class_wfs.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -223,20 +223,14 @@
 
 	# TABLE wfs
 	
-	$sql = "INSERT INTO wfs (wfs_version, wfs_name, wfs_title, wfs_abstract, wfs_getcapabilities, wfs_describefeaturetype, wfs_getfeature, wfs_transaction) ";
-	$sql .= "VALUES(";
-		$sql .= "'" . $this->wfs_version ."', ";
-		$sql .= "'" . db_escape_string(str_replace("'","",$this->wfs_name)) ."', ";
-		$sql .= "'" . db_escape_string(str_replace("'","",$this->wfs_title)) ."', ";
-		$sql .= "'" . db_escape_string(str_replace("'","",$this->wfs_abstract)) .  "', ";
-		$sql .= "'" . $this->wfs_getcapabilities ."', ";
-		$sql .= "'" . $this->wfs_describefeaturetype . "', ";
-		$sql .= "'". $this->wfs_getfeature . "', ";
-		$sql .= "'". $this->wfs_transaction . "'";
-	$sql .= ");";
+	$sql = "INSERT INTO wfs (wfs_version, wfs_name, wfs_title, wfs_abstract, ";
+	$sql .= "wfs_getcapabilities, wfs_describefeaturetype, wfs_getfeature, ";
+	$sql .= "wfs_transaction) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)";
+	$v = array($this->wfs_version, db_escape_string(str_replace("'","",$this->wfs_name)), db_escape_string(str_replace("'","",$this->wfs_title)), db_escape_string(str_replace("'","",$this->wfs_abstract)), $this->wfs_getcapabilities, $this->wfs_describefeaturetype, $this->wfs_getfeature, $this->wfs_transaction);
+	$t = array("s", "s", "s", "s", "s", "s", "s", "s");
 	#echo "sql wfs: <br>".$sql;
 	
-	$res = db_query($sql)or die(db_error());
+	$res = db_prep_query($sql, $v, $t)or die(db_error());
 	
 	$myWFS = db_insert_id($con,'wfs','wfs_id');
 	#echo "<br> myWFS: ".$myWFS;
@@ -244,62 +238,57 @@
 	# TABLE wfs_featuretype
 	
 	for($i=0; $i<count($this->wfs_featuretype); $i++){
-		$sql = "INSERT INTO wfs_featuretype(fkey_wfs_id, featuretype_name, featuretype_title, featuretype_srs) ";
-		$sql .= "VALUES(";
-			$sql .= $myWFS . ",";
-			$sql .= "'".$this->wfs_featuretype[$i]->featuretype_name . "',";
-			$sql .= "'".$this->wfs_featuretype[$i]->featuretype_title."',";
-			$sql .= "'".$this->wfs_featuretype[$i]->featuretype_srs."'";
-		$sql .= ")";
+		$sql = "INSERT INTO wfs_featuretype(fkey_wfs_id, featuretype_name, ";
+		$sql .= "featuretype_title, featuretype_srs) VALUES ($1, $2, $3, $4)";
+		$v = array($myWFS, $this->wfs_featuretype[$i]->featuretype_name, $this->wfs_featuretype[$i]->featuretype_title, $this->wfs_featuretype[$i]->featuretype_srs);
+		$t = array("i", "s", "s", "s");
 		
 		#$res = mysql_query($sql) or $this->cleanDB($myWFS,$sql);
 		
-		$res = db_query($sql) or $this->cleanDB($myWFS,$sql);
+		$res = db_prep_query($sql, $v, $t) or $this->cleanDB($myWFS,$sql);
 
 		
 		# save the id of each featuretype: 
 		$this->wfs_featuretype[$i]->mysql_id = db_insert_id($con,'wfs_featuretype','featuretype_id');
 		
 		for($j=0; $j<count($this->wfs_featuretype[$i]->featuretype_element);$j++){
-			$sql = "INSERT INTO wfs_element(fkey_featuretype_id, element_name,element_type) ";
-			$sql .= "VALUES("; 
-			$sql .= "'" .$this->wfs_featuretype[$i]->mysql_id. "', ";
-			$sql .= "'" .$this->wfs_featuretype[$i]->featuretype_element[$j]["name"]. "', ";
-			$sql .= "'" .$this->wfs_featuretype[$i]->featuretype_element[$j]["type"]. "' ";
-			$sql .= ")";
+			$sql = "INSERT INTO wfs_element(fkey_featuretype_id, ";
+			$sql .= "element_name,element_type) VALUES ($1, $2, $3)"; 
+
+			$v = array($this->wfs_featuretype[$i]->mysql_id, $this->wfs_featuretype[$i]->featuretype_element[$j]["name"], $this->wfs_featuretype[$i]->featuretype_element[$j]["type"]);
+			$t = array("s", "s", "s");
 			
-			$res = db_query($sql) or $this->cleanDB($myWFS,$sql);
+			$res = db_prep_query($sql, $v, $t) or $this->cleanDB($myWFS,$sql);
 		}
 
 		for($j=0; $j<count($this->wfs_featuretype[$i]->featuretype_namespace);$j++){
-			$sql = "INSERT INTO wfs_featuretype_namespace(fkey_wfs_id, fkey_featuretype_id, namespace, namespace_location) ";
-			$sql .= "VALUES("; 
-			$sql .= "'" .$myWFS. "',";
-			$sql .= "'" .$this->wfs_featuretype[$i]->mysql_id. "', ";
-			$sql .= "'" .$this->wfs_featuretype[$i]->featuretype_namespace[$j]["name"]. "', ";
-			$sql .= "'" .$this->wfs_featuretype[$i]->featuretype_namespace[$j]["value"]. "' ";
-			$sql .= ")";
+			$sql = "INSERT INTO wfs_featuretype_namespace (fkey_wfs_id, ";
+			$sql .= "fkey_featuretype_id, namespace, namespace_location) ";
+			$sql .= "VALUES ($1, $2, $3, $4)"; 
+			$v = array($myWFS, $this->wfs_featuretype[$i]->mysql_id, $this->wfs_featuretype[$i]->featuretype_namespace[$j]["name"], $this->wfs_featuretype[$i]->featuretype_namespace[$j]["value"]);
+			$t = array("i", "s", "s", "s"); 
 			
-			$res = db_query($sql) or $this->cleanDB($myWFS,$sql);
+			$res = db_prep_query($sql, $v, $t) or $this->cleanDB($myWFS,$sql);
 		}
 	}
 	
 	# TABLE gui_wfs
 	
 	$sql ="INSERT INTO gui_wfs (fkey_gui_id, fkey_wfs_id)";
-	$sql .= "VALUES(";
-		$sql .= "'" . $gui_id . "', ";
-		$sql .= $myWFS;
-	$sql .= ");";
+	$sql .= "VALUES ($1, $2)";
+	$v = array($gui_id, $myWFS);
+	$t = array("s", "i");
 	
-	$res = db_query($sql) or $this->cleanDB($myWFS,$sql);
+	$res = db_prep_query($sql, $v, $t) or $this->cleanDB($myWFS,$sql);
 }
 function cleanDB($wfsid,$sql){
 	global $DBSERVER,$DB,$OWNER,$PW;
 	$con = db_connect($DBSERVER,$OWNER,$PW);
 	db_select_db($DB,$con);
-	$s = "DELETE FROM wfs WHERE wfs_id = ".$wfsid;
-	$res = db_query($s);
+	$s = "DELETE FROM wfs WHERE wfs_id = $1";
+	$v = array($wfsid);
+	$t = array("i");
+	$res = db_prep_query($s, $v, $t);
 	echo "<br>Error in :".$sql."<br>";
 	echo "<br>Db cleaned.<br>";
 	die;

Modified: branches/2.4.5/http/classes/class_wfs_conf.php
===================================================================
--- tags/2.4.4/http/classes/class_wfs_conf.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/classes/class_wfs_conf.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -1,5 +1,5 @@
 <?php
-# $Id: class_wfs_conf.php 530 2006-06-19 15:08:35Z vera_schulze $
+# $Id$
 # http://www.mapbender.org/index.php/class_wfs_conf.php
 # Copyright (C) 2002 CCGIS 
 #
@@ -91,8 +91,10 @@
 		global $DBSERVER,$DB,$OWNER,$PW;
 		$con = db_connect($DBSERVER,$OWNER,$PW);
 		db_select_db($DB,$con);
-		$sql = "SELECT * FROM wfs_featuretype WHERE fkey_wfs_id = ".$id;
-		$res = db_query($sql);
+		$sql = "SELECT * FROM wfs_featuretype WHERE fkey_wfs_id = $1";
+		$v = array($id);
+		$t = array("i");
+		$res = db_prep_query($sql, $v, $t);
 		$cnt = 0;
 		while ($row = db_fetch_array($res)){
 			$this->featuretype_id[$cnt] = $row["featuretype_id"];
@@ -118,8 +120,10 @@
 		global $DBSERVER,$DB,$OWNER,$PW;
 		$con = db_connect($DBSERVER,$OWNER,$PW);
 		db_select_db($DB,$con);
-		$sql = "SELECT * FROM wfs_element WHERE fkey_featuretype_id = ".$fid;
-		$res = db_query($sql);
+		$sql = "SELECT * FROM wfs_element WHERE fkey_featuretype_id = $1";
+		$v = array($fid);
+		$t = array("i");
+		$res = db_prep_query($sql, $v, $t);
 		$cnt = 0;
 		while ($row = db_fetch_array($res)){
 			$this->element_id[$cnt] = $row["element_id"];
@@ -142,8 +146,10 @@
 		global $DBSERVER,$DB,$OWNER,$PW;
 		$con = db_connect($DBSERVER,$OWNER,$PW);
 		db_select_db($DB,$con);
-		$sql = "SELECT * FROM wfs_featuretype_namespace WHERE fkey_featuretype_id = ".$fid;
-		$res = db_query($sql);
+		$sql = "SELECT * FROM wfs_featuretype_namespace WHERE fkey_featuretype_id = $1";
+		$v = array($fid);
+		$t = array("i");
+		$res = db_prep_query($sql, $v, $t);
 		$cnt = 0;
 		while ($row = db_fetch_array($res)){
 			$this->namespace_name[$cnt] = $row["namespace"];

Deleted: branches/2.4.5/http/classes/class_wmc.php
===================================================================
--- tags/2.4.4/http/classes/class_wmc.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/classes/class_wmc.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -1,715 +0,0 @@
-<?php
-# $Id: class_wmc.php 645 2006-12-08 12:58:39Z christoph $
-# http://www.mapbender.org/index.php/class_wmc.php
-# Copyright (C) 2002 CCGIS 
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-require_once("../../conf/mapbender.conf");
-require_once("../classes/class_wms.php");
-require_once("../classes/class_mb_exception.php");
-require_once("../classes/class_administration.php");
-
-function sepNameSpace($s){
-	$c = strpos($s,":"); 
-	if($c>0)return substr($s,$c+1);
-	return $s;
-}
-class wmc {
-
-		var $wmc_id;
-		var $wmc_version;
-		var $wmc_windowWidth;
-		var $wmc_windowHeight;
-		var $wmc_bBox_SRS;
-		var $wmc_bBox_minx;
-		var $wmc_bBox_maxx;
-		var $wmc_bBox_miny;
-		var $wmc_bBox_maxy;
-		var $wmc_name;
-		var $wmc_title;
-		var $wmc_abstract;
-		var $wmc_logourl;
-		var $wmc_logourl_format;
-		var $wmc_logourl_type;
-		var $wmc_logourl_width;
-		var $wmc_logourl_height;
-		var $wmc_descriptionurl;
-		var $wmc_descriptionurl_format;
-		var $wmc_descriptionurl_type;
-		var $wmc_keyword = array();
-		var $wmc_contactposition;
-		var $wmc_contactvoicetelephone;
-		var $wmc_contactemail;
-		var $wmc_contactfacsimiletelephone;
-		var $wmc_contactperson;
-		var $wmc_contactorganization;
-		var $wmc_contactaddresstype;
-		var $wmc_contactaddress;
-		var $wmc_contactcity;
-		var $wmc_contactstateorprovince;
-		var $wmc_contactpostcode;
-		var $wmc_contactcountry;
-					
-		var $wmc_wms_title = array();
-		var $wmc_layer_queryable = array();
-		var $wmc_layer_querylayer = array();
-		var $wmc_layer_hidden = array();
-		var $wmc_wms_id = array();
-		var $wmc_wms_service = array();
-		var $wmc_wms_version = array();
-		var $wmc_layer_id = array();
-		var $wmc_layer_title = array();
-		var $wmc_layer_name = array();
-		var $wmc_layer_abstract = array();
-		var $wmc_layer_srs = array();
-		var $wmc_wms_serviceURL = array();
-		var $wmc_layer_format_current = array();
-		var $wmc_layer_dataurl = array();
-		var $wmc_layer_metadataurl = array();
-		var $wmc_layer_minscale = array();
-		var $wmc_layer_maxscale = array();
-		var $wmc_layer_format = array();
-		var $wmc_layer_style_current = array();
-		var $wmc_layer_style_name = array();
-		var $wmc_layer_style_title = array();
-		var $wmc_layer_style_legendurl = array();
-		var $wmc_layer_style_legendurl_width = array();
-		var $wmc_layer_style_legendurl_height = array();
-		var $wmc_layer_style_legendurl_format = array();
-		var $wmc_layer_style_legendurl_type = array();
-		var $wmc_layer_style_sld_url = array();
-		var $wmc_layer_style_sld_type = array();
-		var $wmc_layer_style_sld_title = array();
-		var $wmc_wms_count = 0;
-			
-	function wmc() {	
-	} 
-	
-	function getTitle() {
-		return $this->wmc_title;
-	}
-	
-	function getNumberOfWms () {
-		return $this->wmc_wms_count;
-	}
-
-	function createObjFromWMC_id($wmc_id){
-		
-		$con = db_connect(DBSERVER,OWNER,PW);
-		db_select_db(DB, $con);
-		
-		$sql = "SELECT wmc FROM mb_user_wmc WHERE wmc_id = $1";
-		$v = array($wmc_id);
-		$t = array("s");
-		$res = db_prep_query($sql, $v, $t);
-		$wmc = db_fetch_array($res);
-		$this->createObjFromWMC_xml($wmc[0]);
-	
-	}
-
-	function createObjFromWMC_xml($data){
-		$values = NULL;
-		$tags = NULL;
-		$parser = xml_parser_create(CHARSET);
-		xml_parser_set_option($parser,XML_OPTION_CASE_FOLDING,0);
-		xml_parser_set_option($parser,XML_OPTION_SKIP_WHITE,1);
-		xml_parser_set_option($parser,XML_OPTION_TARGET_ENCODING,CHARSET);
-		xml_parse_into_struct($parser,$data,$values,$tags);
-		$code = xml_get_error_code ($parser);
-		if ($code) {
-			$line = xml_get_current_line_number($parser); 
-			$mb_exception = new mb_exception(xml_error_string($code) .  " in line " . $line);
-			return false;
-		}
-		xml_parser_free($parser);
-		
-		$section = NULL;
-		$format = NULL;
-		$cnt_format = 0;
-		$parent = array();
-		$myParent = array();
-		$cnt_layer = -1;
-		$request = NULL; 
-		$layer_style = array();
-		$cnt_style = -1;
-		$extension = false;
-		
-		$general = false;
-		$layerlist = false;
-		$layer = false;
-		$formatlist = false;
-		$metadataurl = false;
-		$dataurl = false;
-		$stylelist = false;
-		
-		foreach ($values as $element) {
-			if(strtoupper($element[tag]) == "VIEWCONTEXT" && $element[type] == "open"){
-					$this->wmc_id = $element[attributes]["id"];
-					$this->wmc_version = $element[attributes]["version"];
-			}
-			if(strtoupper($element[tag]) == "GENERAL" && $element[type] == "open"){
-			   $general = true;
-			}
-			if(strtoupper($element[tag]) == "LAYERLIST" && $element[type] == "open"){
-			   $layerlist = true;
-			}
-			if ($general) {
-				if(strtoupper($element[tag]) == "WINDOW"){
-					$this->wmc_windowWidth = $element[attributes]["width"];
-					$this->wmc_windowHeight = $element[attributes]["height"];
-				}
-				if(strtoupper($element[tag]) == "BOUNDINGBOX"){
-					$this->wmc_bBox_SRS = $element[attributes]["SRS"];
-					$this->wmc_bBox_minx = $element[attributes]["minx"];
-					$this->wmc_bBox_miny = $element[attributes]["miny"];
-					$this->wmc_bBox_maxx = $element[attributes]["maxx"];
-					$this->wmc_bBox_maxy = $element[attributes]["maxy"];
-				}
-				if(strtoupper($element[tag]) == "NAME"){
-					$this->wmc_name = $element[value];
-				}
-				if(strtoupper($element[tag]) == "TITLE"){
-					$this->wmc_title = $element[value];
-				}
-				if(strtoupper($element[tag]) == "ABSTRACT"){
-					$this->wmc_abstract = $element[value];
-				}
-				if(strtoupper($element[tag]) == "CONTACTINFORMATION" && $element['type'] == "open"){
-					$contactinformation = true;
-				}
-				if ($contactinformation) {
-					if(strtoupper($element[tag]) == "CONTACTPOSITION"){
-						$this->wmc_contactposition = $element[value];
-					}
-					if(strtoupper($element[tag]) == "CONTACTVOICETELEPHONE"){
-						$this->wmc_contactvoicetelephone = $element[value];
-					}
-					if(strtoupper($element[tag]) == "CONTACTFACSIMILETELEPHONE"){
-						$this->wmc_contactfacsimiletelephone = $element[value];
-					}
-					if(strtoupper($element[tag]) == "CONTACTELECTRONICMAILADDRESS"){
-						$this->wmc_contactemail = $element[value];
-					}
-					if(strtoupper($element[tag]) == "CONTACTPERSONPRIMARY" && $element['type'] == "open"){
-						$contactpersonprimary = true;
-					}
-					if ($contactpersonprimary) {
-						if(strtoupper($element[tag]) == "CONTACTPERSON"){
-							$this->wmc_contactperson = $element[value];
-						}
-						if(strtoupper($element[tag]) == "CONTACTORGANIZATION"){
-							$this->wmc_contactorganization = $element[value];
-						}
-						if(strtoupper($element[tag]) == "CONTACTPERSONPRIMARY" && $element['type'] == "close"){
-							$contactpersonprimary = false;
-						}
-					}
-					if(strtoupper($element[tag]) == "CONTACTADDRESS" && $element['type'] == "open"){
-						$contactaddress = true;
-					}
-					if ($contactaddress) {
-						if(strtoupper($element[tag]) == "ADDRESSTYPE"){
-							$this->wmc_contactaddresstype = $element[value];
-						}
-						if(strtoupper($element[tag]) == "ADDRESS"){
-							$this->wmc_contactaddress = $element[value];
-						}
-						if(strtoupper($element[tag]) == "CITY"){
-							$this->wmc_contactcity = $element[value];
-						}
-						if(strtoupper($element[tag]) == "STATEORPROVINCE"){
-							$this->wmc_contactstateorprovince = $element[value];
-						}
-						if(strtoupper($element[tag]) == "POSTCODE"){
-							$this->wmc_contactpostcode = $element[value];
-						}
-						if(strtoupper($element[tag]) == "COUNTRY"){
-							$this->wmc_contactcountry = $element[value];
-						}
-						if(strtoupper($element[tag]) == "CONTACTADDRESS" && $element['type'] == "close"){
-							$contactaddress = false;
-						}
-					}
-				}
-				if(strtoupper($element[tag]) == "LOGOURL" && $element['type'] == "open"){
-					$logourl = true;
-					$this->wmc_logourl_width = $element[attributes]["width"];
-					$this->wmc_logourl_height = $element[attributes]["height"];
-					$this->wmc_logourl_format = $element[attributes]["format"];
-				}
-				if ($logourl) {
-					if(strtoupper($element[tag]) == "LOGOURL" && $element['type'] == "close"){
-						$logourl = false;
-					}
-					if(strtoupper($element[tag]) == "ONLINERESOURCE"){
-						$this->wmc_logourl_type = $element[attributes]["xlink:type"];
-						$this->wmc_logourl = $element[attributes]["xlink:href"];
-					}
-				}
-				if(strtoupper($element[tag]) == "DESCRIPTIONURL" && $element['type'] == "open"){
-					$descriptionurl = true;
-					$this->wmc_descriptionurl_format = $element[attributes]["format"];
-				}
-				if ($descriptionurl) {
-					if(strtoupper($element[tag]) == "DESCRIPTIONURL" && $element['type'] == "close"){
-						$descriptionurl = false;
-					}
-					if(strtoupper($element[tag]) == "ONLINERESOURCE"){
-						$this->wmc_descriptionurl_type = $element[attributes]["xlink:type"];
-						$this->wmc_descriptionurl = $element[attributes]["xlink:href"];
-					}
-				}
-				if(strtoupper($element[tag]) == "KEYWORDLIST" && $element['type'] == "open"){
-					$keywordlist = true;
-				}
-				if ($keywordlist) {
-					if(strtoupper($element[tag]) == "KEYWORDLIST" && $element['type'] == "close"){
-						$keywordlist = false;
-						$cnt_keyword = -1;
-					}
-					if(strtoupper($element[tag]) == "KEYWORD"){
-						$cnt_keyword++;
-						$this->wmc_keyword[$cnt_keyword] = $element[value];
-					}
-				}
-						
-				if(strtoupper($element[tag]) == "GENERAL" && $element['type'] == "close"){
-		   			$general = false;
-			 	}
-			}
-			if ($layerlist) {
-				if(strtoupper($element[tag]) == "LAYERLIST" && $element['type'] == "close"){
-				   $layerlist = false;
-				}
-				if(strtoupper($element[tag]) == "LAYER" && $element[type] == "open"){
-					 $cnt_layer++;
-					 $this->wmc_layer_queryable[$cnt_layer] = $element[attributes]["queryable"];
-					 $this->wmc_layer_hidden[$cnt_layer] = $element[attributes]["hidden"];
-					 $layer = true;
-      		 		 $cnt_epsg = 0;
-				}
-				if ($layer) {
-					if(strtoupper($element[tag]) == "LAYER" && $element[type] == "close"){
-						$layer = false;
-					}
-					 if ($formatlist) {
-						 if(strtoupper($element[tag]) == "FORMAT"){
-						 	$cnt_format++;
-						 	$this->wmc_layer_format_current[$cnt_layer][$cnt_format] = $element[attributes]["current"];
-						 	$this->wmc_layer_format[$cnt_layer][$cnt_format] = $element[value];
-						 }
-						 if(strtoupper($element[tag]) == "FORMATLIST" && $element[type] == "close"){
-							 $formatlist = false;
-						 }
-					 }
-					 elseif ($metadataurl) {
-						 if(strtoupper($element[tag]) == "ONLINERESOURCE"){
-							$this->wmc_layer_metadataurl[$cnt_layer] = $element[attributes]["xlink:href"];
-						 }
-						 if(strtoupper($element[tag]) == "METADATAURL" && $element[type] == "close"){
-							$metadataurl = false;
-						 }
-					 }
-					 elseif ($dataurl) {
-						 if(strtoupper($element[tag]) == "ONLINERESOURCE"){
-						 	$this->wmc_layer_dataurl[$cnt_layer] = $element[attributes]["xlink:href"];
-						 }
-						 if(strtoupper($element[tag]) == "DATAURL" && $element[type] == "close"){
-							 $dataurl = false;
-						 }
-					 }
-					 elseif ($stylelist) {
-						 if(strtoupper($element[tag]) == "STYLE" && $element[type] == "open"){
-						 	$cnt_style++;
-						 	$style = true;
-						 	$this->wmc_layer_style_current[$cnt_layer][$cnt_style] = $element[attributes]["current"];
-						 }
-						 if ($style) {
-							 if(strtoupper($element[tag]) == "STYLE" && $element[type] == "close"){
-							 	$style = false;
-							 }
-							 if(strtoupper($element[tag]) == "SLD" && $element[type] == "open"){
-							 	$sld = true;
-							 }
-							 if ($sld) {
-								 if(strtoupper($element[tag]) == "SLD" && $element[type] == "close"){
-								 	$sld = false;
-								 }
-								 if(strtoupper($element[tag]) == "ONLINERESOURCE"){
-								 	$this->wmc_layer_style_sld_type[$cnt_layer][$cnt_style] = $element[attributes]["xlink:type"];
-								 	$this->wmc_layer_style_sld_url[$cnt_layer][$cnt_style] = $element[attributes]["xlink:href"];
-								 }
-								 if(strtoupper($element[tag]) == "TITLE"){
-								 	$this->wmc_layer_style_sld_title[$cnt_layer][$cnt_style] = $element[value];
-								 }
-							 }
-							 else {
-								 if(strtoupper($element[tag]) == "NAME"){
-								 	$this->wmc_layer_style_name[$cnt_layer][$cnt_style] = $element[value];
-								 }
-								 if(strtoupper($element[tag]) == "TITLE"){
-								 	$this->wmc_layer_style_title[$cnt_layer][$cnt_style] = $element[value];
-								 }
-								 if(strtoupper($element[tag]) == "LEGENDURL" && $element[type] == "open"){
-								 	$legendurl = true;
-								 	$this->wmc_layer_style_legendurl_width[$cnt_layer][$cnt_style] = $element[attributes]["width"];
-								 	$this->wmc_layer_style_legendurl_height[$cnt_layer][$cnt_style] = $element[attributes]["height"];
-								 	$this->wmc_layer_style_legendurl_format[$cnt_layer][$cnt_style] = $element[attributes]["format"];
-								 }
-								 if ($legendurl) {
-									 if(strtoupper($element[tag]) == "LEGENDURL" && $element[type] == "close"){
-									 	$legendurl = false;
-									 }
-									 if(strtoupper($element[tag]) == "ONLINERESOURCE"){
-									 	$this->wmc_layer_style_legendurl_type[$cnt_layer][$cnt_style] = $element[attributes]["xlink:type"];
-									 	$this->wmc_layer_style_legendurl[$cnt_layer][$cnt_style] = $element[attributes]["xlink:href"];
-									 }
-								 }
-							 }
-						 }
-						 if(strtoupper($element[tag]) == "STYLELIST" && $element[type] == "close"){
-							 $stylelist = false;
-						 }
-					 }
-					 else {
-						 if(strtoupper($element[tag]) == "SERVER" && $element[type] == "open"){
-						 	 $server = true;
-						 	 $this->wmc_wms_service[$cnt_layer] = $element[attributes]["service"];
-						 	 $this->wmc_wms_version[$cnt_layer] = $element[attributes]["version"];
-						 	 $this->wmc_wms_title[$cnt_layer] = $element[attributes]["title"];
-						 }
-						 if ($server) {
-							 if(strtoupper($element[tag]) == "SERVER" && $element[type] == "close"){
-							 	 $server = false;
-							 }
-							 if(strtoupper($element[tag]) == "ONLINERESOURCE"){
-						 		 $this->wmc_wms_serviceURL[$cnt_layer] = $element[attributes]["xlink:href"];
-							 }
-						 }
-						 if(strtoupper($element[tag]) == "NAME"){
-					 		 $this->wmc_layer_name[$cnt_layer] = $element[value];
-						 }
-						 if(strtoupper($element[tag]) == "TITLE"){
-					 		 $this->wmc_layer_title[$cnt_layer] = $element[value];
-						 }
-						 if(strtoupper($element[tag]) == "ABSTRACT"){
-					 		 $this->wmc_layer_abstract[$cnt_layer] = $element[value];
-						 }
-						 if(strtoupper($element[tag]) == "SRS"){
-							 $epsgArray = explode(" ", $element[value]);						 	
-					 		 
-					 		 for ($c = 0 ; $c < count($epsgArray) ; $c ++) {
-						 		 $this->wmc_layer_srs[$cnt_layer][$cnt_epsg] = $epsgArray[$c];
-								 $cnt_epsg++;
-					 		 }
-						 }
-						 if (strtoupper($element[tag]) == "EXTENSION" && $element[type] == "open") {
-						 	$extension = true;
-						 }
-						 if (strtoupper($element[tag]) == "EXTENSION" && $element[type] == "close") {
-						 	$extension = false;
-						 }
-						 if($extension == true && strtoupper(sepNameSpace($element[tag])) == "SCALEHINT"){
-					 		 $this->wmc_layer_minscale[$cnt_layer] = $element[attributes]["min"];
-					 		 $this->wmc_layer_maxscale[$cnt_layer] = $element[attributes]["max"];
-						 }
-						 if($extension == true && strtoupper(sepNameSpace($element[tag])) == "LAYER_ID"){
-					 		 $this->wmc_layer_id[$cnt_layer] = $element[value];
-						 }
-						 if($extension == true && strtoupper(sepNameSpace($element[tag])) == "WMS_ID"){
-					 		 $this->wmc_wms_id[$cnt_layer] = $element[value];
-						 }
-						 if($extension == true && strtoupper(sepNameSpace($element[tag])) == "QUERYLAYER"){
-					 		 $this->wmc_layer_querylayer[$cnt_layer] = $element[value];
-						 }
-						 if(strtoupper(sepNameSpace($element[tag])) == "METADATAURL" && $element[type] == "open"){
-							 $metadataurl = true;
-						 }
-						 if(strtoupper(sepNameSpace($element[tag])) == "DATAURL" && $element[type] == "open"){
-							 $dataurl = true;
-						 }
-						 if(strtoupper(sepNameSpace($element[tag])) == "FORMATLIST" && $element[type] == "open"){
-							 $formatlist = true;
-							 $cnt_format = -1;
-						 }
-						 if(strtoupper(sepNameSpace($element[tag])) == "STYLELIST" && $element[type] == "open"){
-							 $stylelist = true;
-							 $cnt_style = -1;
-						 }
-					 }
-				}
-			}
-		}
-		return true;
-	}
-
-	function createJsObjFromWMC($target, $mapObj, $action){
-		$wmc_string = "";
-		$validActions = array("load", "merge", "append");
-		if (!in_array($action, $validActions)) {
-			$wmc_string .= "alert('invalid action: ".$action."');";			
-		}
-		else {
-			$wmc_string .= "var index = " . $target . "getMapObjIndexByName('" . $mapObj . "');\n";
-			if ($action == "load") {
-				// delete all previous wms
-				$wmc_string .= "while(" . $target . "mb_mapObj[index].wms.length > 0){" . $target . "mb_mapObjremoveWMS(index,0);}";
-				$wmc_string .= $target . "deleteWmsObject();\n";
-			}
-			if ($action == "merge") {
-				$wmc_string .= "var wms_exists = false;\n";				// true if this wms exists in the mapObj
-				$wmc_string .= "var current_wms_index = null;\n";		// if wms_exists: index of the wms in the map obj; else: null
-				$wmc_string .= "var layer_exists = false;\n";			// true if this layer exists in an existing wms of the mapObj
-				$wmc_string .= "var current_layer_index = null;\n";		// if layer_exists: index of the layer of the wms in the mapObj; else: null
-			}
-			$new_wms = "";
-			$cnt_wms = -1;
-			$added_wms = array();
-			
-			// for all layers in wmc, find individual wms...
-			for ($i = 0; $i < count($this->wmc_layer_title); $i++) {
-				$current_wms = $this->wmc_wms_serviceURL[$i];
-				// ...this is something like 'for every wms'
-				if (!in_array($current_wms , $added_wms)) {
-					$layerlist = "";
-					$querylayerlist = "";
-					$srs_array = array();
-		
-					if ($action == "merge") {
-						$wmc_string .= "wms_exists = false;\n";
-						$wmc_string .= "current_wms_index = null;\n";
-						$wmc_string .= "for (var m=0; m < " . $target . "mb_mapObj[index].wms.length; m++) {\n";
-						$wmc_string .= "\tif ('" . $this->wmc_wms_serviceURL[$i] . "' ==  " . $target . "mb_mapObj[index].wms[m].wms_getmap) {\n";
-						$wmc_string .= "\t\twms_exists = true;\n";
-						$wmc_string .= "\t\tcurrent_wms_index = m;\n";
-						$wmc_string .= "\t}\n";
-						$wmc_string .= "}\n";
-						$wmc_string .= "if (!wms_exists) {\n";
-					}				
-					 
-					$mywms = new wms();
-			
-			  		if(!$this->wmc_layer_title[$i] || $this->wmc_layer_title[$i] == ""){
-						echo "alert('Error: no valid capabilities-document !!');\n";
-						die; exit;
-					}
-
-					for($j=0;$j<count($this->wmc_layer_format[$i]);$j++){
-						if ($this->wmc_layer_format_current[$i][$j] == 1) {
-							$wms_data_format = $this->wmc_layer_format[$i][$j];
-						}
-					}
-					// add wms
-					$wmc_string .= "\t" . $target . "add_wms('','".
-						$this->wmc_wms_version[$i] ."','".
-						$this->wmc_wms_title[$i] ."','".
-						$this->wmc_layer_abstract[$i] ."','".
-						$this->wmc_wms_serviceURL[$i] ."','" .
-						$this->wmc_wms_serviceURL[$i] ."','" .
-						$this->wmc_layer_style_legendurl[$i][0] ."','','". 
-						$wms_data_format ."','text/html','application/vnd.ogc.se_xml','". 
-						$this->wmc_bBox_SRS ."','1');\n";
-		
-					$added_wms[count($added_wms)] = $current_wms;
-					$cnt_wms++;
-					$cnt_layers = 0;
-					$cnt_query_layers = 0;
-					if ($action == "merge") {
-						$wmc_string .= "}\n";
-					}
-	
-					// add epsg
-					$wmc_string .= $target . "wms_addSRS('". 
-						$this->wmc_bBox_SRS ."','". 
-						$this->wmc_bBox_minx ."','". 
-						$this->wmc_bBox_miny ."','". 
-						$this->wmc_bBox_maxx ."','". 
-						$this->wmc_bBox_maxy ."','". 
-						"');\n";
-
-					// for each layer...
-					for ($ii = 0; $ii < count($this->wmc_layer_title); $ii++) {
-						$layer_wms = $this->wmc_wms_serviceURL[$ii];
-						// ... of this wms
-						if ($current_wms == $layer_wms) {
-							
-							// add format (FIXME: is this working?)
-							$z = count($this->wmc_layer_format[$ii]);
-							for($j=0;$j<$z;$j++){
-								$wmc_string .= $target . "wms_add_data_type_format('map','". $this->wmc_layer_format[$ii][$j] ."');\n";
-							}
-							
-							if ($cnt_layers == 0) {
-								if ($action == "merge") {
-									$wmc_string .= "if (!wms_exists) {\n\t";
-								} 
-								// add parent layer
-								$wmc_string .= $target . "wms_add_layer('','".$this->wmc_layer_id[$i]."','','". $this->wmc_wms_title[$i] ."','','0','0','0','0','','".$this->wmc_wms_id[$i]."','1','1','1','0','0','0','0');\n";
-								if ($action == "merge") {
-									$wmc_string .= "}\n";
-								} 
-							}
-	
-							$cnt_layers++;
-							
-							if ($action == "merge") {
-								$wmc_string .= "if (wms_exists) {\n";
-								
-								// check if this layer already exists in this wms
-								$wmc_string .= "\tlayer_exists = false;\n";
-								$wmc_string .= "\tcurrent_layer_index = null;\n";
-								$wmc_string .= "\tfor (var m=0; m < " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer.length; m++) {\n";
-								$wmc_string .= "\t\tif ('" . $this->wmc_layer_name[$ii] . "' ==  " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[m].layer_name) {\n";
-								$wmc_string .= "\t\t\tlayer_exists = true;\n";
-								$wmc_string .= "\t\t\tcurrent_layer_index = m;\n";
-								$wmc_string .= "\t\t}\n";
-								$wmc_string .= "\t}\n"; 
-		
-								$wmc_string .= "\tif (layer_exists) {\n";
-								// check if the visibility or the queryability are different to the existing layer
-								$wmc_string .= "\t\tif (" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_visible != '" . intval(!$this->wmc_layer_hidden[$ii]) . "'";
-								$wmc_string .= " || " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_querylayer != '" . $this->wmc_layer_queryable[$ii] . "') {\n";
-		
-								// if yes, update the visibility and queryability
-								$wmc_string .= "\t\t\t" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_visible = " . intval(!$this->wmc_layer_hidden[$ii]) . ";\n"; 
-								$wmc_string .= "\t\t\t" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_querylayer = " . $this->wmc_layer_queryable[$ii] . ";\n"; 
-								$wmc_string .= "\t\t}\n";
-								$wmc_string .= "\t}\n"; 
-								$wmc_string .= "}\n"; 
-								$wmc_string .= "\telse {\n";
-							} 
-
-							// add layer
-							$wmc_string .= "\t" . $target . "wms_add_layer('0','". 
-								$this->wmc_layer_id[$ii] . "','". 
-								$this->wmc_layer_name[$ii] . "','". 
-								$this->wmc_layer_title[$ii] ."','". 
-								$this->wmc_layer_dataurl[$ii] . "','". 
-								intval($cnt_layers) ."','". 
-								$this->wmc_layer_queryable[$ii] ."','".
-								$this->wmc_layer_minscale[$ii]  ."','". 
-								$this->wmc_layer_maxscale[$ii]  ."','". 
-								$this->wmc_layer_metadataurl[$ii] ."','". 
-								$this->wmc_wms_id[$ii] ."','1','1','". 
-								intval(!$this->wmc_layer_hidden[$ii]) ."','". 
-								$this->wmc_layer_queryable[$ii] ."','". 
-								$this->wmc_layer_querylayer[$ii] ."','".
-								$this->wmc_layer_minscale[$ii]  ."','". 
-								$this->wmc_layer_maxscale[$ii]  ."');\n";
-	
-							if ($action == "merge") {
-								$wmc_string .= "\t}\n";
-							} 
-												
-							// if layer is queryable, add it to querylayerlist
-							if ($this->wmc_layer_queryable[$ii]) {
-								$cnt_query_layers++;
-								if (!in_array($this->wmc_layer_name[$ii], explode(",",$querylayerlist))) {
-									if ($querylayerlist == "") {$querylayerlist = $this->wmc_layer_name[$ii];} else {$querylayerlist .= "," . $this->wmc_layer_name[$ii];} 
-								}
-							}
-							// if layer is visible, add it to layerlist 
-							if (intval(!$this->wmc_layer_hidden[$ii]) && !in_array($this->wmc_layer_name[$ii], explode(",",$layerlist))) {
-								if ($layerlist == "") {$layerlist = $this->wmc_layer_name[$ii];} else {$layerlist .= "," . $this->wmc_layer_name[$ii];}
-							}
-	
-							// add layer style (FIXME: is this working?)
-							for($j=0; $j<count($this->wmc_layer_style_name[$ii]);$j++){
-								$wmc_string .= $target . "wms_addLayerStyle('".$this->wmc_layer_style_name[$ii][$j] ."','".$this->wmc_layer_style_title[$ii][$j] ."','".$j."','".$cnt_layers."', '" . $this->wmc_layer_style_legendurl[$ii][$j] . "', '" . $this->wmc_layer_style_legendurl_format[$ii][$j] . "');\n";
-							}
-						}
-					}
-					// add wms to mapObj with all layers and querylayers
-					if ($action == "merge") {
-						$wmc_string .= "if (!wms_exists) {\n";
-					} 
-					$wmc_string .= $target. "mb_mapObjaddWMSwithLayers('" . $mapObj . "', '" . $layerlist . "', '" . $querylayerlist . "');\n";
-					if ($action == "merge") {
-						$wmc_string .= "}\n";
-						$wmc_string .= "else {\n";
-						$wmc_string .= $target. "mb_mapObj[index].layers[current_wms_index] = \"" . $layerlist . "\";\n";
-						$wmc_string .= $target. "mb_mapObj[index].querylayers[current_wms_index] = \"" . $querylayerlist . "\";\n";
-						$wmc_string .= "}\n";
-					}
-				}
-			}
-			$wmc_string .= "var old_mapObj = ".$target."cloneObject(".$target."mb_mapObj);\n";
-			$wmc_string .= $target . "deleteMapObj();\n";
-			$wmc_string .= "for (var i=0; i<old_mapObj.length; i++) {\n";
-			$wmc_string .= "\tif (old_mapObj[i].frameName != 'overview') {\n";
-			$wmc_string .= "\t\t" . $target . "mb_registerMapObj(old_mapObj[i].frameName, old_mapObj[i].elementName, null, " . $this->wmc_windowWidth . ", " . $this->wmc_windowHeight . ");\n"; 
-			$wmc_string .= "\t\t" . $target . "document.getElementById(old_mapObj[i].frameName).style.width = " . $this->wmc_windowWidth . ";\n";
-			$wmc_string .= "\t\t" . $target . "document.getElementById(old_mapObj[i].frameName).style.height = " . $this->wmc_windowHeight . ";\n";
-			$wmc_string .= "\t}\n";
-			$wmc_string .= "\telse {\n";
-			$wmc_string .= "\t\tvar found = false;\n";
-			$wmc_string .= "\t\tfor (var j=0; j < " . $target . "wms.length && found == false; j++) {\n";
-			$wmc_string .= "\t\t\tif (" . $target . "wms[j].wms_getmap == old_mapObj[i].wms[0].wms_getmap) {\n";
-			$wmc_string .= "\t\t\t\t" . $target . "mb_registerMapObj('overview', old_mapObj[i].elementName, j, old_mapObj[i].width,  old_mapObj[i].height);\n"; 
-			$wmc_string .= "\t\t\t\tfound = true;\n"; 
-			$wmc_string .= "\t\t\t}\n";
-			$wmc_string .= "\t\t}\n";
-			$wmc_string .= "\t\tif (!found) {\n";
-			$wmc_string .= "\t\t\t" . $target . "mb_registerMapObj('overview', old_mapObj[i].elementName, 0, old_mapObj[i].width,  old_mapObj[i].height);\n"; 
-			$wmc_string .= "\t\t}\n";
-			$wmc_string .= "\t}\n";
-			$wmc_string .= "}\n";
-			
-			$sql = "SELECT minx, miny, maxx, maxy FROM layer_epsg WHERE fkey_layer_id = $1 AND epsg = $2 LIMIT 1";
-			$v = array($this->wmc_layer_id[0], $this->wmc_bBox_SRS);
-			$t = array('i', 's');
-			$res = db_prep_query($sql, $v, $t);
-			$row = db_fetch_array($res);
-			if ($row["minx"] && $row["miny"] && $row["maxx"] && $row["maxy"]) {
-				$ov_bbox = array($row["minx"],$row["miny"],$row["maxx"],$row["maxy"]);
-			}
-			else if ($this->wmc_layer_id[0] && $this->wmc_bBox_SRS){
-				$ov_bbox = array($this->wmc_bBox_minx, $this->wmc_bBox_miny, $this->wmc_bBox_maxx, $this->wmc_bBox_maxy);
-			}
-			else {
-				$ov_bbox = array();
-			}
-			$wmc_string .= "for (var i=0; i<old_mapObj.length; i++) {\n";
-			$wmc_string .= "\tif (old_mapObj[i].frameName != 'overview') {\n";
-			$wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
-			$wmc_string .= $this->wmc_bBox_minx .",".$this->wmc_bBox_miny .",";
-			$wmc_string .= $this->wmc_bBox_maxx .",".$this->wmc_bBox_maxy.");\n";
-			$wmc_string .= "\t}\n";
-			$wmc_string .= "\telse {\n";
-			if (count($ov_bbox)>0) {
-//				$wmc_string .= "alert('found bbox for ov: ".implode(',',$ov_bbox)."');";
-				$wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
-				$wmc_string .= $ov_bbox[0] .",".$ov_bbox[1] .",";
-				$wmc_string .= $ov_bbox[2] .",".$ov_bbox[3] .");\n";
-			}
-			else {
-//				$wmc_string .= "alert('no bbox found for ov: old bbox ".$this->wmc_bBox_minx." etc');";
-				$wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
-				$wmc_string .= $this->wmc_bBox_minx .",".$this->wmc_bBox_miny .",";
-				$wmc_string .= $this->wmc_bBox_maxx .",".$this->wmc_bBox_maxy.");\n";
-//				$wmc_string .= "\t\tvar ov_index = " . $target . "getMapObjIndexByName('overview');\n";
-//				$wmc_string .= "\t\t" . $target . "mb_mapObj[ov_index].extent = old_mapObj[i].extent;\n"; 
-			}
-			$wmc_string .= "\t}\n";
-			$wmc_string .= "\t". $target . "setMapRequest(old_mapObj[i].frameName);\n";
-			$wmc_string .= "}\n";
-			$wmc_string .= $target . "mb_execloadWmsSubFunctions();\n";
-		}
-		return $wmc_string;
-	}
-} 
-// end class
-?>

Copied: branches/2.4.5/http/classes/class_wmc.php (from rev 2025, tags/2.4.4/http/classes/class_wmc.php)
===================================================================
--- branches/2.4.5/http/classes/class_wmc.php	                        (rev 0)
+++ branches/2.4.5/http/classes/class_wmc.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -0,0 +1,715 @@
+<?php
+# $Id: class_wmc.php 645 2006-12-08 12:58:39Z christoph $
+# http://www.mapbender.org/index.php/class_wmc.php
+# Copyright (C) 2002 CCGIS 
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+require_once("../../conf/mapbender.conf");
+require_once("../classes/class_wms.php");
+require_once("../classes/class_mb_exception.php");
+require_once("../classes/class_administration.php");
+
+function sepNameSpace($s){
+	$c = strpos($s,":"); 
+	if($c>0)return substr($s,$c+1);
+	return $s;
+}
+class wmc {
+
+		var $wmc_id;
+		var $wmc_version;
+		var $wmc_windowWidth;
+		var $wmc_windowHeight;
+		var $wmc_bBox_SRS;
+		var $wmc_bBox_minx;
+		var $wmc_bBox_maxx;
+		var $wmc_bBox_miny;
+		var $wmc_bBox_maxy;
+		var $wmc_name;
+		var $wmc_title;
+		var $wmc_abstract;
+		var $wmc_logourl;
+		var $wmc_logourl_format;
+		var $wmc_logourl_type;
+		var $wmc_logourl_width;
+		var $wmc_logourl_height;
+		var $wmc_descriptionurl;
+		var $wmc_descriptionurl_format;
+		var $wmc_descriptionurl_type;
+		var $wmc_keyword = array();
+		var $wmc_contactposition;
+		var $wmc_contactvoicetelephone;
+		var $wmc_contactemail;
+		var $wmc_contactfacsimiletelephone;
+		var $wmc_contactperson;
+		var $wmc_contactorganization;
+		var $wmc_contactaddresstype;
+		var $wmc_contactaddress;
+		var $wmc_contactcity;
+		var $wmc_contactstateorprovince;
+		var $wmc_contactpostcode;
+		var $wmc_contactcountry;
+					
+		var $wmc_wms_title = array();
+		var $wmc_layer_queryable = array();
+		var $wmc_layer_querylayer = array();
+		var $wmc_layer_hidden = array();
+		var $wmc_wms_id = array();
+		var $wmc_wms_service = array();
+		var $wmc_wms_version = array();
+		var $wmc_layer_id = array();
+		var $wmc_layer_title = array();
+		var $wmc_layer_name = array();
+		var $wmc_layer_abstract = array();
+		var $wmc_layer_srs = array();
+		var $wmc_wms_serviceURL = array();
+		var $wmc_layer_format_current = array();
+		var $wmc_layer_dataurl = array();
+		var $wmc_layer_metadataurl = array();
+		var $wmc_layer_minscale = array();
+		var $wmc_layer_maxscale = array();
+		var $wmc_layer_format = array();
+		var $wmc_layer_style_current = array();
+		var $wmc_layer_style_name = array();
+		var $wmc_layer_style_title = array();
+		var $wmc_layer_style_legendurl = array();
+		var $wmc_layer_style_legendurl_width = array();
+		var $wmc_layer_style_legendurl_height = array();
+		var $wmc_layer_style_legendurl_format = array();
+		var $wmc_layer_style_legendurl_type = array();
+		var $wmc_layer_style_sld_url = array();
+		var $wmc_layer_style_sld_type = array();
+		var $wmc_layer_style_sld_title = array();
+		var $wmc_wms_count = 0;
+			
+	function wmc() {	
+	} 
+	
+	function getTitle() {
+		return $this->wmc_title;
+	}
+	
+	function getNumberOfWms () {
+		return $this->wmc_wms_count;
+	}
+
+	function createObjFromWMC_id($wmc_id){
+		
+		$con = db_connect(DBSERVER,OWNER,PW);
+		db_select_db(DB, $con);
+		
+		$sql = "SELECT wmc FROM mb_user_wmc WHERE wmc_id = $1";
+		$v = array($wmc_id);
+		$t = array("s");
+		$res = db_prep_query($sql, $v, $t);
+		$wmc = db_fetch_array($res);
+		$this->createObjFromWMC_xml($wmc[0]);
+	
+	}
+
+	function createObjFromWMC_xml($data){
+		$values = NULL;
+		$tags = NULL;
+		$parser = xml_parser_create(CHARSET);
+		xml_parser_set_option($parser,XML_OPTION_CASE_FOLDING,0);
+		xml_parser_set_option($parser,XML_OPTION_SKIP_WHITE,1);
+		xml_parser_set_option($parser,XML_OPTION_TARGET_ENCODING,CHARSET);
+		xml_parse_into_struct($parser,$data,$values,$tags);
+		$code = xml_get_error_code ($parser);
+		if ($code) {
+			$line = xml_get_current_line_number($parser); 
+			$mb_exception = new mb_exception(xml_error_string($code) .  " in line " . $line);
+			return false;
+		}
+		xml_parser_free($parser);
+		
+		$section = NULL;
+		$format = NULL;
+		$cnt_format = 0;
+		$parent = array();
+		$myParent = array();
+		$cnt_layer = -1;
+		$request = NULL; 
+		$layer_style = array();
+		$cnt_style = -1;
+		$extension = false;
+		
+		$general = false;
+		$layerlist = false;
+		$layer = false;
+		$formatlist = false;
+		$metadataurl = false;
+		$dataurl = false;
+		$stylelist = false;
+		
+		foreach ($values as $element) {
+			if(strtoupper($element[tag]) == "VIEWCONTEXT" && $element[type] == "open"){
+					$this->wmc_id = $element[attributes]["id"];
+					$this->wmc_version = $element[attributes]["version"];
+			}
+			if(strtoupper($element[tag]) == "GENERAL" && $element[type] == "open"){
+			   $general = true;
+			}
+			if(strtoupper($element[tag]) == "LAYERLIST" && $element[type] == "open"){
+			   $layerlist = true;
+			}
+			if ($general) {
+				if(strtoupper($element[tag]) == "WINDOW"){
+					$this->wmc_windowWidth = $element[attributes]["width"];
+					$this->wmc_windowHeight = $element[attributes]["height"];
+				}
+				if(strtoupper($element[tag]) == "BOUNDINGBOX"){
+					$this->wmc_bBox_SRS = $element[attributes]["SRS"];
+					$this->wmc_bBox_minx = $element[attributes]["minx"];
+					$this->wmc_bBox_miny = $element[attributes]["miny"];
+					$this->wmc_bBox_maxx = $element[attributes]["maxx"];
+					$this->wmc_bBox_maxy = $element[attributes]["maxy"];
+				}
+				if(strtoupper($element[tag]) == "NAME"){
+					$this->wmc_name = $element[value];
+				}
+				if(strtoupper($element[tag]) == "TITLE"){
+					$this->wmc_title = $element[value];
+				}
+				if(strtoupper($element[tag]) == "ABSTRACT"){
+					$this->wmc_abstract = $element[value];
+				}
+				if(strtoupper($element[tag]) == "CONTACTINFORMATION" && $element['type'] == "open"){
+					$contactinformation = true;
+				}
+				if ($contactinformation) {
+					if(strtoupper($element[tag]) == "CONTACTPOSITION"){
+						$this->wmc_contactposition = $element[value];
+					}
+					if(strtoupper($element[tag]) == "CONTACTVOICETELEPHONE"){
+						$this->wmc_contactvoicetelephone = $element[value];
+					}
+					if(strtoupper($element[tag]) == "CONTACTFACSIMILETELEPHONE"){
+						$this->wmc_contactfacsimiletelephone = $element[value];
+					}
+					if(strtoupper($element[tag]) == "CONTACTELECTRONICMAILADDRESS"){
+						$this->wmc_contactemail = $element[value];
+					}
+					if(strtoupper($element[tag]) == "CONTACTPERSONPRIMARY" && $element['type'] == "open"){
+						$contactpersonprimary = true;
+					}
+					if ($contactpersonprimary) {
+						if(strtoupper($element[tag]) == "CONTACTPERSON"){
+							$this->wmc_contactperson = $element[value];
+						}
+						if(strtoupper($element[tag]) == "CONTACTORGANIZATION"){
+							$this->wmc_contactorganization = $element[value];
+						}
+						if(strtoupper($element[tag]) == "CONTACTPERSONPRIMARY" && $element['type'] == "close"){
+							$contactpersonprimary = false;
+						}
+					}
+					if(strtoupper($element[tag]) == "CONTACTADDRESS" && $element['type'] == "open"){
+						$contactaddress = true;
+					}
+					if ($contactaddress) {
+						if(strtoupper($element[tag]) == "ADDRESSTYPE"){
+							$this->wmc_contactaddresstype = $element[value];
+						}
+						if(strtoupper($element[tag]) == "ADDRESS"){
+							$this->wmc_contactaddress = $element[value];
+						}
+						if(strtoupper($element[tag]) == "CITY"){
+							$this->wmc_contactcity = $element[value];
+						}
+						if(strtoupper($element[tag]) == "STATEORPROVINCE"){
+							$this->wmc_contactstateorprovince = $element[value];
+						}
+						if(strtoupper($element[tag]) == "POSTCODE"){
+							$this->wmc_contactpostcode = $element[value];
+						}
+						if(strtoupper($element[tag]) == "COUNTRY"){
+							$this->wmc_contactcountry = $element[value];
+						}
+						if(strtoupper($element[tag]) == "CONTACTADDRESS" && $element['type'] == "close"){
+							$contactaddress = false;
+						}
+					}
+				}
+				if(strtoupper($element[tag]) == "LOGOURL" && $element['type'] == "open"){
+					$logourl = true;
+					$this->wmc_logourl_width = $element[attributes]["width"];
+					$this->wmc_logourl_height = $element[attributes]["height"];
+					$this->wmc_logourl_format = $element[attributes]["format"];
+				}
+				if ($logourl) {
+					if(strtoupper($element[tag]) == "LOGOURL" && $element['type'] == "close"){
+						$logourl = false;
+					}
+					if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+						$this->wmc_logourl_type = $element[attributes]["xlink:type"];
+						$this->wmc_logourl = $element[attributes]["xlink:href"];
+					}
+				}
+				if(strtoupper($element[tag]) == "DESCRIPTIONURL" && $element['type'] == "open"){
+					$descriptionurl = true;
+					$this->wmc_descriptionurl_format = $element[attributes]["format"];
+				}
+				if ($descriptionurl) {
+					if(strtoupper($element[tag]) == "DESCRIPTIONURL" && $element['type'] == "close"){
+						$descriptionurl = false;
+					}
+					if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+						$this->wmc_descriptionurl_type = $element[attributes]["xlink:type"];
+						$this->wmc_descriptionurl = $element[attributes]["xlink:href"];
+					}
+				}
+				if(strtoupper($element[tag]) == "KEYWORDLIST" && $element['type'] == "open"){
+					$keywordlist = true;
+				}
+				if ($keywordlist) {
+					if(strtoupper($element[tag]) == "KEYWORDLIST" && $element['type'] == "close"){
+						$keywordlist = false;
+						$cnt_keyword = -1;
+					}
+					if(strtoupper($element[tag]) == "KEYWORD"){
+						$cnt_keyword++;
+						$this->wmc_keyword[$cnt_keyword] = $element[value];
+					}
+				}
+						
+				if(strtoupper($element[tag]) == "GENERAL" && $element['type'] == "close"){
+		   			$general = false;
+			 	}
+			}
+			if ($layerlist) {
+				if(strtoupper($element[tag]) == "LAYERLIST" && $element['type'] == "close"){
+				   $layerlist = false;
+				}
+				if(strtoupper($element[tag]) == "LAYER" && $element[type] == "open"){
+					 $cnt_layer++;
+					 $this->wmc_layer_queryable[$cnt_layer] = $element[attributes]["queryable"];
+					 $this->wmc_layer_hidden[$cnt_layer] = $element[attributes]["hidden"];
+					 $layer = true;
+      		 		 $cnt_epsg = 0;
+				}
+				if ($layer) {
+					if(strtoupper($element[tag]) == "LAYER" && $element[type] == "close"){
+						$layer = false;
+					}
+					 if ($formatlist) {
+						 if(strtoupper($element[tag]) == "FORMAT"){
+						 	$cnt_format++;
+						 	$this->wmc_layer_format_current[$cnt_layer][$cnt_format] = $element[attributes]["current"];
+						 	$this->wmc_layer_format[$cnt_layer][$cnt_format] = $element[value];
+						 }
+						 if(strtoupper($element[tag]) == "FORMATLIST" && $element[type] == "close"){
+							 $formatlist = false;
+						 }
+					 }
+					 elseif ($metadataurl) {
+						 if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+							$this->wmc_layer_metadataurl[$cnt_layer] = $element[attributes]["xlink:href"];
+						 }
+						 if(strtoupper($element[tag]) == "METADATAURL" && $element[type] == "close"){
+							$metadataurl = false;
+						 }
+					 }
+					 elseif ($dataurl) {
+						 if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+						 	$this->wmc_layer_dataurl[$cnt_layer] = $element[attributes]["xlink:href"];
+						 }
+						 if(strtoupper($element[tag]) == "DATAURL" && $element[type] == "close"){
+							 $dataurl = false;
+						 }
+					 }
+					 elseif ($stylelist) {
+						 if(strtoupper($element[tag]) == "STYLE" && $element[type] == "open"){
+						 	$cnt_style++;
+						 	$style = true;
+						 	$this->wmc_layer_style_current[$cnt_layer][$cnt_style] = $element[attributes]["current"];
+						 }
+						 if ($style) {
+							 if(strtoupper($element[tag]) == "STYLE" && $element[type] == "close"){
+							 	$style = false;
+							 }
+							 if(strtoupper($element[tag]) == "SLD" && $element[type] == "open"){
+							 	$sld = true;
+							 }
+							 if ($sld) {
+								 if(strtoupper($element[tag]) == "SLD" && $element[type] == "close"){
+								 	$sld = false;
+								 }
+								 if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+								 	$this->wmc_layer_style_sld_type[$cnt_layer][$cnt_style] = $element[attributes]["xlink:type"];
+								 	$this->wmc_layer_style_sld_url[$cnt_layer][$cnt_style] = $element[attributes]["xlink:href"];
+								 }
+								 if(strtoupper($element[tag]) == "TITLE"){
+								 	$this->wmc_layer_style_sld_title[$cnt_layer][$cnt_style] = $element[value];
+								 }
+							 }
+							 else {
+								 if(strtoupper($element[tag]) == "NAME"){
+								 	$this->wmc_layer_style_name[$cnt_layer][$cnt_style] = $element[value];
+								 }
+								 if(strtoupper($element[tag]) == "TITLE"){
+								 	$this->wmc_layer_style_title[$cnt_layer][$cnt_style] = $element[value];
+								 }
+								 if(strtoupper($element[tag]) == "LEGENDURL" && $element[type] == "open"){
+								 	$legendurl = true;
+								 	$this->wmc_layer_style_legendurl_width[$cnt_layer][$cnt_style] = $element[attributes]["width"];
+								 	$this->wmc_layer_style_legendurl_height[$cnt_layer][$cnt_style] = $element[attributes]["height"];
+								 	$this->wmc_layer_style_legendurl_format[$cnt_layer][$cnt_style] = $element[attributes]["format"];
+								 }
+								 if ($legendurl) {
+									 if(strtoupper($element[tag]) == "LEGENDURL" && $element[type] == "close"){
+									 	$legendurl = false;
+									 }
+									 if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+									 	$this->wmc_layer_style_legendurl_type[$cnt_layer][$cnt_style] = $element[attributes]["xlink:type"];
+									 	$this->wmc_layer_style_legendurl[$cnt_layer][$cnt_style] = $element[attributes]["xlink:href"];
+									 }
+								 }
+							 }
+						 }
+						 if(strtoupper($element[tag]) == "STYLELIST" && $element[type] == "close"){
+							 $stylelist = false;
+						 }
+					 }
+					 else {
+						 if(strtoupper($element[tag]) == "SERVER" && $element[type] == "open"){
+						 	 $server = true;
+						 	 $this->wmc_wms_service[$cnt_layer] = $element[attributes]["service"];
+						 	 $this->wmc_wms_version[$cnt_layer] = $element[attributes]["version"];
+						 	 $this->wmc_wms_title[$cnt_layer] = $element[attributes]["title"];
+						 }
+						 if ($server) {
+							 if(strtoupper($element[tag]) == "SERVER" && $element[type] == "close"){
+							 	 $server = false;
+							 }
+							 if(strtoupper($element[tag]) == "ONLINERESOURCE"){
+						 		 $this->wmc_wms_serviceURL[$cnt_layer] = $element[attributes]["xlink:href"];
+							 }
+						 }
+						 if(strtoupper($element[tag]) == "NAME"){
+					 		 $this->wmc_layer_name[$cnt_layer] = $element[value];
+						 }
+						 if(strtoupper($element[tag]) == "TITLE"){
+					 		 $this->wmc_layer_title[$cnt_layer] = $element[value];
+						 }
+						 if(strtoupper($element[tag]) == "ABSTRACT"){
+					 		 $this->wmc_layer_abstract[$cnt_layer] = $element[value];
+						 }
+						 if(strtoupper($element[tag]) == "SRS"){
+							 $epsgArray = explode(" ", $element[value]);						 	
+					 		 
+					 		 for ($c = 0 ; $c < count($epsgArray) ; $c ++) {
+						 		 $this->wmc_layer_srs[$cnt_layer][$cnt_epsg] = $epsgArray[$c];
+								 $cnt_epsg++;
+					 		 }
+						 }
+						 if (strtoupper($element[tag]) == "EXTENSION" && $element[type] == "open") {
+						 	$extension = true;
+						 }
+						 if (strtoupper($element[tag]) == "EXTENSION" && $element[type] == "close") {
+						 	$extension = false;
+						 }
+						 if($extension == true && strtoupper(sepNameSpace($element[tag])) == "SCALEHINT"){
+					 		 $this->wmc_layer_minscale[$cnt_layer] = $element[attributes]["min"];
+					 		 $this->wmc_layer_maxscale[$cnt_layer] = $element[attributes]["max"];
+						 }
+						 if($extension == true && strtoupper(sepNameSpace($element[tag])) == "LAYER_ID"){
+					 		 $this->wmc_layer_id[$cnt_layer] = $element[value];
+						 }
+						 if($extension == true && strtoupper(sepNameSpace($element[tag])) == "WMS_ID"){
+					 		 $this->wmc_wms_id[$cnt_layer] = $element[value];
+						 }
+						 if($extension == true && strtoupper(sepNameSpace($element[tag])) == "QUERYLAYER"){
+					 		 $this->wmc_layer_querylayer[$cnt_layer] = $element[value];
+						 }
+						 if(strtoupper(sepNameSpace($element[tag])) == "METADATAURL" && $element[type] == "open"){
+							 $metadataurl = true;
+						 }
+						 if(strtoupper(sepNameSpace($element[tag])) == "DATAURL" && $element[type] == "open"){
+							 $dataurl = true;
+						 }
+						 if(strtoupper(sepNameSpace($element[tag])) == "FORMATLIST" && $element[type] == "open"){
+							 $formatlist = true;
+							 $cnt_format = -1;
+						 }
+						 if(strtoupper(sepNameSpace($element[tag])) == "STYLELIST" && $element[type] == "open"){
+							 $stylelist = true;
+							 $cnt_style = -1;
+						 }
+					 }
+				}
+			}
+		}
+		return true;
+	}
+
+	function createJsObjFromWMC($target, $mapObj, $action){
+		$wmc_string = "";
+		$validActions = array("load", "merge", "append");
+		if (!in_array($action, $validActions)) {
+			$wmc_string .= "alert('invalid action: ".$action."');";			
+		}
+		else {
+			$wmc_string .= "var index = " . $target . "getMapObjIndexByName('" . $mapObj . "');\n";
+			if ($action == "load") {
+				// delete all previous wms
+				$wmc_string .= "while(" . $target . "mb_mapObj[index].wms.length > 0){" . $target . "mb_mapObjremoveWMS(index,0);}";
+				$wmc_string .= $target . "deleteWmsObject();\n";
+			}
+			if ($action == "merge") {
+				$wmc_string .= "var wms_exists = false;\n";				// true if this wms exists in the mapObj
+				$wmc_string .= "var current_wms_index = null;\n";		// if wms_exists: index of the wms in the map obj; else: null
+				$wmc_string .= "var layer_exists = false;\n";			// true if this layer exists in an existing wms of the mapObj
+				$wmc_string .= "var current_layer_index = null;\n";		// if layer_exists: index of the layer of the wms in the mapObj; else: null
+			}
+			$new_wms = "";
+			$cnt_wms = -1;
+			$added_wms = array();
+			
+			// for all layers in wmc, find individual wms...
+			for ($i = 0; $i < count($this->wmc_layer_title); $i++) {
+				$current_wms = $this->wmc_wms_serviceURL[$i];
+				// ...this is something like 'for every wms'
+				if (!in_array($current_wms , $added_wms)) {
+					$layerlist = "";
+					$querylayerlist = "";
+					$srs_array = array();
+		
+					if ($action == "merge") {
+						$wmc_string .= "wms_exists = false;\n";
+						$wmc_string .= "current_wms_index = null;\n";
+						$wmc_string .= "for (var m=0; m < " . $target . "mb_mapObj[index].wms.length; m++) {\n";
+						$wmc_string .= "\tif ('" . $this->wmc_wms_serviceURL[$i] . "' ==  " . $target . "mb_mapObj[index].wms[m].wms_getmap) {\n";
+						$wmc_string .= "\t\twms_exists = true;\n";
+						$wmc_string .= "\t\tcurrent_wms_index = m;\n";
+						$wmc_string .= "\t}\n";
+						$wmc_string .= "}\n";
+						$wmc_string .= "if (!wms_exists) {\n";
+					}				
+					 
+					$mywms = new wms();
+			
+			  		if(!$this->wmc_layer_title[$i] || $this->wmc_layer_title[$i] == ""){
+						echo "alert('Error: no valid capabilities-document !!');\n";
+						die; exit;
+					}
+
+					for($j=0;$j<count($this->wmc_layer_format[$i]);$j++){
+						if ($this->wmc_layer_format_current[$i][$j] == 1) {
+							$wms_data_format = $this->wmc_layer_format[$i][$j];
+						}
+					}
+					// add wms
+					$wmc_string .= "\t" . $target . "add_wms('','".
+						$this->wmc_wms_version[$i] ."','".
+						$this->wmc_wms_title[$i] ."','".
+						$this->wmc_layer_abstract[$i] ."','".
+						$this->wmc_wms_serviceURL[$i] ."','" .
+						$this->wmc_wms_serviceURL[$i] ."','" .
+						$this->wmc_layer_style_legendurl[$i][0] ."','','". 
+						$wms_data_format ."','text/html','application/vnd.ogc.se_xml','". 
+						$this->wmc_bBox_SRS ."','1');\n";
+		
+					$added_wms[count($added_wms)] = $current_wms;
+					$cnt_wms++;
+					$cnt_layers = 0;
+					$cnt_query_layers = 0;
+					if ($action == "merge") {
+						$wmc_string .= "}\n";
+					}
+	
+					// add epsg
+					$wmc_string .= $target . "wms_addSRS('". 
+						$this->wmc_bBox_SRS ."','". 
+						$this->wmc_bBox_minx ."','". 
+						$this->wmc_bBox_miny ."','". 
+						$this->wmc_bBox_maxx ."','". 
+						$this->wmc_bBox_maxy ."','". 
+						"');\n";
+
+					// for each layer...
+					for ($ii = 0; $ii < count($this->wmc_layer_title); $ii++) {
+						$layer_wms = $this->wmc_wms_serviceURL[$ii];
+						// ... of this wms
+						if ($current_wms == $layer_wms) {
+							
+							// add format (FIXME: is this working?)
+							$z = count($this->wmc_layer_format[$ii]);
+							for($j=0;$j<$z;$j++){
+								$wmc_string .= $target . "wms_add_data_type_format('map','". $this->wmc_layer_format[$ii][$j] ."');\n";
+							}
+							
+							if ($cnt_layers == 0) {
+								if ($action == "merge") {
+									$wmc_string .= "if (!wms_exists) {\n\t";
+								} 
+								// add parent layer
+								$wmc_string .= $target . "wms_add_layer('','".$this->wmc_layer_id[$i]."','','". $this->wmc_wms_title[$i] ."','','0','0','0','0','','".$this->wmc_wms_id[$i]."','1','1','1','0','0','0','0');\n";
+								if ($action == "merge") {
+									$wmc_string .= "}\n";
+								} 
+							}
+	
+							$cnt_layers++;
+							
+							if ($action == "merge") {
+								$wmc_string .= "if (wms_exists) {\n";
+								
+								// check if this layer already exists in this wms
+								$wmc_string .= "\tlayer_exists = false;\n";
+								$wmc_string .= "\tcurrent_layer_index = null;\n";
+								$wmc_string .= "\tfor (var m=0; m < " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer.length; m++) {\n";
+								$wmc_string .= "\t\tif ('" . $this->wmc_layer_name[$ii] . "' ==  " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[m].layer_name) {\n";
+								$wmc_string .= "\t\t\tlayer_exists = true;\n";
+								$wmc_string .= "\t\t\tcurrent_layer_index = m;\n";
+								$wmc_string .= "\t\t}\n";
+								$wmc_string .= "\t}\n"; 
+		
+								$wmc_string .= "\tif (layer_exists) {\n";
+								// check if the visibility or the queryability are different to the existing layer
+								$wmc_string .= "\t\tif (" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_visible != '" . intval(!$this->wmc_layer_hidden[$ii]) . "'";
+								$wmc_string .= " || " . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_querylayer != '" . $this->wmc_layer_queryable[$ii] . "') {\n";
+		
+								// if yes, update the visibility and queryability
+								$wmc_string .= "\t\t\t" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_visible = " . intval(!$this->wmc_layer_hidden[$ii]) . ";\n"; 
+								$wmc_string .= "\t\t\t" . $target . "mb_mapObj[index].wms[current_wms_index].objLayer[current_layer_index].gui_layer_querylayer = " . $this->wmc_layer_queryable[$ii] . ";\n"; 
+								$wmc_string .= "\t\t}\n";
+								$wmc_string .= "\t}\n"; 
+								$wmc_string .= "}\n"; 
+								$wmc_string .= "\telse {\n";
+							} 
+
+							// add layer
+							$wmc_string .= "\t" . $target . "wms_add_layer('0','". 
+								$this->wmc_layer_id[$ii] . "','". 
+								$this->wmc_layer_name[$ii] . "','". 
+								$this->wmc_layer_title[$ii] ."','". 
+								$this->wmc_layer_dataurl[$ii] . "','". 
+								intval($cnt_layers) ."','". 
+								$this->wmc_layer_queryable[$ii] ."','".
+								$this->wmc_layer_minscale[$ii]  ."','". 
+								$this->wmc_layer_maxscale[$ii]  ."','". 
+								$this->wmc_layer_metadataurl[$ii] ."','". 
+								$this->wmc_wms_id[$ii] ."','1','1','". 
+								intval(!$this->wmc_layer_hidden[$ii]) ."','". 
+								$this->wmc_layer_queryable[$ii] ."','". 
+								$this->wmc_layer_querylayer[$ii] ."','".
+								$this->wmc_layer_minscale[$ii]  ."','". 
+								$this->wmc_layer_maxscale[$ii]  ."');\n";
+	
+							if ($action == "merge") {
+								$wmc_string .= "\t}\n";
+							} 
+												
+							// if layer is queryable, add it to querylayerlist
+							if ($this->wmc_layer_queryable[$ii]) {
+								$cnt_query_layers++;
+								if (!in_array($this->wmc_layer_name[$ii], explode(",",$querylayerlist))) {
+									if ($querylayerlist == "") {$querylayerlist = $this->wmc_layer_name[$ii];} else {$querylayerlist .= "," . $this->wmc_layer_name[$ii];} 
+								}
+							}
+							// if layer is visible, add it to layerlist 
+							if (intval(!$this->wmc_layer_hidden[$ii]) && !in_array($this->wmc_layer_name[$ii], explode(",",$layerlist))) {
+								if ($layerlist == "") {$layerlist = $this->wmc_layer_name[$ii];} else {$layerlist .= "," . $this->wmc_layer_name[$ii];}
+							}
+	
+							// add layer style (FIXME: is this working?)
+							for($j=0; $j<count($this->wmc_layer_style_name[$ii]);$j++){
+								$wmc_string .= $target . "wms_addLayerStyle('".$this->wmc_layer_style_name[$ii][$j] ."','".$this->wmc_layer_style_title[$ii][$j] ."','".$j."','".$cnt_layers."', '" . $this->wmc_layer_style_legendurl[$ii][$j] . "', '" . $this->wmc_layer_style_legendurl_format[$ii][$j] . "');\n";
+							}
+						}
+					}
+					// add wms to mapObj with all layers and querylayers
+					if ($action == "merge") {
+						$wmc_string .= "if (!wms_exists) {\n";
+					} 
+					$wmc_string .= $target. "mb_mapObjaddWMSwithLayers('" . $mapObj . "', '" . $layerlist . "', '" . $querylayerlist . "');\n";
+					if ($action == "merge") {
+						$wmc_string .= "}\n";
+						$wmc_string .= "else {\n";
+						$wmc_string .= $target. "mb_mapObj[index].layers[current_wms_index] = \"" . $layerlist . "\";\n";
+						$wmc_string .= $target. "mb_mapObj[index].querylayers[current_wms_index] = \"" . $querylayerlist . "\";\n";
+						$wmc_string .= "}\n";
+					}
+				}
+			}
+			$wmc_string .= "var old_mapObj = ".$target."cloneObject(".$target."mb_mapObj);\n";
+			$wmc_string .= $target . "deleteMapObj();\n";
+			$wmc_string .= "for (var i=0; i<old_mapObj.length; i++) {\n";
+			$wmc_string .= "\tif (old_mapObj[i].frameName != 'overview') {\n";
+			$wmc_string .= "\t\t" . $target . "mb_registerMapObj(old_mapObj[i].frameName, old_mapObj[i].elementName, null, " . $this->wmc_windowWidth . ", " . $this->wmc_windowHeight . ");\n"; 
+			$wmc_string .= "\t\t" . $target . "document.getElementById(old_mapObj[i].frameName).style.width = " . $this->wmc_windowWidth . ";\n";
+			$wmc_string .= "\t\t" . $target . "document.getElementById(old_mapObj[i].frameName).style.height = " . $this->wmc_windowHeight . ";\n";
+			$wmc_string .= "\t}\n";
+			$wmc_string .= "\telse {\n";
+			$wmc_string .= "\t\tvar found = false;\n";
+			$wmc_string .= "\t\tfor (var j=0; j < " . $target . "wms.length && found == false; j++) {\n";
+			$wmc_string .= "\t\t\tif (" . $target . "wms[j].wms_getmap == old_mapObj[i].wms[0].wms_getmap) {\n";
+			$wmc_string .= "\t\t\t\t" . $target . "mb_registerMapObj('overview', old_mapObj[i].elementName, j, old_mapObj[i].width,  old_mapObj[i].height);\n"; 
+			$wmc_string .= "\t\t\t\tfound = true;\n"; 
+			$wmc_string .= "\t\t\t}\n";
+			$wmc_string .= "\t\t}\n";
+			$wmc_string .= "\t\tif (!found) {\n";
+			$wmc_string .= "\t\t\t" . $target . "mb_registerMapObj('overview', old_mapObj[i].elementName, 0, old_mapObj[i].width,  old_mapObj[i].height);\n"; 
+			$wmc_string .= "\t\t}\n";
+			$wmc_string .= "\t}\n";
+			$wmc_string .= "}\n";
+			
+			$sql = "SELECT minx, miny, maxx, maxy FROM layer_epsg WHERE fkey_layer_id = $1 AND epsg = $2 LIMIT 1";
+			$v = array($this->wmc_layer_id[0], $this->wmc_bBox_SRS);
+			$t = array('i', 's');
+			$res = db_prep_query($sql, $v, $t);
+			$row = db_fetch_array($res);
+			if ($row["minx"] && $row["miny"] && $row["maxx"] && $row["maxy"]) {
+				$ov_bbox = array($row["minx"],$row["miny"],$row["maxx"],$row["maxy"]);
+			}
+			else if ($this->wmc_layer_id[0] && $this->wmc_bBox_SRS){
+				$ov_bbox = array($this->wmc_bBox_minx, $this->wmc_bBox_miny, $this->wmc_bBox_maxx, $this->wmc_bBox_maxy);
+			}
+			else {
+				$ov_bbox = array();
+			}
+			$wmc_string .= "for (var i=0; i<old_mapObj.length; i++) {\n";
+			$wmc_string .= "\tif (old_mapObj[i].frameName != 'overview') {\n";
+			$wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
+			$wmc_string .= $this->wmc_bBox_minx .",".$this->wmc_bBox_miny .",";
+			$wmc_string .= $this->wmc_bBox_maxx .",".$this->wmc_bBox_maxy.");\n";
+			$wmc_string .= "\t}\n";
+			$wmc_string .= "\telse {\n";
+			if (count($ov_bbox)>0) {
+//				$wmc_string .= "alert('found bbox for ov: ".implode(',',$ov_bbox)."');";
+				$wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
+				$wmc_string .= $ov_bbox[0] .",".$ov_bbox[1] .",";
+				$wmc_string .= $ov_bbox[2] .",".$ov_bbox[3] .");\n";
+			}
+			else {
+//				$wmc_string .= "alert('no bbox found for ov: old bbox ".$this->wmc_bBox_minx." etc');";
+				$wmc_string .= "\t\t".$target."mb_calculateExtent(old_mapObj[i].frameName, ";
+				$wmc_string .= $this->wmc_bBox_minx .",".$this->wmc_bBox_miny .",";
+				$wmc_string .= $this->wmc_bBox_maxx .",".$this->wmc_bBox_maxy.");\n";
+//				$wmc_string .= "\t\tvar ov_index = " . $target . "getMapObjIndexByName('overview');\n";
+//				$wmc_string .= "\t\t" . $target . "mb_mapObj[ov_index].extent = old_mapObj[i].extent;\n"; 
+			}
+			$wmc_string .= "\t}\n";
+			$wmc_string .= "\t". $target . "setMapRequest(old_mapObj[i].frameName);\n";
+			$wmc_string .= "}\n";
+			$wmc_string .= $target . "mb_execloadWmsSubFunctions();\n";
+		}
+		return $wmc_string;
+	}
+} 
+// end class
+?>

Modified: branches/2.4.5/http/classes/class_wms.php
===================================================================
--- tags/2.4.4/http/classes/class_wms.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/classes/class_wms.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -94,7 +94,7 @@
 		xml_parser_set_option($parser,XML_OPTION_CASE_FOLDING,0);
 		xml_parser_set_option($parser,XML_OPTION_SKIP_WHITE,1);
 		xml_parser_set_option($parser,XML_OPTION_TARGET_ENCODING,CHARSET);
-		xml_parse_into_struct($parser,$this->wms_getcapabilities_doc,$values,$tags);
+		xml_parse_into_struct($parser,$data,$values,$tags);
 
 		$code = xml_get_error_code($parser);
 		if ($code) {
@@ -1340,7 +1340,12 @@
 		while($row = db_fetch_array($res)){	
 			unset($mySubmit);
 			$myGUI[$cnt] = $row["fkey_gui_id"];
-			$sql = "UPDATE gui_wms SET ";		
+			
+			$sql = "UPDATE gui_wms SET ";
+			$v = array();
+			$t = array();
+			$paramCount = 0;		
+
 			for($i=0; $i<count($this->data_type); $i++){
 				# gui_wms_mapformat
 				if(strtolower($this->data_type[$i]) == "map" && strtolower($this->data_format[$i]) == strtolower($row["gui_wms_mapformat"])){
@@ -1356,17 +1361,26 @@
 				}
 			}
 			if(!$myMapFormat){
-				$sql .= "gui_wms_mapformat = '".$this->gui_wms_mapformat."' ";
+				$paramCount++;
+				$sql .= "gui_wms_mapformat = $" . $paramCount . " ";
 				$mySubmit = true;
+				array_push($v, $this->gui_wms_mapformat);
+				array_push($t, "s");
 			}
 			if(!$myFeatureInfoFormat){
 				if($mySubmit){ $sql .= ",";}
-				$sql .= "gui_wms_featureinfoformat = '".$this->gui_wms_featureinfoformat."' ";
+				$paramCount++;
+				$sql .= "gui_wms_featureinfoformat = $" . $paramCount . " ";
+				array_push($v, $this->gui_wms_featureinfoformat);
+				array_push($t, "s");
 				$mySubmit = true;
 			}
 			if(!$myExceptionFormat){
 				if($mySubmit){ $sql .= ",";}
-				$sql .= "gui_wms_exceptionformat = '".$this->gui_wms_exceptionformat."' ";
+				$paramCount++;
+				$sql .= "gui_wms_exceptionformat = $" . $paramCount ." ";
+				array_push($v, $this->gui_wms_exceptionformat);
+				array_push($t, "s");
 				$mySubmit = true;
 			}
 				
@@ -1378,12 +1392,30 @@
 			}
 			if(!$myGUI_EPSG){
 				if($mySubmit){ $sql .= ",";}
-				$sql .= "gui_wms_epsg = '".$this->gui_wms_epsg."' ";
+				$paramCount++;
+				$sql .= "gui_wms_epsg = $" . $paramCount . " ";
+				array_push($v, $this->gui_wms_epsg);
+				array_push($t, "s");
 				$mySubmit = true;
 			}
-			$sql .= " WHERE fkey_gui_id = '".$row["fkey_gui_id"]."' AND fkey_wms_id = " . $myWMS;
+			$paramCount++;
+			$sql .= " WHERE fkey_gui_id = $" . $paramCount . " ";
+			array_push($v, $row["fkey_gui_id"]);
+			array_push($t, "s");
+
+			$paramCount++;
+			$sql .= "AND fkey_wms_id = $" . $paramCount;
+			array_push($v, $myWMS);
+			array_push($t, "i");
 			if($mySubmit){
-				$this->transaction($sql);
+				$res = db_prep_query($sql,$v,$t);
+				if(!$res){
+					db_rollback();	
+					echo "<pre>".$sql."</pre><br> <br><p>";
+				 	echo db_error(); 
+				 	echo "<br /> UPDATE ERROR -> KILL PROCESS AND ROLLBACK....................no update<br><br>";
+					$e = new mb_exception("class_wms.php: transaction: Transaction aborted, rollback.");
+				}
 			}
 			$cnt++;
 		}	
@@ -1399,26 +1431,7 @@
 	function getCapabilitiesDoc() {
 		return $this->wms_getcapabilities_doc;
 	}
-	function transaction($sql){
-		#echo "<hr>". $sql;
-		$ok = db_query($sql);
-		if(!$ok){
-			echo "<pre>".$sql."</pre><br> <br><p>";
-			$error = db_error();
-			$sql = "ROLLBACK";
-			$res = db_query($sql);
-			if(SYS_DBTYPE=="pgsql")
-				{
-					$sql = "SET AUTOCOMMIT=0";
-				}
-				else
-				{
-				 	$sql = "SET AUTOCOMMIT=1";
-				}
-		 	echo $error; 
-		 	echo "<br /> UPDATE ERROR -> KILL PROCESS AND ROLLBACK....................no update<br><br>";
-			}
-	}
+
 	/**
 	* creatObjfromDB
 	*

Modified: branches/2.4.5/http/extensions/wz_jsgraphics.js
===================================================================
--- tags/2.4.4/http/extensions/wz_jsgraphics.js	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/extensions/wz_jsgraphics.js	2008-02-13 08:21:37 UTC (rev 2082)
@@ -1,211 +1,1107 @@
-var jg_ihtm,jg_ie,jg_fast,jg_dom,jg_moz,jg_n4=(document.layers&&typeof document.classes!="undefined");function chkDHTM(x,i)
-{x=document.body||null;jg_ie=x&&typeof x.insertAdjacentHTML!="undefined";jg_dom=(x&&!jg_ie&&typeof x.appendChild!="undefined"&&typeof document.createRange!="undefined"&&typeof(i=document.createRange()).setStartBefore!="undefined"&&typeof i.createContextualFragment!="undefined");jg_ihtm=!jg_ie&&!jg_dom&&x&&typeof x.innerHTML!="undefined";jg_fast=jg_ie&&document.all&&!window.opera;jg_moz=jg_dom&&typeof x.style.MozOpacity!="undefined";}
-function pntDoc()
-{this.wnd.document.write(jg_fast?this.htmRpc():this.htm);this.htm='';}
-function pntCnvDom()
-{var x=document.createRange();x.setStartBefore(this.cnv);x=x.createContextualFragment(jg_fast?this.htmRpc():this.htm);this.cnv.appendChild(x);this.htm='';}
-function pntCnvIe()
-{this.cnv.insertAdjacentHTML("BeforeEnd",jg_fast?this.htmRpc():this.htm);this.htm='';}
-function pntCnvIhtm()
-{this.cnv.innerHTML+=this.htm;this.htm='';}
-function pntCnv()
-{this.htm='';}
-function mkDiv(x,y,w,h)
-{this.htm+='<div style="position:absolute;'+'left:'+x+'px;'+'top:'+y+'px;'+'width:'+w+'px;'+'height:'+h+'px;';if(ie){this.htm+='-opacity:'+cw_opacity+';'+'-khtml-opacity:'+cw_opacity+';'+'filter: alpha(opacity='+(cw_opacity*100)+');';}
-this.htm+='clip:rect(0,'+w+'px,'+h+'px,0);'+'background-color:'+this.color+
-(!jg_moz?';overflow:hidden':'')+';"><\/div>';}
-function mkDivIe(x,y,w,h)
-{this.htm+='%%'+this.color+';'+x+';'+y+';'+w+';'+h+';';}
-function mkDivPrt(x,y,w,h)
-{this.htm+='<div style="position:absolute;'+'border-left:'+w+'px solid '+this.color+';'+'left:'+x+'px;'+'top:'+y+'px;'+'width:0px;'+'height:'+h+'px;'+'clip:rect(0,'+w+'px,'+h+'px,0);'+'background-color:'+this.color+
-(!jg_moz?';overflow:hidden':'')+';"><\/div>';}
-function mkLyr(x,y,w,h)
-{this.htm+='<layer '+'left="'+x+'" '+'top="'+y+'" '+'width="'+w+'" '+'height="'+h+'" '+'bgcolor="'+this.color+'"><\/layer>\n';}
-var regex=/%%([^;]+);([^;]+);([^;]+);([^;]+);([^;]+);/g;function htmRpc()
-{return this.htm.replace(regex,'<div style="overflow:hidden;position:absolute;background-color:'+'$1;left:$2;top:$3;width:$4;height:$5"></div>\n');}
-function htmPrtRpc()
-{return this.htm.replace(regex,'<div style="overflow:hidden;position:absolute;background-color:'+'$1;left:$2;top:$3;width:$4;height:$5;border-left:$4px solid $1"></div>\n');}
-function mkLin(x1,y1,x2,y2)
-{if(x1>x2)
-{var _x2=x2;var _y2=y2;x2=x1;y2=y1;x1=_x2;y1=_y2;}
-var dx=x2-x1,dy=Math.abs(y2-y1),x=x1,y=y1,yIncr=(y1>y2)?-1:1;if(dx>=dy)
-{var pr=dy<<1,pru=pr-(dx<<1),p=pr-dx,ox=x;while((dx--)>0)
-{++x;if(p>0)
-{this.mkDiv(ox,y,x-ox,1);y+=yIncr;p+=pru;ox=x;}
-else p+=pr;}
-this.mkDiv(ox,y,x2-ox+1,1);}
-else
-{var pr=dx<<1,pru=pr-(dy<<1),p=pr-dy,oy=y;if(y2<=y1)
-{while((dy--)>0)
-{if(p>0)
-{this.mkDiv(x++,y,1,oy-y+1);y+=yIncr;p+=pru;oy=y;}
-else
-{y+=yIncr;p+=pr;}}
-this.mkDiv(x2,y2,1,oy-y2+1);}
-else
-{while((dy--)>0)
-{y+=yIncr;if(p>0)
-{this.mkDiv(x++,oy,1,y-oy);p+=pru;oy=y;}
-else p+=pr;}
-this.mkDiv(x2,oy,1,y2-oy+1);}}}
-function mkLin2D(x1,y1,x2,y2)
-{if(x1>x2)
-{var _x2=x2;var _y2=y2;x2=x1;y2=y1;x1=_x2;y1=_y2;}
-var dx=x2-x1,dy=Math.abs(y2-y1),x=x1,y=y1,yIncr=(y1>y2)?-1:1;var s=this.stroke;if(dx>=dy)
-{if(s-3>0)
-{var _s=(s*dx*Math.sqrt(1+dy*dy/(dx*dx))-dx-(s>>1)*dy)/dx;_s=(!(s-4)?Math.ceil(_s):Math.round(_s))+1;}
-else var _s=s;var ad=Math.ceil(s/2);var pr=dy<<1,pru=pr-(dx<<1),p=pr-dx,ox=x;while((dx--)>0)
-{++x;if(p>0)
-{this.mkDiv(ox,y,x-ox+ad,_s);y+=yIncr;p+=pru;ox=x;}
-else p+=pr;}
-this.mkDiv(ox,y,x2-ox+ad+1,_s);}
-else
-{if(s-3>0)
-{var _s=(s*dy*Math.sqrt(1+dx*dx/(dy*dy))-(s>>1)*dx-dy)/dy;_s=(!(s-4)?Math.ceil(_s):Math.round(_s))+1;}
-else var _s=s;var ad=Math.round(s/2);var pr=dx<<1,pru=pr-(dy<<1),p=pr-dy,oy=y;if(y2<=y1)
-{++ad;while((dy--)>0)
-{if(p>0)
-{this.mkDiv(x++,y,_s,oy-y+ad);y+=yIncr;p+=pru;oy=y;}
-else
-{y+=yIncr;p+=pr;}}
-this.mkDiv(x2,y2,_s,oy-y2+ad);}
-else
-{while((dy--)>0)
-{y+=yIncr;if(p>0)
-{this.mkDiv(x++,oy,_s,y-oy+ad);p+=pru;oy=y;}
-else p+=pr;}
-this.mkDiv(x2,oy,_s,y2-oy+ad+1);}}}
-function mkLinDott(x1,y1,x2,y2)
-{if(x1>x2)
-{var _x2=x2;var _y2=y2;x2=x1;y2=y1;x1=_x2;y1=_y2;}
-var dx=x2-x1,dy=Math.abs(y2-y1),x=x1,y=y1,yIncr=(y1>y2)?-1:1,drw=true;if(dx>=dy)
-{var pr=dy<<1,pru=pr-(dx<<1),p=pr-dx;while((dx--)>0)
-{if(drw)this.mkDiv(x,y,1,1);drw=!drw;if(p>0)
-{y+=yIncr;p+=pru;}
-else p+=pr;++x;}
-if(drw)this.mkDiv(x,y,1,1);}
-else
-{var pr=dx<<1,pru=pr-(dy<<1),p=pr-dy;while((dy--)>0)
-{if(drw)this.mkDiv(x,y,1,1);drw=!drw;y+=yIncr;if(p>0)
-{++x;p+=pru;}
-else p+=pr;}
-if(drw)this.mkDiv(x,y,1,1);}}
-function mkOv(left,top,width,height)
-{var a=width>>1,b=height>>1,wod=width&1,hod=(height&1)+1,cx=left+a,cy=top+b,x=0,y=b,ox=0,oy=b,aa=(a*a)<<1,bb=(b*b)<<1,st=(aa>>1)*(1-(b<<1))+bb,tt=(bb>>1)-aa*((b<<1)-1),w,h;while(y>0)
-{if(st<0)
-{st+=bb*((x<<1)+3);tt+=(bb<<1)*(++x);}
-else if(tt<0)
-{st+=bb*((x<<1)+3)-(aa<<1)*(y-1);tt+=(bb<<1)*(++x)-aa*(((y--)<<1)-3);w=x-ox;h=oy-y;if(w&2&&h&2)
-{this.mkOvQds(cx,cy,-x+2,ox+wod,-oy,oy-1+hod,1,1);this.mkOvQds(cx,cy,-x+1,x-1+wod,-y-1,y+hod,1,1);}
-else this.mkOvQds(cx,cy,-x+1,ox+wod,-oy,oy-h+hod,w,h);ox=x;oy=y;}
-else
-{tt-=aa*((y<<1)-3);st-=(aa<<1)*(--y);}}
-this.mkDiv(cx-a,cy-oy,a-ox+1,(oy<<1)+hod);this.mkDiv(cx+ox+wod,cy-oy,a-ox+1,(oy<<1)+hod);}
-function mkOv2D(left,top,width,height)
-{var s=this.stroke;width+=s-1;height+=s-1;var a=width>>1,b=height>>1,wod=width&1,hod=(height&1)+1,cx=left+a,cy=top+b,x=0,y=b,aa=(a*a)<<1,bb=(b*b)<<1,st=(aa>>1)*(1-(b<<1))+bb,tt=(bb>>1)-aa*((b<<1)-1);if(s-4<0&&(!(s-2)||width-51>0&&height-51>0))
-{var ox=0,oy=b,w,h,pxl,pxr,pxt,pxb,pxw;while(y>0)
-{if(st<0)
-{st+=bb*((x<<1)+3);tt+=(bb<<1)*(++x);}
-else if(tt<0)
-{st+=bb*((x<<1)+3)-(aa<<1)*(y-1);tt+=(bb<<1)*(++x)-aa*(((y--)<<1)-3);w=x-ox;h=oy-y;if(w-1)
-{pxw=w+1+(s&1);h=s;}
-else if(h-1)
-{pxw=s;h+=1+(s&1);}
-else pxw=h=s;this.mkOvQds(cx,cy,-x+1,ox-pxw+w+wod,-oy,-h+oy+hod,pxw,h);ox=x;oy=y;}
-else
-{tt-=aa*((y<<1)-3);st-=(aa<<1)*(--y);}}
-this.mkDiv(cx-a,cy-oy,s,(oy<<1)+hod);this.mkDiv(cx+a+wod-s+1,cy-oy,s,(oy<<1)+hod);}
-else
-{var _a=(width-((s-1)<<1))>>1,_b=(height-((s-1)<<1))>>1,_x=0,_y=_b,_aa=(_a*_a)<<1,_bb=(_b*_b)<<1,_st=(_aa>>1)*(1-(_b<<1))+_bb,_tt=(_bb>>1)-_aa*((_b<<1)-1),pxl=new Array(),pxt=new Array(),_pxb=new Array();pxl[0]=0;pxt[0]=b;_pxb[0]=_b-1;while(y>0)
-{if(st<0)
-{st+=bb*((x<<1)+3);tt+=(bb<<1)*(++x);pxl[pxl.length]=x;pxt[pxt.length]=y;}
-else if(tt<0)
-{st+=bb*((x<<1)+3)-(aa<<1)*(y-1);tt+=(bb<<1)*(++x)-aa*(((y--)<<1)-3);pxl[pxl.length]=x;pxt[pxt.length]=y;}
-else
-{tt-=aa*((y<<1)-3);st-=(aa<<1)*(--y);}
-if(_y>0)
-{if(_st<0)
-{_st+=_bb*((_x<<1)+3);_tt+=(_bb<<1)*(++_x);_pxb[_pxb.length]=_y-1;}
-else if(_tt<0)
-{_st+=_bb*((_x<<1)+3)-(_aa<<1)*(_y-1);_tt+=(_bb<<1)*(++_x)-_aa*(((_y--)<<1)-3);_pxb[_pxb.length]=_y-1;}
-else
-{_tt-=_aa*((_y<<1)-3);_st-=(_aa<<1)*(--_y);_pxb[_pxb.length-1]--;}}}
-var ox=0,oy=b,_oy=_pxb[0],l=pxl.length,w,h;for(var i=0;i<l;i++)
-{if(typeof _pxb[i]!="undefined")
-{if(_pxb[i]<_oy||pxt[i]<oy)
-{x=pxl[i];this.mkOvQds(cx,cy,-x+1,ox+wod,-oy,_oy+hod,x-ox,oy-_oy);ox=x;oy=pxt[i];_oy=_pxb[i];}}
-else
-{x=pxl[i];this.mkDiv(cx-x+1,cy-oy,1,(oy<<1)+hod);this.mkDiv(cx+ox+wod,cy-oy,1,(oy<<1)+hod);ox=x;oy=pxt[i];}}
-this.mkDiv(cx-a,cy-oy,1,(oy<<1)+hod);this.mkDiv(cx+ox+wod,cy-oy,1,(oy<<1)+hod);}}
-function mkOvDott(left,top,width,height)
-{var a=width>>1,b=height>>1,wod=width&1,hod=height&1,cx=left+a,cy=top+b,x=0,y=b,aa2=(a*a)<<1,aa4=aa2<<1,bb=(b*b)<<1,st=(aa2>>1)*(1-(b<<1))+bb,tt=(bb>>1)-aa2*((b<<1)-1),drw=true;while(y>0)
-{if(st<0)
-{st+=bb*((x<<1)+3);tt+=(bb<<1)*(++x);}
-else if(tt<0)
-{st+=bb*((x<<1)+3)-aa4*(y-1);tt+=(bb<<1)*(++x)-aa2*(((y--)<<1)-3);}
-else
-{tt-=aa2*((y<<1)-3);st-=aa4*(--y);}
-if(drw)this.mkOvQds(cx,cy,-x,x+wod,-y,y+hod,1,1);drw=!drw;}}
-function mkRect(x,y,w,h)
-{var s=this.stroke;this.mkDiv(x,y,w,s);this.mkDiv(x+w,y,s,h);this.mkDiv(x,y+h,w+s,s);this.mkDiv(x,y+s,s,h-s);}
-function mkRectDott(x,y,w,h)
-{this.drawLine(x,y,x+w,y);this.drawLine(x+w,y,x+w,y+h);this.drawLine(x,y+h,x+w,y+h);this.drawLine(x,y,x,y+h);}
-function jsgFont()
-{this.PLAIN='font-weight:normal;';this.BOLD='font-weight:bold;';this.ITALIC='font-style:italic;';this.ITALIC_BOLD=this.ITALIC+this.BOLD;this.BOLD_ITALIC=this.ITALIC_BOLD;}
-var Font=new jsgFont();function jsgStroke()
-{this.DOTTED=-1;}
-var Stroke=new jsgStroke();function jsGraphics(id,wnd)
-{this.setColor=new Function('arg','this.color = arg.toLowerCase();');this.setStroke=function(x)
-{this.stroke=x;if(!(x+1))
-{this.drawLine=mkLinDott;this.mkOv=mkOvDott;this.drawRect=mkRectDott;}
-else if(x-1>0)
-{this.drawLine=mkLin2D;this.mkOv=mkOv2D;this.drawRect=mkRect;}
-else
-{this.drawLine=mkLin;this.mkOv=mkOv;this.drawRect=mkRect;}};this.setPrintable=function(arg)
-{this.printable=arg;if(jg_fast)
-{this.mkDiv=mkDivIe;this.htmRpc=arg?htmPrtRpc:htmRpc;}
-else this.mkDiv=jg_n4?mkLyr:arg?mkDivPrt:mkDiv;};this.setFont=function(fam,sz,sty)
-{this.ftFam=fam;this.ftSz=sz;this.ftSty=sty||Font.PLAIN;};this.drawPolyline=this.drawPolyLine=function(x,y,s)
-{for(var i=0;i<x.length-1;i++)
-this.drawLine(x[i],y[i],x[i+1],y[i+1]);};this.fillRect=function(x,y,w,h)
-{this.mkDiv(x,y,w,h);};this.drawPolygon=function(x,y)
-{this.drawPolyline(x,y);this.drawLine(x[x.length-1],y[x.length-1],x[0],y[0]);};this.drawEllipse=this.drawOval=function(x,y,w,h)
-{this.mkOv(x,y,w,h);};this.fillEllipse=this.fillOval=function(left,top,w,h)
-{var a=(w-=1)>>1,b=(h-=1)>>1,wod=(w&1)+1,hod=(h&1)+1,cx=left+a,cy=top+b,x=0,y=b,ox=0,oy=b,aa2=(a*a)<<1,aa4=aa2<<1,bb=(b*b)<<1,st=(aa2>>1)*(1-(b<<1))+bb,tt=(bb>>1)-aa2*((b<<1)-1),pxl,dw,dh;if(w+1)while(y>0)
-{if(st<0)
-{st+=bb*((x<<1)+3);tt+=(bb<<1)*(++x);}
-else if(tt<0)
-{st+=bb*((x<<1)+3)-aa4*(y-1);pxl=cx-x;dw=(x<<1)+wod;tt+=(bb<<1)*(++x)-aa2*(((y--)<<1)-3);dh=oy-y;this.mkDiv(pxl,cy-oy,dw,dh);this.mkDiv(pxl,cy+oy-dh+hod,dw,dh);ox=x;oy=y;}
-else
-{tt-=aa2*((y<<1)-3);st-=aa4*(--y);}}
-this.mkDiv(cx-a,cy-oy,w+1,(oy<<1)+hod);};this.fillPolygon=function(array_x,array_y)
-{var i;var y;var miny,maxy;var x1,y1;var x2,y2;var ind1,ind2;var ints;var n=array_x.length;if(!n)return;miny=array_y[0];maxy=array_y[0];for(i=1;i<n;i++)
-{if(array_y[i]<miny)
-miny=array_y[i];if(array_y[i]>maxy)
-maxy=array_y[i];}
-for(y=miny;y<=maxy;y++)
-{var polyInts=new Array();ints=0;for(i=0;i<n;i++)
-{if(!i)
-{ind1=n-1;ind2=0;}
-else
-{ind1=i-1;ind2=i;}
-y1=array_y[ind1];y2=array_y[ind2];if(y1<y2)
-{x1=array_x[ind1];x2=array_x[ind2];}
-else if(y1>y2)
-{y2=array_y[ind1];y1=array_y[ind2];x2=array_x[ind1];x1=array_x[ind2];}
-else continue;if((y>=y1)&&(y<y2))
-polyInts[ints++]=Math.round((y-y1)*(x2-x1)/(y2-y1)+x1);else if((y==maxy)&&(y>y1)&&(y<=y2))
-polyInts[ints++]=Math.round((y-y1)*(x2-x1)/(y2-y1)+x1);}
-polyInts.sort(integer_compare);for(i=0;i<ints;i+=2)
-this.mkDiv(polyInts[i],y,polyInts[i+1]-polyInts[i]+1,1);}};this.drawString=function(txt,x,y)
-{this.htm+='<div style="position:absolute;white-space:nowrap;'+'left:'+x+'px;'+'top:'+y+'px;'+'font-family:'+this.ftFam+';'+'font-size:'+this.ftSz+';'+'color:'+this.color+';'+this.ftSty+'">'+
-txt+'<\/div>';}
-this.drawImage=function(imgSrc,x,y,w,h)
-{this.htm+='<div style="position:absolute;'+'left:'+x+'px;'+'top:'+y+'px;'+'width:'+w+';'+'height:'+h+';">'+'<img src="'+imgSrc+'" width="'+w+'" height="'+h+'">'+'<\/div>';}
-this.clear=function()
-{this.htm="";if(this.cnv)this.cnv.innerHTML=this.defhtm;};this.mkOvQds=function(cx,cy,xl,xr,yt,yb,w,h)
-{this.mkDiv(xr+cx,yt+cy,w,h);this.mkDiv(xr+cx,yb+cy,w,h);this.mkDiv(xl+cx,yb+cy,w,h);this.mkDiv(xl+cx,yt+cy,w,h);};this.setStroke(1);this.setFont('verdana,geneva,helvetica,sans-serif',String.fromCharCode(0x31,0x32,0x70,0x78),Font.PLAIN);this.color='#000000';this.htm='';this.wnd=wnd||window;if(!(jg_ie||jg_dom||jg_ihtm))chkDHTM();if(typeof id!='string'||!id)this.paint=pntDoc;else
-{this.cnv=document.all?(this.wnd.document.all[id]||null):document.getElementById?(this.wnd.document.getElementById(id)||null):null;this.defhtm=(this.cnv&&this.cnv.innerHTML)?this.cnv.innerHTML:'';this.paint=jg_dom?pntCnvDom:jg_ie?pntCnvIe:jg_ihtm?pntCnvIhtm:pntCnv;}
-this.setPrintable(false);}
-function integer_compare(x,y)
-{return(x<y)?-1:((x>y)*1);}
\ No newline at end of file
+/* This notice must be untouched at all times.
+
+wz_jsgraphics.js    v. 3.03
+The latest version is available at
+http://www.walterzorn.com
+or http://www.devira.com
+or http://www.walterzorn.de
+
+Copyright (c) 2002-2004 Walter Zorn. All rights reserved.
+Created 3. 11. 2002 by Walter Zorn (Web: http://www.walterzorn.com )
+Last modified: 28. 1. 2008
+
+Performance optimizations for Internet Explorer
+by Thomas Frank and John Holdsworth.
+fillPolygon method implemented by Matthieu Haller.
+
+High Performance JavaScript Graphics Library.
+Provides methods
+- to draw lines, rectangles, ellipses, polygons
+	with specifiable line thickness,
+- to fill rectangles, polygons, ellipses and arcs
+- to draw text.
+NOTE: Operations, functions and branching have rather been optimized
+to efficiency and speed than to shortness of source code.
+
+LICENSE: LGPL
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License (LGPL) as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA,
+or see http://www.gnu.org/copyleft/lesser.html
+*/
+
+
+var jg_ok, jg_ie, jg_fast, jg_dom, jg_moz;
+
+
+function _chkDHTM(x, i)
+{
+	x = document.body || null;
+	jg_ie = x && typeof x.insertAdjacentHTML != "undefined" && document.createElement;
+	jg_dom = (x && !jg_ie &&
+		typeof x.appendChild != "undefined" &&
+		typeof document.createRange != "undefined" &&
+		typeof (i = document.createRange()).setStartBefore != "undefined" &&
+		typeof i.createContextualFragment != "undefined");
+	jg_fast = jg_ie && document.all && !window.opera;
+	jg_moz = jg_dom && typeof x.style.MozOpacity != "undefined";
+	jg_ok = !!(jg_ie || jg_dom);
+}
+
+function _pntCnvDom()
+{
+	var x = this.wnd.document.createRange();
+	x.setStartBefore(this.cnv);
+	x = x.createContextualFragment(jg_fast? this._htmRpc() : this.htm);
+	if(this.cnv) this.cnv.appendChild(x);
+	this.htm = "";
+}
+
+function _pntCnvIe()
+{
+	if(this.cnv) this.cnv.insertAdjacentHTML("BeforeEnd", jg_fast? this._htmRpc() : this.htm);
+	this.htm = "";
+}
+
+function _pntDoc()
+{
+	this.wnd.document.write(jg_fast? this._htmRpc() : this.htm);
+	this.htm = '';
+}
+
+function _pntN()
+{
+	;
+}
+
+function _mkDiv(x, y, w, h)
+{
+	this.htm += '<div style="position:absolute;'+
+		'left:' + x + 'px;'+
+		'top:' + y + 'px;'+
+		'width:' + w + 'px;'+
+		'height:' + h + 'px;'+
+		'clip:rect(0,'+w+'px,'+h+'px,0);'+
+		'background-color:' + this.color +
+		(!jg_moz? ';overflow:hidden' : '')+
+		';"><\/div>';
+}
+
+function _mkDivIe(x, y, w, h)
+{
+	this.htm += '%%'+this.color+';'+x+';'+y+';'+w+';'+h+';';
+}
+
+function _mkDivPrt(x, y, w, h)
+{
+	this.htm += '<div style="position:absolute;'+
+		'border-left:' + w + 'px solid ' + this.color + ';'+
+		'left:' + x + 'px;'+
+		'top:' + y + 'px;'+
+		'width:0px;'+
+		'height:' + h + 'px;'+
+		'clip:rect(0,'+w+'px,'+h+'px,0);'+
+		'background-color:' + this.color +
+		(!jg_moz? ';overflow:hidden' : '')+
+		';"><\/div>';
+}
+
+var _regex =  /%%([^;]+);([^;]+);([^;]+);([^;]+);([^;]+);/g;
+function _htmRpc()
+{
+	return this.htm.replace(
+		_regex,
+		'<div style="overflow:hidden;position:absolute;background-color:'+
+		'$1;left:$2;top:$3;width:$4;height:$5"></div>\n');
+}
+
+function _htmPrtRpc()
+{
+	return this.htm.replace(
+		_regex,
+		'<div style="overflow:hidden;position:absolute;background-color:'+
+		'$1;left:$2;top:$3;width:$4;height:$5;border-left:$4px solid $1"></div>\n');
+}
+
+function _mkLin(x1, y1, x2, y2)
+{
+	if(x1 > x2)
+	{
+		var _x2 = x2;
+		var _y2 = y2;
+		x2 = x1;
+		y2 = y1;
+		x1 = _x2;
+		y1 = _y2;
+	}
+	var dx = x2-x1, dy = Math.abs(y2-y1),
+	x = x1, y = y1,
+	yIncr = (y1 > y2)? -1 : 1;
+
+	if(dx >= dy)
+	{
+		var pr = dy<<1,
+		pru = pr - (dx<<1),
+		p = pr-dx,
+		ox = x;
+		while(dx > 0)
+		{--dx;
+			++x;
+			if(p > 0)
+			{
+				this._mkDiv(ox, y, x-ox, 1);
+				y += yIncr;
+				p += pru;
+				ox = x;
+			}
+			else p += pr;
+		}
+		this._mkDiv(ox, y, x2-ox+1, 1);
+	}
+
+	else
+	{
+		var pr = dx<<1,
+		pru = pr - (dy<<1),
+		p = pr-dy,
+		oy = y;
+		if(y2 <= y1)
+		{
+			while(dy > 0)
+			{--dy;
+				if(p > 0)
+				{
+					this._mkDiv(x++, y, 1, oy-y+1);
+					y += yIncr;
+					p += pru;
+					oy = y;
+				}
+				else
+				{
+					y += yIncr;
+					p += pr;
+				}
+			}
+			this._mkDiv(x2, y2, 1, oy-y2+1);
+		}
+		else
+		{
+			while(dy > 0)
+			{--dy;
+				y += yIncr;
+				if(p > 0)
+				{
+					this._mkDiv(x++, oy, 1, y-oy);
+					p += pru;
+					oy = y;
+				}
+				else p += pr;
+			}
+			this._mkDiv(x2, oy, 1, y2-oy+1);
+		}
+	}
+}
+
+function _mkLin2D(x1, y1, x2, y2)
+{
+	if(x1 > x2)
+	{
+		var _x2 = x2;
+		var _y2 = y2;
+		x2 = x1;
+		y2 = y1;
+		x1 = _x2;
+		y1 = _y2;
+	}
+	var dx = x2-x1, dy = Math.abs(y2-y1),
+	x = x1, y = y1,
+	yIncr = (y1 > y2)? -1 : 1;
+
+	var s = this.stroke;
+	if(dx >= dy)
+	{
+		if(dx > 0 && s-3 > 0)
+		{
+			var _s = (s*dx*Math.sqrt(1+dy*dy/(dx*dx))-dx-(s>>1)*dy) / dx;
+			_s = (!(s-4)? Math.ceil(_s) : Math.round(_s)) + 1;
+		}
+		else var _s = s;
+		var ad = Math.ceil(s/2);
+
+		var pr = dy<<1,
+		pru = pr - (dx<<1),
+		p = pr-dx,
+		ox = x;
+		while(dx > 0)
+		{--dx;
+			++x;
+			if(p > 0)
+			{
+				this._mkDiv(ox, y, x-ox+ad, _s);
+				y += yIncr;
+				p += pru;
+				ox = x;
+			}
+			else p += pr;
+		}
+		this._mkDiv(ox, y, x2-ox+ad+1, _s);
+	}
+
+	else
+	{
+		if(s-3 > 0)
+		{
+			var _s = (s*dy*Math.sqrt(1+dx*dx/(dy*dy))-(s>>1)*dx-dy) / dy;
+			_s = (!(s-4)? Math.ceil(_s) : Math.round(_s)) + 1;
+		}
+		else var _s = s;
+		var ad = Math.round(s/2);
+
+		var pr = dx<<1,
+		pru = pr - (dy<<1),
+		p = pr-dy,
+		oy = y;
+		if(y2 <= y1)
+		{
+			++ad;
+			while(dy > 0)
+			{--dy;
+				if(p > 0)
+				{
+					this._mkDiv(x++, y, _s, oy-y+ad);
+					y += yIncr;
+					p += pru;
+					oy = y;
+				}
+				else
+				{
+					y += yIncr;
+					p += pr;
+				}
+			}
+			this._mkDiv(x2, y2, _s, oy-y2+ad);
+		}
+		else
+		{
+			while(dy > 0)
+			{--dy;
+				y += yIncr;
+				if(p > 0)
+				{
+					this._mkDiv(x++, oy, _s, y-oy+ad);
+					p += pru;
+					oy = y;
+				}
+				else p += pr;
+			}
+			this._mkDiv(x2, oy, _s, y2-oy+ad+1);
+		}
+	}
+}
+
+function _mkLinDott(x1, y1, x2, y2)
+{
+	if(x1 > x2)
+	{
+		var _x2 = x2;
+		var _y2 = y2;
+		x2 = x1;
+		y2 = y1;
+		x1 = _x2;
+		y1 = _y2;
+	}
+	var dx = x2-x1, dy = Math.abs(y2-y1),
+	x = x1, y = y1,
+	yIncr = (y1 > y2)? -1 : 1,
+	drw = true;
+	if(dx >= dy)
+	{
+		var pr = dy<<1,
+		pru = pr - (dx<<1),
+		p = pr-dx;
+		while(dx > 0)
+		{--dx;
+			if(drw) this._mkDiv(x, y, 1, 1);
+			drw = !drw;
+			if(p > 0)
+			{
+				y += yIncr;
+				p += pru;
+			}
+			else p += pr;
+			++x;
+		}
+	}
+	else
+	{
+		var pr = dx<<1,
+		pru = pr - (dy<<1),
+		p = pr-dy;
+		while(dy > 0)
+		{--dy;
+			if(drw) this._mkDiv(x, y, 1, 1);
+			drw = !drw;
+			y += yIncr;
+			if(p > 0)
+			{
+				++x;
+				p += pru;
+			}
+			else p += pr;
+		}
+	}
+	if(drw) this._mkDiv(x, y, 1, 1);
+}
+
+function _mkOv(left, top, width, height)
+{
+	var a = (++width)>>1, b = (++height)>>1,
+	wod = width&1, hod = height&1,
+	cx = left+a, cy = top+b,
+	x = 0, y = b,
+	ox = 0, oy = b,
+	aa2 = (a*a)<<1, aa4 = aa2<<1, bb2 = (b*b)<<1, bb4 = bb2<<1,
+	st = (aa2>>1)*(1-(b<<1)) + bb2,
+	tt = (bb2>>1) - aa2*((b<<1)-1),
+	w, h;
+	while(y > 0)
+	{
+		if(st < 0)
+		{
+			st += bb2*((x<<1)+3);
+			tt += bb4*(++x);
+		}
+		else if(tt < 0)
+		{
+			st += bb2*((x<<1)+3) - aa4*(y-1);
+			tt += bb4*(++x) - aa2*(((y--)<<1)-3);
+			w = x-ox;
+			h = oy-y;
+			if((w&2) && (h&2))
+			{
+				this._mkOvQds(cx, cy, x-2, y+2, 1, 1, wod, hod);
+				this._mkOvQds(cx, cy, x-1, y+1, 1, 1, wod, hod);
+			}
+			else this._mkOvQds(cx, cy, x-1, oy, w, h, wod, hod);
+			ox = x;
+			oy = y;
+		}
+		else
+		{
+			tt -= aa2*((y<<1)-3);
+			st -= aa4*(--y);
+		}
+	}
+	w = a-ox+1;
+	h = (oy<<1)+hod;
+	y = cy-oy;
+	this._mkDiv(cx-a, y, w, h);
+	this._mkDiv(cx+ox+wod-1, y, w, h);
+}
+
+function _mkOv2D(left, top, width, height)
+{
+	var s = this.stroke;
+	width += s+1;
+	height += s+1;
+	var a = width>>1, b = height>>1,
+	wod = width&1, hod = height&1,
+	cx = left+a, cy = top+b,
+	x = 0, y = b,
+	aa2 = (a*a)<<1, aa4 = aa2<<1, bb2 = (b*b)<<1, bb4 = bb2<<1,
+	st = (aa2>>1)*(1-(b<<1)) + bb2,
+	tt = (bb2>>1) - aa2*((b<<1)-1);
+
+	if(s-4 < 0 && (!(s-2) || width-51 > 0 && height-51 > 0))
+	{
+		var ox = 0, oy = b,
+		w, h,
+		pxw;
+		while(y > 0)
+		{
+			if(st < 0)
+			{
+				st += bb2*((x<<1)+3);
+				tt += bb4*(++x);
+			}
+			else if(tt < 0)
+			{
+				st += bb2*((x<<1)+3) - aa4*(y-1);
+				tt += bb4*(++x) - aa2*(((y--)<<1)-3);
+				w = x-ox;
+				h = oy-y;
+
+				if(w-1)
+				{
+					pxw = w+1+(s&1);
+					h = s;
+				}
+				else if(h-1)
+				{
+					pxw = s;
+					h += 1+(s&1);
+				}
+				else pxw = h = s;
+				this._mkOvQds(cx, cy, x-1, oy, pxw, h, wod, hod);
+				ox = x;
+				oy = y;
+			}
+			else
+			{
+				tt -= aa2*((y<<1)-3);
+				st -= aa4*(--y);
+			}
+		}
+		this._mkDiv(cx-a, cy-oy, s, (oy<<1)+hod);
+		this._mkDiv(cx+a+wod-s, cy-oy, s, (oy<<1)+hod);
+	}
+
+	else
+	{
+		var _a = (width-(s<<1))>>1,
+		_b = (height-(s<<1))>>1,
+		_x = 0, _y = _b,
+		_aa2 = (_a*_a)<<1, _aa4 = _aa2<<1, _bb2 = (_b*_b)<<1, _bb4 = _bb2<<1,
+		_st = (_aa2>>1)*(1-(_b<<1)) + _bb2,
+		_tt = (_bb2>>1) - _aa2*((_b<<1)-1),
+
+		pxl = new Array(),
+		pxt = new Array(),
+		_pxb = new Array();
+		pxl[0] = 0;
+		pxt[0] = b;
+		_pxb[0] = _b-1;
+		while(y > 0)
+		{
+			if(st < 0)
+			{
+				pxl[pxl.length] = x;
+				pxt[pxt.length] = y;
+				st += bb2*((x<<1)+3);
+				tt += bb4*(++x);
+			}
+			else if(tt < 0)
+			{
+				pxl[pxl.length] = x;
+				st += bb2*((x<<1)+3) - aa4*(y-1);
+				tt += bb4*(++x) - aa2*(((y--)<<1)-3);
+				pxt[pxt.length] = y;
+			}
+			else
+			{
+				tt -= aa2*((y<<1)-3);
+				st -= aa4*(--y);
+			}
+
+			if(_y > 0)
+			{
+				if(_st < 0)
+				{
+					_st += _bb2*((_x<<1)+3);
+					_tt += _bb4*(++_x);
+					_pxb[_pxb.length] = _y-1;
+				}
+				else if(_tt < 0)
+				{
+					_st += _bb2*((_x<<1)+3) - _aa4*(_y-1);
+					_tt += _bb4*(++_x) - _aa2*(((_y--)<<1)-3);
+					_pxb[_pxb.length] = _y-1;
+				}
+				else
+				{
+					_tt -= _aa2*((_y<<1)-3);
+					_st -= _aa4*(--_y);
+					_pxb[_pxb.length-1]--;
+				}
+			}
+		}
+
+		var ox = -wod, oy = b,
+		_oy = _pxb[0],
+		l = pxl.length,
+		w, h;
+		for(var i = 0; i < l; i++)
+		{
+			if(typeof _pxb[i] != "undefined")
+			{
+				if(_pxb[i] < _oy || pxt[i] < oy)
+				{
+					x = pxl[i];
+					this._mkOvQds(cx, cy, x, oy, x-ox, oy-_oy, wod, hod);
+					ox = x;
+					oy = pxt[i];
+					_oy = _pxb[i];
+				}
+			}
+			else
+			{
+				x = pxl[i];
+				this._mkDiv(cx-x, cy-oy, 1, (oy<<1)+hod);
+				this._mkDiv(cx+ox+wod, cy-oy, 1, (oy<<1)+hod);
+				ox = x;
+				oy = pxt[i];
+			}
+		}
+		this._mkDiv(cx-a, cy-oy, 1, (oy<<1)+hod);
+		this._mkDiv(cx+ox+wod, cy-oy, 1, (oy<<1)+hod);
+	}
+}
+
+function _mkOvDott(left, top, width, height)
+{
+	var a = (++width)>>1, b = (++height)>>1,
+	wod = width&1, hod = height&1, hodu = hod^1,
+	cx = left+a, cy = top+b,
+	x = 0, y = b,
+	aa2 = (a*a)<<1, aa4 = aa2<<1, bb2 = (b*b)<<1, bb4 = bb2<<1,
+	st = (aa2>>1)*(1-(b<<1)) + bb2,
+	tt = (bb2>>1) - aa2*((b<<1)-1),
+	drw = true;
+	while(y > 0)
+	{
+		if(st < 0)
+		{
+			st += bb2*((x<<1)+3);
+			tt += bb4*(++x);
+		}
+		else if(tt < 0)
+		{
+			st += bb2*((x<<1)+3) - aa4*(y-1);
+			tt += bb4*(++x) - aa2*(((y--)<<1)-3);
+		}
+		else
+		{
+			tt -= aa2*((y<<1)-3);
+			st -= aa4*(--y);
+		}
+		if(drw && y >= hodu) this._mkOvQds(cx, cy, x, y, 1, 1, wod, hod);
+		drw = !drw;
+	}
+}
+
+function _mkRect(x, y, w, h)
+{
+	var s = this.stroke;
+	this._mkDiv(x, y, w, s);
+	this._mkDiv(x+w, y, s, h);
+	this._mkDiv(x, y+h, w+s, s);
+	this._mkDiv(x, y+s, s, h-s);
+}
+
+function _mkRectDott(x, y, w, h)
+{
+	this.drawLine(x, y, x+w, y);
+	this.drawLine(x+w, y, x+w, y+h);
+	this.drawLine(x, y+h, x+w, y+h);
+	this.drawLine(x, y, x, y+h);
+}
+
+function jsgFont()
+{
+	this.PLAIN = 'font-weight:normal;';
+	this.BOLD = 'font-weight:bold;';
+	this.ITALIC = 'font-style:italic;';
+	this.ITALIC_BOLD = this.ITALIC + this.BOLD;
+	this.BOLD_ITALIC = this.ITALIC_BOLD;
+}
+var Font = new jsgFont();
+
+function jsgStroke()
+{
+	this.DOTTED = -1;
+}
+var Stroke = new jsgStroke();
+
+function jsGraphics(cnv, wnd)
+{
+	this.setColor = function(x)
+	{
+		this.color = x.toLowerCase();
+	};
+
+	this.setStroke = function(x)
+	{
+		this.stroke = x;
+		if(!(x+1))
+		{
+			this.drawLine = _mkLinDott;
+			this._mkOv = _mkOvDott;
+			this.drawRect = _mkRectDott;
+		}
+		else if(x-1 > 0)
+		{
+			this.drawLine = _mkLin2D;
+			this._mkOv = _mkOv2D;
+			this.drawRect = _mkRect;
+		}
+		else
+		{
+			this.drawLine = _mkLin;
+			this._mkOv = _mkOv;
+			this.drawRect = _mkRect;
+		}
+	};
+
+	this.setPrintable = function(arg)
+	{
+		this.printable = arg;
+		if(jg_fast)
+		{
+			this._mkDiv = _mkDivIe;
+			this._htmRpc = arg? _htmPrtRpc : _htmRpc;
+		}
+		else this._mkDiv = arg? _mkDivPrt : _mkDiv;
+	};
+
+	this.setFont = function(fam, sz, sty)
+	{
+		this.ftFam = fam;
+		this.ftSz = sz;
+		this.ftSty = sty || Font.PLAIN;
+	};
+
+	this.drawPolyline = this.drawPolyLine = function(x, y)
+	{
+		for (var i=x.length - 1; i;)
+		{--i;
+			this.drawLine(x[i], y[i], x[i+1], y[i+1]);
+		}
+	};
+
+	this.fillRect = function(x, y, w, h)
+	{
+		this._mkDiv(x, y, w, h);
+	};
+
+	this.drawPolygon = function(x, y)
+	{
+		this.drawPolyline(x, y);
+		this.drawLine(x[x.length-1], y[x.length-1], x[0], y[0]);
+	};
+
+	this.drawEllipse = this.drawOval = function(x, y, w, h)
+	{
+		this._mkOv(x, y, w, h);
+	};
+
+	this.fillEllipse = this.fillOval = function(left, top, w, h)
+	{
+		var a = w>>1, b = h>>1,
+		wod = w&1, hod = h&1,
+		cx = left+a, cy = top+b,
+		x = 0, y = b, oy = b,
+		aa2 = (a*a)<<1, aa4 = aa2<<1, bb2 = (b*b)<<1, bb4 = bb2<<1,
+		st = (aa2>>1)*(1-(b<<1)) + bb2,
+		tt = (bb2>>1) - aa2*((b<<1)-1),
+		xl, dw, dh;
+		if(w) while(y > 0)
+		{
+			if(st < 0)
+			{
+				st += bb2*((x<<1)+3);
+				tt += bb4*(++x);
+			}
+			else if(tt < 0)
+			{
+				st += bb2*((x<<1)+3) - aa4*(y-1);
+				xl = cx-x;
+				dw = (x<<1)+wod;
+				tt += bb4*(++x) - aa2*(((y--)<<1)-3);
+				dh = oy-y;
+				this._mkDiv(xl, cy-oy, dw, dh);
+				this._mkDiv(xl, cy+y+hod, dw, dh);
+				oy = y;
+			}
+			else
+			{
+				tt -= aa2*((y<<1)-3);
+				st -= aa4*(--y);
+			}
+		}
+		this._mkDiv(cx-a, cy-oy, w, (oy<<1)+hod);
+	};
+
+	this.fillArc = function(iL, iT, iW, iH, fAngA, fAngZ)
+	{
+		var a = iW>>1, b = iH>>1,
+		iOdds = (iW&1) | ((iH&1) << 16),
+		cx = iL+a, cy = iT+b,
+		x = 0, y = b, ox = x, oy = y,
+		aa2 = (a*a)<<1, aa4 = aa2<<1, bb2 = (b*b)<<1, bb4 = bb2<<1,
+		st = (aa2>>1)*(1-(b<<1)) + bb2,
+		tt = (bb2>>1) - aa2*((b<<1)-1),
+		// Vars for radial boundary lines
+		xEndA, yEndA, xEndZ, yEndZ,
+		iSects = (1 << (Math.floor((fAngA %= 360.0)/180.0) << 3))
+				| (2 << (Math.floor((fAngZ %= 360.0)/180.0) << 3))
+				| ((fAngA >= fAngZ) << 16),
+		aBndA = new Array(b+1), aBndZ = new Array(b+1);
+		
+		// Set up radial boundary lines
+		fAngA *= Math.PI/180.0;
+		fAngZ *= Math.PI/180.0;
+		xEndA = cx+Math.round(a*Math.cos(fAngA));
+		yEndA = cy+Math.round(-b*Math.sin(fAngA));
+		_mkLinVirt(aBndA, cx, cy, xEndA, yEndA);
+		xEndZ = cx+Math.round(a*Math.cos(fAngZ));
+		yEndZ = cy+Math.round(-b*Math.sin(fAngZ));
+		_mkLinVirt(aBndZ, cx, cy, xEndZ, yEndZ);
+
+		while(y > 0)
+		{
+			if(st < 0) // Advance x
+			{
+				st += bb2*((x<<1)+3);
+				tt += bb4*(++x);
+			}
+			else if(tt < 0) // Advance x and y
+			{
+				st += bb2*((x<<1)+3) - aa4*(y-1);
+				ox = x;
+				tt += bb4*(++x) - aa2*(((y--)<<1)-3);
+				this._mkArcDiv(ox, y, oy, cx, cy, iOdds, aBndA, aBndZ, iSects);
+				oy = y;
+			}
+			else // Advance y
+			{
+				tt -= aa2*((y<<1)-3);
+				st -= aa4*(--y);
+				if(y && (aBndA[y] != aBndA[y-1] || aBndZ[y] != aBndZ[y-1]))
+				{
+					this._mkArcDiv(x, y, oy, cx, cy, iOdds, aBndA, aBndZ, iSects);
+					ox = x;
+					oy = y;
+				}
+			}
+		}
+		this._mkArcDiv(x, 0, oy, cx, cy, iOdds, aBndA, aBndZ, iSects);
+		if(iOdds >> 16) // Odd height
+		{
+			if(iSects >> 16) // Start-angle > end-angle
+			{
+				var xl = (yEndA <= cy || yEndZ > cy)? (cx - x) : cx;
+				this._mkDiv(xl, cy, x + cx - xl + (iOdds & 0xffff), 1);
+			}
+			else if((iSects & 0x01) && yEndZ > cy)
+				this._mkDiv(cx - x, cy, x, 1);
+		}
+	};
+
+/* fillPolygon method, implemented by Matthieu Haller.
+This javascript function is an adaptation of the gdImageFilledPolygon for Walter Zorn lib.
+C source of GD 1.8.4 found at http://www.boutell.com/gd/
+
+THANKS to Kirsten Schulz for the polygon fixes!
+
+The intersection finding technique of this code could be improved
+by remembering the previous intertersection, and by using the slope.
+That could help to adjust intersections to produce a nice
+interior_extrema. */
+	this.fillPolygon = function(array_x, array_y)
+	{
+		var i;
+		var y;
+		var miny, maxy;
+		var x1, y1;
+		var x2, y2;
+		var ind1, ind2;
+		var ints;
+
+		var n = array_x.length;
+		if(!n) return;
+
+		miny = array_y[0];
+		maxy = array_y[0];
+		for(i = 1; i < n; i++)
+		{
+			if(array_y[i] < miny)
+				miny = array_y[i];
+
+			if(array_y[i] > maxy)
+				maxy = array_y[i];
+		}
+		for(y = miny; y <= maxy; y++)
+		{
+			var polyInts = new Array();
+			ints = 0;
+			for(i = 0; i < n; i++)
+			{
+				if(!i)
+				{
+					ind1 = n-1;
+					ind2 = 0;
+				}
+				else
+				{
+					ind1 = i-1;
+					ind2 = i;
+				}
+				y1 = array_y[ind1];
+				y2 = array_y[ind2];
+				if(y1 < y2)
+				{
+					x1 = array_x[ind1];
+					x2 = array_x[ind2];
+				}
+				else if(y1 > y2)
+				{
+					y2 = array_y[ind1];
+					y1 = array_y[ind2];
+					x2 = array_x[ind1];
+					x1 = array_x[ind2];
+				}
+				else continue;
+
+				 //  Modified 11. 2. 2004 Walter Zorn
+				if((y >= y1) && (y < y2))
+					polyInts[ints++] = Math.round((y-y1) * (x2-x1) / (y2-y1) + x1);
+
+				else if((y == maxy) && (y > y1) && (y <= y2))
+					polyInts[ints++] = Math.round((y-y1) * (x2-x1) / (y2-y1) + x1);
+			}
+			polyInts.sort(_CompInt);
+			for(i = 0; i < ints; i+=2)
+				this._mkDiv(polyInts[i], y, polyInts[i+1]-polyInts[i]+1, 1);
+		}
+	};
+
+	this.drawString = function(txt, x, y)
+	{
+		this.htm += '<div style="position:absolute;white-space:nowrap;'+
+			'left:' + x + 'px;'+
+			'top:' + y + 'px;'+
+			'font-family:' +  this.ftFam + ';'+
+			'font-size:' + this.ftSz + ';'+
+			'color:' + this.color + ';' + this.ftSty + '">'+
+			txt +
+			'<\/div>';
+	};
+
+/* drawStringRect() added by Rick Blommers.
+Allows to specify the size of the text rectangle and to align the
+text both horizontally (e.g. right) and vertically within that rectangle */
+	this.drawStringRect = function(txt, x, y, width, halign)
+	{
+		this.htm += '<div style="position:absolute;overflow:hidden;'+
+			'left:' + x + 'px;'+
+			'top:' + y + 'px;'+
+			'width:'+width +'px;'+
+			'text-align:'+halign+';'+
+			'font-family:' +  this.ftFam + ';'+
+			'font-size:' + this.ftSz + ';'+
+			'color:' + this.color + ';' + this.ftSty + '">'+
+			txt +
+			'<\/div>';
+	};
+
+	this.drawImage = function(imgSrc, x, y, w, h, a)
+	{
+		this.htm += '<div style="position:absolute;'+
+			'left:' + x + 'px;'+
+			'top:' + y + 'px;'+
+			// w (width) and h (height) arguments are now optional.
+			// Added by Mahmut Keygubatli, 14.1.2008
+			(w? ('width:' +  w + 'px;') : '') +
+			(h? ('height:' + h + 'px;'):'')+'">'+
+			'<img src="' + imgSrc +'"'+ (w ? (' width="' + w + '"'):'')+ (h ? (' height="' + h + '"'):'') + (a? (' '+a) : '') + '>'+
+			'<\/div>';
+	};
+
+	this.clear = function()
+	{
+		this.htm = "";
+		if(this.cnv) this.cnv.innerHTML = "";
+	};
+
+	this._mkOvQds = function(cx, cy, x, y, w, h, wod, hod)
+	{
+		var xl = cx - x, xr = cx + x + wod - w, yt = cy - y, yb = cy + y + hod - h;
+		if(xr > xl+w)
+		{
+			this._mkDiv(xr, yt, w, h);
+			this._mkDiv(xr, yb, w, h);
+		}
+		else
+			w = xr - xl + w;
+		this._mkDiv(xl, yt, w, h);
+		this._mkDiv(xl, yb, w, h);
+	};
+	
+	this._mkArcDiv = function(x, y, oy, cx, cy, iOdds, aBndA, aBndZ, iSects)
+	{
+		var xrDef = cx + x + (iOdds & 0xffff), y2, h = oy - y, xl, xr, w;
+
+		if(!h) h = 1;
+		x = cx - x;
+
+		if(iSects & 0xff0000) // Start-angle > end-angle
+		{
+			y2 = cy - y - h;
+			if(iSects & 0x00ff)
+			{
+				if(iSects & 0x02)
+				{
+					xl = Math.max(x, aBndZ[y]);
+					w = xrDef - xl;
+					if(w > 0) this._mkDiv(xl, y2, w, h);
+				}
+				if(iSects & 0x01)
+				{
+					xr = Math.min(xrDef, aBndA[y]);
+					w = xr - x;
+					if(w > 0) this._mkDiv(x, y2, w, h);
+				}
+			}
+			else
+				this._mkDiv(x, y2, xrDef - x, h);
+			y2 = cy + y + (iOdds >> 16);
+			if(iSects & 0xff00)
+			{
+				if(iSects & 0x0100)
+				{
+					xl = Math.max(x, aBndA[y]);
+					w = xrDef - xl;
+					if(w > 0) this._mkDiv(xl, y2, w, h);
+				}
+				if(iSects & 0x0200)
+				{
+					xr = Math.min(xrDef, aBndZ[y]);
+					w = xr - x;
+					if(w > 0) this._mkDiv(x, y2, w, h);
+				}
+			}
+			else
+				this._mkDiv(x, y2, xrDef - x, h);
+		}
+		else
+		{
+			if(iSects & 0x00ff)
+			{
+				if(iSects & 0x02)
+					xl = Math.max(x, aBndZ[y]);
+				else
+					xl = x;
+				if(iSects & 0x01)
+					xr = Math.min(xrDef, aBndA[y]);
+				else
+					xr = xrDef;
+				y2 = cy - y - h;
+				w = xr - xl;
+				if(w > 0) this._mkDiv(xl, y2, w, h);
+			}
+			if(iSects & 0xff00)
+			{
+				if(iSects & 0x0100)
+					xl = Math.max(x, aBndA[y]);
+				else
+					xl = x;
+				if(iSects & 0x0200)
+					xr = Math.min(xrDef, aBndZ[y]);
+				else
+					xr = xrDef;
+				y2 = cy + y + (iOdds >> 16);
+				w = xr - xl;
+				if(w > 0) this._mkDiv(xl, y2, w, h);
+			}
+		}
+	};
+
+	this.setStroke(1);
+	this.setFont("verdana,geneva,helvetica,sans-serif", "12px", Font.PLAIN);
+	this.color = "#000000";
+	this.htm = "";
+	this.wnd = wnd || window;
+
+	if(!jg_ok) _chkDHTM();
+	if(jg_ok)
+	{
+		if(cnv)
+		{
+			if(typeof(cnv) == "string")
+				this.cont = document.all? (this.wnd.document.all[cnv] || null)
+					: document.getElementById? (this.wnd.document.getElementById(cnv) || null)
+					: null;
+			else if(cnv == window.document)
+				this.cont = document.getElementsByTagName("body")[0];
+			// If cnv is a direct reference to a canvas DOM node
+			// (option suggested by Andreas Luleich)
+			else this.cont = cnv;
+			// Create new canvas inside container DIV. Thus the drawing and clearing
+			// methods won't interfere with the container's inner html.
+			// Solution suggested by Vladimir.
+			this.cnv = this.wnd.document.createElement("div");
+			this.cnv.style.fontSize=0;
+			this.cont.appendChild(this.cnv);
+			this.paint = jg_dom? _pntCnvDom : _pntCnvIe;
+		}
+		else
+			this.paint = _pntDoc;
+	}
+	else
+		this.paint = _pntN;
+
+	this.setPrintable(false);
+}
+
+function _mkLinVirt(aLin, x1, y1, x2, y2)
+{
+	var dx = Math.abs(x2-x1), dy = Math.abs(y2-y1),
+	x = x1, y = y1,
+	xIncr = (x1 > x2)? -1 : 1,
+	yIncr = (y1 > y2)? -1 : 1,
+	p,
+	i = 0;
+	if(dx >= dy)
+	{
+		var pr = dy<<1,
+		pru = pr - (dx<<1);
+		p = pr-dx;
+		while(dx > 0)
+		{--dx;
+			if(p > 0)    //  Increment y
+			{
+				aLin[i++] = x;
+				y += yIncr;
+				p += pru;
+			}
+			else p += pr;
+			x += xIncr;
+		}
+	}
+	else
+	{
+		var pr = dx<<1,
+		pru = pr - (dy<<1);
+		p = pr-dy;
+		while(dy > 0)
+		{--dy;
+			y += yIncr;
+			aLin[i++] = x;
+			if(p > 0)    //  Increment x
+			{
+				x += xIncr;
+				p += pru;
+			}
+			else p += pr;
+		}
+	}
+	for(var len = aLin.length, i = len-i; i;)
+		aLin[len-(i--)] = x;
+};
+
+function _CompInt(x, y)
+{
+	return(x - y);
+}
+

Modified: branches/2.4.5/http/frames/login.php
===================================================================
--- tags/2.4.4/http/frames/login.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/frames/login.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -1,5 +1,5 @@
 <?php
-# $Id: login.php 76 2006-08-15 12:25:34Z heuser $
+# $Id$
 # Copyright (C) 2002 CCGIS 
 #
 # This program is free software; you can redistribute it and/or modify
@@ -152,8 +152,10 @@
 	}	
 	if($_SESSION["mb_user_id"]){
 		if($row["mb_user_login_count"] < $loginMax){
-			$sql_del_cnt =  "UPDATE mb_user SET mb_user_login_count = 0 WHERE mb_user_id = " . $_SESSION['mb_user_id'];
-			db_query($sql_del_cnt);
+			$sql_del_cnt =  "UPDATE mb_user SET mb_user_login_count = 0 WHERE mb_user_id = $1";
+			$v = array($_SESSION['mb_user_id']);
+			$t = array("i");
+			db_prep_query($sql_del_cnt, $v, $t);
 			require_once(dirname(__FILE__)."/../php/mb_getGUIs.php");
 			$arrayGUIs = mb_getGUIs($row["mb_user_id"]);
 			$_SESSION["mb_user_guis"] = $arrayGUIs;

Deleted: branches/2.4.5/http/html/mod_treefolder_auge.php
===================================================================
--- tags/2.4.4/http/html/mod_treefolder_auge.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/html/mod_treefolder_auge.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -1,787 +0,0 @@
-<?php
-session_start();
-require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
-$con = db_connect($DBSERVER,$OWNER,$PW);
-db_select_db(DB,$con);
-$gui_id = $_SESSION["mb_user_gui"];
-
-$eye_on = '../img/eye_on.gif';
-$eye_off = '../img/eye_off.gif';
-$info_on = '../img/info_on.gif';
-$info_off ='../img/info_off.gif';
-$no_info ='../img/no_info.gif';
-
-?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
-<META NAME="Generator" CONTENT="Cosmo Create 1.0.3">
-<?php
-echo '<meta http-equiv="Content-Type" content="text/html; charset='.CHARSET.'">';	
-?>
-<TITLE>Treefolder Eyes</TITLE>
-<?php
- include '../include/dyn_css.php';
-?>
-<script language='JavaScript'>
-function pop_up(name)
-{
-	window.open(name,"METADATEN","width=310,height=400,left=0,top=0");
-}
-</script>
-<?php
-echo "<script language='JavaScript'>";
-   
-   import_request_variables("PG");
-   
-   require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
-   $con = db_connect($DBSERVER,$OWNER,$PW);
-   db_select_db(DB,$con);
-   $sql = "SELECT e_target FROM gui_element WHERE e_id = '".$_REQUEST['e_id_css']."' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-   
-   $res = db_query($sql);
-   $e_target = db_result($res,0,"e_target");
-   
-   echo "mod_treeGDE_map = '".$e_target."';";   
-echo "</script>";
-
-$sql = "select var_name,var_value from gui_element_vars where fkey_gui_id='".$_SESSION["mb_user_gui"]."' and fkey_e_id='".$_REQUEST['e_id_css']."' and var_type = 'img';";
-  
-   $res = db_query($sql);
-$img["folder_off"] ='../img/tree/folder_off_new.gif';
-$img["folder_on"] ='../img/tree/folder_on_new.gif';
-while($row = db_fetch_array($res))
-{
-$img[$row['var_name']] = $row['var_value'];
-}
-
-?>
-  <SCRIPT language="JavaScript1.2">
-  <!--  
-  /*
-   * sitemap.js 1.31 05/02/2000
-   *  - Opera 5
-   *
-   * sitemap.js 1.3 27/11/2000
-   *  - Netscape 6
-   *
-   * sitemap.js 1.2 20/05/2000
-   *  - split array tree into arrays for each element old tree
-   *  - no mory type flag, an folder is an entry which has sons
-   *  - a folder can have an link
-   *  - while initing an default layers is shown 
-   *
-   * sitemap.js 1.1 20/10/1999
-   *  - showTree only updates and init layers new which have been really changed
-   *  - add deep to knot entry
-   *  - substitute knotDeep[ id ] w/ tree[ id2treeIndex[ id ] ].deep
-   *  - add alignment to img and a &nbsp; at the beginning of eyery line
-   *  - add a fake img for bookmarks on top panel
-   *
-   * sitemap.js 1.02 14/10/1999
-   *  - fix bug in initStyles
-   *
-   * sitemap.js 1.01 06/10/1999
-   *  - fix bug in knotDeep for Netscape 4.00-4.0.5
-   *
-   * sitemap.js 1.0 20/09/1999
-   *
-   * Javascript function for displaying hierarchic directory structures with
-   * the ability to collapse and expand directories.
-   *
-   * Copyright (c) 1999 Polzin GmbH, Duesseldorf. All Rights Reserved.
-   * Author: Lutz Eymers <ixtab at polzin.com>
-   * Download: http://www.polzin.com/inet/fset_inet.phtml?w=goodies
-   *
-   * Permission to use, copy, modify, and distribute this software
-   * and its documentation for any purposes and without fee
-   * is hereby granted provided that this copyright notice
-   * appears in all copies. 
-   *
-   * Of course, this software is provided "as is" without express or implied
-   * warranty of any kind.
-   *
-   */
-  
-  parent.mb_registerSubFunctions("window.frames['treeGDE'].mod_treeGDE()");
-
-function mod_treeGDE(){
-  /**/
-	var ind = parent.getMapObjIndexByName(mod_treeGDE_map);
-	//if(ind == false){ alert("error, no mapobject specified");}
-	for(var i=0; i<document.getElementsByTagName("input").length; i++){
-		//wms_title,layer_shortname,{visible | querylayer}
-		var myID = document.getElementsByTagName("input")[i].id;
-		var arrayID = document.getElementsByTagName("input")[i].id.split("###");
-		//var ind = parent.getMapObjIndexByName(mod_treeGDE_map);
-		var wms_ind = parent.getWMSIndexByTitle(mod_treeGDE_map,arrayID[0]);
-		if(arrayID[2] == "visible"){
-			var arrayLayer = parent.mb_mapObj[ind].layers[wms_ind].split(",");
-			var isOn = false;
-			for(var ii=0; ii<arrayLayer.length; ii++){
-				if(arrayID[1] == arrayLayer[ii]){isOn = true;}
-			}
-			if(isOn == true){ document.getElementById(myID).checked = true;}
-			if(isOn == false){ document.getElementById(myID).checked = false;}
-		}
-		if(arrayID[2] == "querylayer"){
-			//nothing to do at this time
-		}
-	}
-    /*consider scalhints*/
-	for(var i=0; i<parent.mb_mapObj.length; i++){
-		var scale = parseInt(parent.mb_getScale(mod_treeGDE_map));
-		if(parent.mb_mapObj[i].frameName == mod_treeGDE_map){ 
-			for(var ii=0; ii<parent.mb_mapObj[i].wms.length; ii++){
-				for(var iii=1; iii<parent.mb_mapObj[i].wms[ii].objLayer.length; iii++){
-					if(document.getElementById(parent.mb_mapObj[i].wms[ii].wms_title+"_"+parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_name)){
-						if(scale < parseInt(parent.mb_mapObj[i].wms[ii].objLayer[iii].gui_layer_minscale) && parseInt(parent.mb_mapObj[i].wms[ii].objLayer[iii].gui_layer_minscale) != 0){                    
-							document.getElementById(parent.mb_mapObj[i].wms[ii].wms_title+"_"+parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_name).style.color = '#999999';                
-						}
-						else if(scale > parseInt(parent.mb_mapObj[i].wms[ii].objLayer[iii].gui_layer_maxscale) && parseInt(parent.mb_mapObj[i].wms[ii].objLayer[iii].gui_layer_maxscale) != 0){
-							document.getElementById(parent.mb_mapObj[i].wms[ii].wms_title+"_"+parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_name).style.color = '#999999';
-						}
-						else{
-							document.getElementById(parent.mb_mapObj[i].wms[ii].wms_title+"_"+parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_name).style.color = '#000000';
-						}
-					}                   
-				}
-			}
-		}
-	}
-} 
-  window.onError=null;
-
-  var idx=0
-  var treeId = new Array();
-  var treeP_id = new Array();
-  var treeIsOn = new Array();
-  var treeTyp = new Array();
-  var treeName = new Array();
-  var treeUrl = new Array();
-  var treeWasOn = new Array();
-  var treeDeep = new Array();
-  var treeLastY = new Array();
-  var treeIsShown = new Array();
-  var treeSelectable = new Array();
-  var treeVisible = new Array();
-  var treeQueryable = new Array();
-  var treeQuerylayer = new Array();
-  var treeWMS = new Array();
-  var treeShortname = new Array();
-
-  function Note( id,p_id,name,url,selectable,visible,queryable,querylayer,wms,shortname) {
-    treeId[ idx ] = id
-    treeP_id[ idx ] = p_id
-    treeIsOn[ idx ] = false
-    treeTyp[ idx ] = 'f'
-    treeName[ idx ] = name
-    treeUrl[ idx ] = url 
-    treeWasOn[ idx ] = false
-    treeDeep[ idx ] = 0
-    treeLastY[ idx ] = 0
-    treeIsShown[ idx ] = false
-    treeSelectable[ idx ] = selectable
-    treeVisible[ idx ] = visible
-    treeQueryable[ idx ] = queryable
-    treeQuerylayer[ idx ] = querylayer
-    treeWMS[ idx ] = wms
-    treeShortname[ idx ] = shortname
-    idx++
-  }
-
-  function initDiv ( )
-  {
-    if ( isDOM || isDomIE )
-    {
-      divPrefix='<DIV CLASS="sitemap" style="position:absolute; left:0; top:0; visibility:hidden;" ID="sitemap'
-      divInfo='<DIV CLASS="sitemap" style="position:absolute; visibility:visible" ID="sitemap'
-    }
-    else
-    {
-      divPrefix='<DIV CLASS="sitemap" ID="sitemap'
-      divInfo='<DIV CLASS="sitemap" ID="sitemap'
-    }
-    //document.writeln( divInfo +  'info">Bitte haben Sie etwas Geduld.<BR>&nbsp;<BR>Es werden die Eintr&auml;ge aus<BR>&nbsp;<BR>der Datenbank initialisiert.</DIV> ' );
-    for ( var i=1; i<idx; i++ )
-    {
-      // linked Name ? 
- 
-      
-      if ( treeUrl[i] != '' ){
-      	if(treeVisible[i] != 1){ 
-        linkedName = '<a href="#" onclick="changevalue('+ i +')"><input type=hidden id="treeWMS['+i+']" value=0><img name="bild'+ i +'" id="test" border=0 src="'+images[1]+'" alt="'+images_text[1]+'"></A>';
-	}
-	else
-	{
-	linkedName = '<a href="#" onclick="changevalue('+ i +')"><input type=hidden id="treeWMS['+i+']" value=1><img name="bild'+ i +'" id="test" border=0  src="'+images[2]+'" alt="'+images_text[2]+'"></A>';
-	}
-
-        //linkedName += "<input id='"+treeWMS[i]+"###"+treeShortname[i]+"###visible' type='checkbox' ";
-         //if(treeVisible[i] == '1'){ linkedName += "checked ";}
-         //if(treeSelectable[i] != '1'){ linkedName += "disabled ";}
-        //linkedName += "onClick = 'if(this.checked){parent.handleSelectedLayer(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\",\""+treeShortname[i]+"\",\"visible\",1);parent.setSingleMapRequest(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\");}";
-        //linkedName += "else{parent.handleSelectedLayer(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\",\""+treeShortname[i]+"\",\"visible\",0);parent.setSingleMapRequest(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\");}'";
-        //linkedName += '>';
-        
-        
-        //no checkbox for the query
-        <?php
-            if(isset($_REQUEST["noquerycheckbox"])){
-	            $nocheck = $_REQUEST["noquerycheckbox"];
-            }
-            else{
-	            $nocheck = false;
-            }
-            echo "var noquerycheck  = ".$nocheck.";";
-         ?>
-        ///evudb/images/mapbender/button_gray/query_off.gif
-        ///evudb/images/mapbender/button_gray/query_on.gif
-        if (noquerycheck==false || noquerycheck==0){
-            if(treeQuerylayer[i] == '1' && treeVisible[i] == 1){
-            	//Info aktiv
-            	//alert('info aktiv');
-            	linkedName += '&nbsp;<a href="#" onclick="changeinfo('+ i +')"><input type=hidden id="'+treeWMS[i]+'###'+treeShortname[i]+'###querylayer" value=1><img name="query'+ i +'" id="query'+i+'" border=0  src="'+qimages[2]+'" alt="'+qimages_text[2]+'"></A>';
-            }
-            else
-            {
-            	//alert(treeQueryable[i] + ' ' + treeShortname[i]);
-            	if(treeQueryable[i] == '1')
-			{
-				//Info verfügbar
-				if (treeVisible[i] ==1)
-				{
-					// Info aktivierbar
-					linkedName += '&nbsp;<a href="#" onclick="changeinfo('+ i +')"><input type=hidden id="'+treeWMS[i]+'###'+treeShortname[i]+'###querylayer" value=0><img name="query'+ i +'" id="query'+i+'" border=0  src="'+qimages[1]+'" alt="'+qimages_text[1]+'"></A>';	
-				}
-				else
-				{
-					// Info nicht aktivierbar
-					linkedName += '&nbsp;<a href="#" onclick="changeinfo('+ i +')"><input type=hidden id="'+treeWMS[i]+'###'+treeShortname[i]+'###querylayer" value=0><img name="query'+ i +'" id="query'+i+'" border=0  src="'+qimages[3]+'" alt="'+qimages_text[3]+'"></A>';
-				}
-			}
-			else
-			{
-				//Info nicht verfügbar verfügbar --> kein Image
-					//linkedName += '&nbsp;<input type=hidden id="'+treeWMS[i]+'###'+treeShortname[i]+'###querylayer" value=-1><img name="query'+ i +'" id="query'+i+'" border=0  src="<?php echo $no_info;?>" alt="keine Informationen verfügbar">';	
-			}
-            }
-            //linkedName += "<input id='"+treeWMS[i]+"###"+treeShortname[i]+"###querylayer' type='checkbox' ";
-            //if(treeQuerylayer[i] == '1' && treeVisible[i] == 1){ linkedName += "checked ";}
-            //if(treeQueryable[i] != '1' || treeVisible[i] != 1){ linkedName += "disabled ";}
-            //linkedName += "onClick = 'if(this.checked){parent.handleSelectedLayer(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\",\""+treeShortname[i]+"\",\"querylayer\",1);}";
-            //linkedName += "else{parent.handleSelectedLayer(\""+mod_treeGDE_map+"\",\""+treeWMS[i]+"\",\""+treeShortname[i]+"\",\"querylayer\",0);}'";
-            //linkedName += '>';
-        }
-        
-       
-       //no legendlink for the layername
-       <?php
-            if(isset($_REQUEST["nolink"])){
-	            $nolegendlink = $_REQUEST["nolink"];
-            }
-            else{
-	            $nolegendlink = false;
-            }
-            echo "var nolink  = ".$nolegendlink.";";
-       ?>
-       
-      
-        //linkedName += '<A id="'+treeWMS[i]+'_'+treeShortname[i]+'"  HREF="' + treeUrl[i] + '" TARGET="' + defaultTarget + '"><IMG SRC="../img/tree/1w.gif" BORDER="0" WIDTH="3">' + treeName[i] + '</A>';
-        
-        linkedName += '<A id="'+treeWMS[i]+'_'+treeShortname[i];
-        if (nolink==0 || nolink==false){
-           linkedName += '"  HREF="' + treeUrl[i];
-        }
-        linkedName +='" TARGET="' + defaultTarget + '"><IMG SRC="../img/tree/1w.gif" BORDER="0" WIDTH="3">' + treeName[i] + '</A>';
-       
-       
-      }  
-      else
-        linkedName =  '<IMG SRC="../img/tree/1w.gif" BORDER="0" WIDTH="3">' + treeName[i]
-      // don't link folder icon if node has no sons
-      if ( i == idx-1 || treeP_id[i+1] != treeId[i] ) {
-        if ( treeDeep[ i ] == 0 )
-          folderImg = '<IMG ALIGN="BOTTOM" SRC="../img/tree/file_empty.gif" BORDER="0" HEIGHT="16" WIDTH="1" HSPACE="0">'
-        else
-          folderImg = ''
-      } else {
-        folderImg = '<A  HREF="javascript:sitemapClick(' + treeId[i] + ')"><IMG ALIGN="BOTTOM" SRC="<?php echo $img["folder_off"];?>" BORDER="0" NAME="folder' + treeId[i] + '" HEIGHT="16" WIDTH="30" HSPACE="0"></A>'
-      }
-      // which type of file icon should be displayed?
-      if ( treeP_id[i] != 0 )
-      {
-        if ( lastEntryInFolder( treeId[i] ) )
-          fileImg = '<IMG ALIGN="BOTTOM" SRC="../img/tree/file_last.gif" BORDER="0" NAME="file'
-            + treeId[i] + '" HEIGHT="16" WIDTH="30" HSPACE="0">'  
-        else    
-          fileImg = '<IMG ALIGN="BOTTOM" SRC="../img/tree/file.gif" BORDER="0" NAME="file'
-            + treeId[i] + '" HEIGHT="16" WIDTH="30" HSPACE="0">'  
-      }
-      else
-        fileImg = ''
-      // traverse parents up to root and show vertical lines if parent 
-      // is not the last entry on this layer
-      verticales = ''
-      for( var act_id=treeId[i] ; treeDeep[ id2treeIndex[ act_id ] ] > 1;  )
-      {  
-        act_id = treeP_id[ id2treeIndex[ act_id ]]
-        if ( lastEntryInFolder( act_id ) )
-        {
-          verticales = '<IMG ALIGN="BOTTOM" SRC="../img/tree/file_empty.gif" BORDER="0" HEIGHT="16" WIDTH="30" HSPACE="0">' + verticales
-        }
-        else
-        {
-          verticales = '<IMG ALIGN="BOTTOM" SRC="../img/tree/file_vert.gif" BORDER="0" HEIGHT="16" WIDTH="30" HSPACE="0">' + verticales
-        }
-      }
-
-      
-      document.writeln( divPrefix + treeId[i] + '"><NOBR>&nbsp;' + verticales + fileImg + folderImg + linkedName + '</NOBR></DIV>'
-      )  
-    }
-  }
-
-	var i = 1 ;
-	images = new Array;
-	qimages = new Array;
-	images_text = new Array;
-	qimages_text = new Array;
-	images[1] = '<?php echo $eye_off;?>';
-	images[2] = '<?php echo $eye_on;?>';
-	qimages[1] = '<?php echo $info_off;?>';
-	qimages[2] = '<?php echo $info_on;?>';
-	qimages[3] = '<?php echo $no_info;?>';
-	images_text[1] = 'klicken Sie hier um den Layer zu aktivieren';
-	images_text[2] = 'klicken Sie hier um den Layer zu deaktivieren';
-	qimages_text[1] = 'klicken Sie hier um die Informationen zu aktivieren';
-	qimages_text[2] = 'klicken Sie hier um die Informationen zu deaktivieren';
-	qimages_text[3] = 'Informationen momentan nicht verfügbar';
-	
-	function changevalue(id){
-		var info = document.getElementById('query'+ id) ;
-		var layer = document.getElementById('bild' + id) ;
-		var wert = document.getElementById('treeWMS['+id+']');
-		var query = document.getElementById(treeWMS[id]+'###'+treeShortname[id]+'###querylayer');
-		//alert(wert.value);
-		if(wert.value == 1){ //war sichtbar
-			// Layer war sichtbar --> deaktivieren
-			layer.src = images[1];
-			layer.alt = images_text[1];
-			//if(treeQuerylayer[id] == 1){
-			//Infobutton aendern, wenn Info abfragbar
-			if(treeQueryable[id] == '1')
-			{
-				info.src = qimages[3];
-				info.alt = qimages_text[3];
-				// Info deaktivieren
-				query.value = 0 ; // Ausschalten der Abfrage wenn nicht sichtbar
-				query.checked = false;
-				query.disabled = true;
-				parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'querylayer',0); // Info disabled
-			}
-			wert.value=0;
-			//alert(wert.value);
-			// Anzeige des Layers deaktivieren
-			parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'visible',0);
-			parent.setSingleMapRequest(mod_treeGDE_map,treeWMS[id]);
-			
-			
-			
-		}
-		else
-		{
-			// Layer war nicht sichtbar --> aktivieren
-			layer.src = images[2];
-			layer.alt = images_text[2]
-			wert.value=1;
-			//alert(wert.value);
-			// Anzeige des Layers aktivieren
-			parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'visible',1);
-			parent.setSingleMapRequest(mod_treeGDE_map,treeWMS[id]);
-			// evtl. Info aktivieren und Button aendern
-			if(treeQueryable[id] == '1')
-			{
-				if (treeQuerylayer[id] == 1)
-				{
-					//Info aktivieren
-					info.src = qimages[2];	
-					info.alt = qimages_text[2];
-					parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'querylayer',1);
-					query.value = 1;
-					query.disabled = false;
-				}
-				else
-				{
-					//Info aktivierbar
-					info.src = qimages[1];	
-					info.alt = qimages_text[1];
-					query.value = 0;
-					query.disabled = false;
-					
-				}
-			}
-		}
-	
-	}
-	
-	function changeinfo(id)
-	{
-		var info = document.getElementById('query'+ id) ;
-		var wert = document.getElementById('treeWMS['+id+']');
-		var query = document.getElementById(treeWMS[id]+'###'+treeShortname[id]+'###querylayer');
-			//"'+treeWMS[i]+'###'+treeShortname[i]+'###querylayer"
-			// alert(query.value);
-			//alert(layer.src == '../img/orangeball.gif');
-				//alert(wert.value);
-		if(query.value == 1)
-		{ //war sichtbar
-			// Info war aktiviert --> deaktivieren
-			info.src = qimages[1];
-			info.alt = qimages_text[1];
-			parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'querylayer',0);
-	                
-			query.value = 0 ; // Ausschalten der Abfrage wenn nicht sichtbar
-			//query.checked = false; //<--wozu?
-			query.disabled = true;
-		}
-		else
-		{
-			// Info war deaktiviert --> aktivieren
-			if(wert.value == 1)
-			{
-				info.src = qimages[2];
-				info.alt = qimages_text[2];
-				query.value=1;
-		
-				//alert(wert.value);
-				parent.handleSelectedLayer(mod_treeGDE_map,treeWMS[id],treeShortname[id],'querylayer',1);
-				//if(treeQuerylayer[id] == 1){	
-				//query.checked = false; //<--wozu?
-				query.disabled = false;
-				//}
-			}
-		}
-		
-	}
-  function initStyles ( )
-  {
-    document.writeln( '<STYLE TYPE="text/css">' + "\n" + '<!--' )
-    for ( var i=1,y=y0; i<idx; i++ )
-    {  
-      document.writeln( '#sitemap' + treeId[i] + ' {POSITION: absolute; VISIBILITY: hidden;}' )
-      if ( treeIsOn[ id2treeIndex[ treeP_id[i] ] ] )
-        y += deltaY
-    }
-    document.writeln( '#sitemapinfo {POSITION: absolute; VISIBILITY: visible;}' )
-    document.writeln( '//-->' + "\n" + '</STYLE>' )
-  }
-
-
-
-  function sitemapClick( id )
-  {
-    var i = id2treeIndex[ id ]
-
-    if ( treeIsOn[ i ] )
-    // close directory
-    {
-      // mark node as invisible
-      treeIsOn[ i ]=false
-      // mark all sons as invisible
-      actDeep = treeDeep[ i ]
-      for( var j=i+1; j<idx && treeDeep[j] > actDeep; j++ )
-      {
-        treeWasOn[ j ] = treeIsOn[ j ]
-        treeIsOn[ j ]=false
-      }
-      gif_off( id )
-    }
-    else
-    // open directory
-    { 
-      treeIsOn[ i ]=true
-      // remember and restore old status
-      actDeep = treeDeep[ i ]
-      for( var j=i+1; j<idx && treeDeep[j] > actDeep; j++ )
-      {
-        treeIsOn[ j ] = treeWasOn[ j ]
-      }
-      gif_on( id )
-    }
-    showTree()
-  }
-
-  function knotDeep( id )
-  {
-    var deep=0
-    while ( true )
-      if ( treeP_id[ id2treeIndex[id] ] == 0 )
-        return deep
-      else
-      {
-        ++deep
-        id = treeP_id[ id2treeIndex[id] ]
-      }
-    return deep  
-  }
-
-  function initTree( id )
-  {
-    treeIsOn[ id2treeIndex[id] ] = true
-    if ( treeTyp[ id2treeIndex[id] ] != 'b' )
-      gif_on( id ) 
-    while ( treeP_id[ id2treeIndex[id] ] != 0 )
-    {
-      id = treeP_id[ id2treeIndex[id] ]
-      treeIsOn[ id2treeIndex[id] ] = true
-      if ( treeTyp[ id2treeIndex[id] ] != 'b' )
-        gif_on( id ) 
-    }
-  }
-
-  function lastEntryInFolder( id )
-  {
-    var i = id2treeIndex[id]
-    if ( i == idx-1 )
-      return true
-    if ( treeTyp[i] == 'b' )
-    {
-      if ( treeP_id[i+1] != treeP_id[i] )
-        return true
-      else 
-        return false
-    }
-    else
-    {
-      var actDeep = treeDeep[i]
-      for( var j=i+1; j<idx && treeDeep[j] > actDeep ; j++ )
-      ;
-      if ( j<idx && treeDeep[j] == actDeep )
-        return false
-      else
-        return true
-    }
-  }
-
-  function showTree()
-  {
-    for( var i=1, y=y0, x=x0; i<idx; i++ )
-    {
-      if ( treeIsOn[ id2treeIndex[ treeP_id[i] ] ] )
-      {
-        // show current node
-        if ( !(y == treeLastY[i] && treeIsShown[i] ) )
-        {
-          showLayer( "sitemap"+ treeId[i] ) 
-          setyLayer( "sitemap"+ treeId[i], y )
-          treeIsShown[i] = true
-        } 
-        treeLastY[i] = y
-        y += deltaY
-      }
-      else
-      {
-        // hide current node and all sons
-        if ( treeIsShown[ i ] )
-        {
-          hideLayer( "sitemap"+ treeId[i] ) 
-          treeIsShown[i] = false
-        }
-      }
-    }
-  }
-
-  function initIndex() {
-    for( var i=0; i<idx; i++ )
-      id2treeIndex[ treeId[i] ] = i
-  }
-
-  function gif_name (name, width, height) {
-    this.on = new Image (width, height);
-    this.on.src = '<?echo $img["folder_on"];?>';
-    this.off = new Image (width, height);
-    this.off.src = '<?echo $img["folder_off"]?>';
-  }
-
-  function load_gif (name, width, height) {
-    gif_name [name] = new gif_name (name,width,height);
-  }
-
-  function load_all () {
-    load_gif ('folder',30,16)
-    file_last = new Image( 30,16 )
-    file_last.src = "../img/tree/file_last.gif"
-    file_middle = new Image( 30,16 )
-    file_middle.src = "../img/tree/file.gif"
-    file_vert = new Image( 30,16 )
-    file_vert.src = "../img/tree/file_vert.gif"
-    file_empty = new Image( 30,16 )
-    file_empty = "../img/tree/file_empty.gif"
-  }
-
-  function gif_on ( id ) {
-    eval("document['folder" + id + "'].src = gif_name['folder'].on.src")
-  }
-
-  function gif_off ( id ) {
-    eval("document['folder" + id + "'].src = gif_name['folder'].off.src")
-  }
- 
-  // global configuration
-  var deltaX = 30
-  var deltaY = 16
-  var x0 = 5
-  var y0 = 5
-  var defaultTarget = 'examplemain'
-
-  var browserName = navigator.appName;
-  var browserVersion = parseInt(navigator.appVersion);
-  var isIE = false;
-  var isNN = false;
-  var isDOM = false;
-  var isDomIE = false;
-  var isDomNN = false;
-  var layerok = false;
-
-  var isIE = browserName.indexOf("Microsoft Internet Explorer" )==-1?false:true;
-  var isNN = browserName.indexOf("Netscape")==-1?false:true;
-  var isOpera = browserName.indexOf("Opera")==-1?false:true;
-  var isDOM = document.getElementById?true:false;
-  var isDomNN = document.layers?true:false;
-  var isDomIE = document.all?true:false;
-
-  if ( isNN && browserVersion>=4 ) layerok=true;
-  if ( isIE && browserVersion>=4 ) layerok=true;
-  if ( isOpera && browserVersion>=5 ) layerok=true;
-
-    
-  function hideLayer(layerName) {
-    if (isDOM)
-      document.getElementById(layerName).style.visibility="hidden"
-    else if (isDomIE)
-      document.all[layerName].style.visibility="hidden";
-    else if (isDomNN) 
-      document.layers[layerName].visibility="hidden";
-  }
-
-  function showLayer(layerName) {
-    if (isDOM)
-      document.getElementById(layerName).style.visibility="visible"
-    else if (isDomIE)
-      document.all[layerName].style.visibility="visible";
-    else if (isDomNN)
-      document.layers[layerName].visibility="visible";
-  }
-
-  function setyLayer(layerName, y) {
-    if (isDOM)
-      document.getElementById(layerName).style.top=y
-    else if (isDomIE)
-      document.all[layerName].style.top=y;
-    else if (isDomNN)
-      document.layers[layerName].top=y;
-  }
-
-  var id2treeIndex = new Array()
-
-  // the structure is easy to understand with a simple example
-  // p_id is the id of the parent
-  // E0                                      ( id=0,p_id=-1 )
-  //          E11                            ( id=1,p_id=0)
-  //                     E111                ( id=2,p_id=1 )
-  //                     E112                ( id=3,p_id=1 )
-  //          E12                            ( id=4,p_id=0 )
-  //                     E121                ( id=5,p_id=4 ) 
-  //          E13                            ( id=6,p_id=0 ) 
-  //                     E131                ( id=7,p_id=6 ) 
-  //                                 E1311   ( id=8,p_id=7 ) 
-  //                     E132                ( id=9,p_id=6 ) 
-  // this is a multinary tree structure which is easy to
-  // populate with database data :)
-function initArray(){
-	var parentObj = 0;
-	if(parent.mb_mapObj.length == 0){ window.setTimeout("initArray()",100); }    
-	else if(parent.mb_mapObj.length > 0){
-		Note(0,-1,'','');
-		for(var i=0; i<parent.mb_mapObj.length; i++){
-			if(parent.mb_mapObj[i].frameName == mod_treeGDE_map){ 
-				for(var ii=0; ii<parent.mb_mapObj[i].wms.length; ii++){
-					if(parent.mb_mapObj[i].wms[ii].gui_wms_visible == '1'){
-						for(var iii=0; iii<parent.mb_mapObj[i].wms[ii].objLayer.length; iii++){          
-							var temp = parent.mb_mapObj[i].wms[ii].objLayer[iii];     
-							if(parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_parent == ""){                    
-								//alert((parseInt(temp.layer_id)+1) + " , " +0 + " , " +temp.layer_title + " , " +'');
-								Note((parseInt(temp.layer_id)+1),0,temp.layer_title,'','','','','');
-								parentObj = temp.layer_id+1;                  
-							}
-							if(parent.mb_mapObj[i].wms[ii].objLayer[iii].layer_parent == "0"){
-								
-								if(temp.gui_layer_selectable == '1' || temp.gui_layer_queryable == '1'){
-								
-									Note((parseInt(temp.layer_id)+1),parentObj,temp.layer_title,'../metadata/metadata.php?wms_id='+parseInt(parent.mb_mapObj[i].wms[ii].wms_id)+'&gui_layer_wms_id='+temp.gui_layer_wms_id+'&layer_name='+temp.layer_name,temp.gui_layer_selectable,temp.gui_layer_visible,temp.gui_layer_queryable,temp.gui_layer_querylayer,parent.mb_mapObj[i].wms[ii].wms_title,temp.layer_name);
-								      //Note((parseInt(temp.layer_id)+1),parentObj,temp.layer_title,'dasdf',temp.gui_layer_selectable,temp.gui_layer_visible,temp.gui_layer_queryable,temp.gui_layer_querylayer,parent.mb_mapObj[i].wms[ii].wms_title,temp.layer_name);
-								}
-							}
-						}
-					}
-				}
-			}
-		}
-		//Note(22,1,'willi','adfasd');
-		treeTyp[0] = 'f'
-		treeIsOn[0] = true
-		treeWasOn[0] = true
-	}       
-} 
-  function initArray_()
-  {
-    Note(0,-1,'','')	  
-    Note(1,0,'Tutorials','')	  	  
-    Note(8,1,'HTML','')
-    Note(10,8,'SelfHtml','http://www.teamone.de/selfaktuell/') 
-	  Note(9,1,'willi','')
-    Note(100,9,'SelfHtml','http://www.teamone.de/selfaktuell/')       
-	  Note(3,1,'JavaScript','')
-    Note(4,3, 'Netscape Guide 1.3','http://developer.netscape.com/docs/manuals/js/client/jsguide/index.htm')
-    Note(7,3, 'Introduction to Javascript','http://rummelplatz.uni-mannheim.de/~skoch/js/script.htm')	  
-    Note(12,1, 'Perl','')
-    Note(14,12, 'Perl Tutorial','http://www.awu.id.ethz.ch/~didi/perl/perl_start.html')
-    Note(13,1,'SQL','')
-    Note(15,13, 'Introduction to SQL','http://w3.one.net/~jhoffman/sqltut.htm')
-	  Note(111,1, 'Introduction to SQL','http://w3.one.net/~jhoffman/sqltut.htm')
-    Note(2,0, 'Reference Manuals','')
-    Note(11,2, 'HTML Version 3.2 Referenz','http://www.cls-online.de/htmlref/index.htm')
-    Note(6,2,'Netscape Reference 1.3','http://developer.netscape.com/docs/manuals/js/client/jsref/index.htm')
-    Note(17,2,'PHP Manual','http://www.php.net/manual/html/')	  
-    treeTyp[0] = 'f'
-    treeIsOn[0] = true
-    treeWasOn[0] = true
-  }
-
-  var idx=0
-  initArray()
-  initIndex()
-  load_all()
-  for( i=1; i<idx; i++ )
-  {
-    treeDeep[i] = knotDeep( treeId[i] )
-    if ( treeDeep[i] == 0 )
-      treeIsShown[i] = true
-  }
-  if ( isDomNN )
-    initStyles();
-  //-->  
-  </SCRIPT>
-</HEAD>
-<BODY VLINK="#000000" ALINK="#000000" LINK="#000000" BGCOLOR="#ffffff" TEXT="#000000"
- onLoad="if (layerok) showTree();mod_treeGDE();"
- MARGINHEIGHT="0" MARGINWIDTH="0" LEFTMARGIN="0" TOPMARGIN="0">
-<SCRIPT language="JavaScript1.2">
-<!--
-  initDiv()
-  //hideLayer("sitemapinfo")
-//-->
-</SCRIPT>
-</BODY>
-</HTML>

Modified: branches/2.4.5/http/javascripts/map.php
===================================================================
--- tags/2.4.4/http/javascripts/map.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/javascripts/map.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -41,8 +41,11 @@
 $con = db_connect($DBSERVER,$OWNER,$PW);
 db_select_db(DB,$con);
 
-$mb_sql = "SELECT DISTINCT e_js_file, e_id, e_src, e_target, e_pos FROM gui_element WHERE e_public = 1 AND fkey_gui_id = '".$_REQUEST["gui_id"]."' ORDER BY e_pos";
-$mb_res = db_query($mb_sql);
+$mb_sql = "SELECT DISTINCT e_js_file, e_id, e_src, e_target, e_pos ";
+$mb_sql .= "FROM gui_element WHERE e_public = 1 AND fkey_gui_id = $1 ORDER BY e_pos";
+$v = array($_REQUEST["gui_id"]);
+$t = array("s");
+$mb_res = db_prep_query($mb_sql, $v, $t);
 //$mb_cnt = 0;
 while($row_js = db_fetch_array($mb_res)){
 	if($row_js["e_js_file"] != ""){

Modified: branches/2.4.5/http/javascripts/mod_addWMSfromList.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_addWMSfromList.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/javascripts/mod_addWMSfromList.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -1,5 +1,5 @@
 <?php
-# $Id: mod_addWMSfromList.php 76 2006-08-15 12:25:34Z heuser $
+# $Id$
 # http://www.mapbender.org/index.php/mod_addWMSfromList.php
 # Copyright (C) 2002 CCGIS 
 #
@@ -110,14 +110,18 @@
 $arrayGuis=mb_getGUIs($logged_user_id);
 
 $sql_gui = "SELECT * FROM gui WHERE gui_id IN (";
-
-for($i=0; $i<count($arrayGuis); $i++){
-	if($i>0){ $sql_gui .= ",";}
-	$sql_gui .= "'".$arrayGuis[$i]."'";
+$v = $arrayGuis;
+$t = array();
+for ($i = 1; $i <= count($arrayGuis); $i++){
+	if ($i > 1) { 
+		$sql_gui .= ",";
+	}
+	$sql_gui .= "$" . $i;
+	array_push($t, "s");
 }
 $sql_gui.= ") ORDER BY gui_name";
 
-$res_gui = db_query($sql_gui);
+$res_gui = db_prep_query($sql_gui, $v, $t);
 while($row = db_fetch_array($res_gui)){
 	$gui_id[$cnt_gui] = $row["gui_id"];
 	$gui_name[$cnt_gui] = $row["gui_name"];
@@ -127,14 +131,18 @@
 
 /*get allocated wms from allocated gui  ********************************************************************************************/								 
 $sql_gui_wms = "SELECT DISTINCT fkey_wms_id FROM gui_wms WHERE fkey_gui_id IN (";
-
-for($i=0; $i<count($arrayGuis); $i++){
-	if($i>0){ $sql_gui_wms .= ",";}
-	$sql_gui_wms .= "'".$arrayGuis[$i]."'";
+$v = $arrayGuis;
+$t = array();
+for ($i = 1; $i <= count($arrayGuis); $i++){
+	if ($i > 1) { 
+		$sql_gui_wms .= ",";
+	}
+	$sql_gui_wms .= "$".$i;
+	array_push($t, "s");
 }
 $sql_gui_wms.= ") ORDER BY fkey_wms_id";
 
-$res_gui_wms = db_query($sql_gui_wms);
+$res_gui_wms = db_prep_query($sql_gui_wms, $v, $t);
 while($row = db_fetch_array($res_gui_wms)){
 	$fkey_gui_id[$cnt_gui_wms] = $row["fkey_gui_id"];
 	$fkey_wms_id[$cnt_gui_wms] = $row["fkey_wms_id"];
@@ -144,15 +152,19 @@
 
 /*get allocated wms-Abstract and wms-Capabilities from allocated gui  ********************************************************************************************/								 
 $sql_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities,wms_version FROM wms WHERE wms_id IN (";
-
-for($i=0; $i<count($fkey_wms_id); $i++){
-	if($i>0){ $sql_wms .= ",";}
-	$sql_wms .= "'".$fkey_wms_id[$i]."'";
+$v = $fkey_wms_id;
+$t = array();
+for ($i = 1; $i <= count($fkey_wms_id); $i++){
+	if ($i > 1) { 
+		$sql_wms .= ",";
+	}
+	$sql_wms .= "$" . $i;
+	array_push($t, "s");
 }
 #$sql_wms.= ") ORDER BY wms_id";
 $sql_wms.= ") ORDER BY wms_title";
 
-$res_wms = db_query($sql_wms);
+$res_wms = db_prep_query($sql_wms, $v, $t);
 while($row = db_fetch_array($res_wms)){
 	$wms_title[$cnt_wms] = $row["wms_title"];
 	$wms_abstract[$cnt_wms] = $row["wms_abstract"];

Modified: branches/2.4.5/http/javascripts/mod_addWMSfromfilteredList.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_addWMSfromfilteredList.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/javascripts/mod_addWMSfromfilteredList.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -247,14 +247,20 @@
 
 $arrayGuis=mb_getGUIs($logged_user_id);
 $sql_gui = "SELECT * FROM gui WHERE gui_id IN (";
+$v = $arrayGuis;
+$t = array();
 
-for($i=0; $i<count($arrayGuis); $i++){
-	if($i>0){ $sql_gui .= ",";}
-	$sql_gui .= "'".$arrayGuis[$i]."'";
+for ($i = 1; $i <= count($arrayGuis); $i++){
+	if ($i > 1) { 
+		$sql_gui .= ",";
+	}
+	$sql_gui .= "$" . $i;
+	array_push($t, "s");
 }
 $sql_gui.= ") ORDER BY gui_name";
 
-$res_gui = db_query($sql_gui);
+
+$res_gui = db_prep_query($sql_gui, $v, $t);
 				while($row = db_fetch_array($res_gui)){
 					$gui_id[$cnt_gui] = $row["gui_id"];
 					$gui_name[$cnt_gui] = $row["gui_name"];
@@ -266,14 +272,18 @@
 				 
 /*get allocated wms from allocated gui  ********************************************************************************************/								 
 $sql_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id IN (";
-
-for($i=0; $i<count($arrayGuis); $i++){
-	if($i>0){ $sql_gui_wms .= ",";}
-	$sql_gui_wms .= "'".$arrayGuis[$i]."'";
+$v = $arrayGuis;
+$t = array();
+for ($i = 1; $i <= count($arrayGuis); $i++){
+	if ($i > 1) { 
+		$sql_gui_wms .= ",";
+	}
+	$sql_gui_wms .= "$".$i;
+	array_push($t, "s");
 }
 $sql_gui_wms.= ") ORDER BY fkey_wms_id";
 
-$res_gui_wms = db_query($sql_gui_wms);
+$res_gui_wms = db_prep_query($sql_gui_wms, $v, $t);
 while($row = db_fetch_array($res_gui_wms)){
 				$fkey_gui_id[$cnt_gui_wms] = $row["fkey_gui_id"];
 	$fkey_wms_id[$cnt_gui_wms] = $row["fkey_wms_id"];
@@ -283,14 +293,18 @@
 
 /*get allocated wms-Abstract and wms-Capabilities from allocated gui  ********************************************************************************************/								 
 $sql_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_version FROM wms WHERE wms_id IN (";
-
-for($i=0; $i<count($fkey_wms_id); $i++){
-	if($i>0){ $sql_wms .= ",";}
-	$sql_wms .= "'".$fkey_wms_id[$i]."'";
+$v = $fkey_wms_id;
+$t = array();
+for ($i = 1; $i <= count($fkey_wms_id); $i++){
+	if ($i > 1) { 
+		$sql_wms .= ",";
+	}
+	$sql_wms .= "$".$i;
+	array_push($t, "s");
 }
 $sql_wms.= ") ORDER BY wms_title";
 
-$res_wms = db_query($sql_wms);
+$res_wms = db_prep_query($sql_wms, $v, $t);
 				while($row = db_fetch_array($res_wms)){
 					$wms_title[$cnt_wms] = $row["wms_title"];
 					$wms_abstract[$cnt_wms] = $row["wms_abstract"];
@@ -324,8 +338,10 @@
 #if (isset($show_group_wms))
 if (!empty($show_group_wms)){
 	/*get gui goup   ********************************************************************************************/
-	$sql_gui_mb_group = "SELECT fkey_gui_id, fkey_mb_group_id FROM gui_mb_group WHERE fkey_mb_group_id='".$show_group_wms."'";
-	$res_gui_mb_group = db_query($sql_gui_mb_group);
+	$sql_gui_mb_group = "SELECT fkey_gui_id, fkey_mb_group_id FROM gui_mb_group WHERE fkey_mb_group_id=$1";
+	$v = array($show_group_wms);
+	$t = array("s");
+	$res_gui_mb_group = db_prep_query($sql_gui_mb_group, $v, $t);
 
 				while($row = db_fetch_array($res_gui_mb_group)){
 					$group_gui_id[$cnt_gui_mb_group] = $row["fkey_gui_id"];
@@ -339,13 +355,18 @@
 	/*get group gui WMS  ********************************************************************************************/
 	if(count($group_gui_id)>0)	{								 
 		$sql_fkey_group_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id IN (";
-		for($i=0; $i<count($group_gui_id); $i++){
-			if($i>0){ $sql_fkey_group_gui_wms .= ",";}
-			$sql_fkey_group_gui_wms .= "'".$group_gui_id[$i]."'";
+		$v = $group_gui_id;
+		$t = array();
+		for ($i = 1; $i <= count($group_gui_id); $i++){
+			if ($i > 1) { 
+				$sql_fkey_group_gui_wms .= ",";
+			}
+			$sql_fkey_group_gui_wms .= "$".$i;
+			array_push($t, "s");
 		}
 		$sql_fkey_group_gui_wms.=  ") ORDER BY fkey_wms_id";
 		
-		$res_fkey_group_gui_wms = db_query($sql_fkey_group_gui_wms);
+		$res_fkey_group_gui_wms = db_prep_query($sql_fkey_group_gui_wms, $v, $t);
 		while($row = db_fetch_array($res_fkey_group_gui_wms)){
 			$fkey_group_gui_gui_id[$cnt_fkey_group_gui_wms] = $row["fkey_gui_id"];
 			$fkey_group_gui_wms_id[$cnt_fkey_group_gui_wms] = $row["fkey_wms_id"];
@@ -358,14 +379,18 @@
 		/*group: get allocated wms-Abstract and wms-Capabilities from allocated gui  ********************************************************************************************/								 
 		if(count($fkey_group_gui_wms_id)>0){
 			$sql_group_gui_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_version FROM wms WHERE wms_id IN (";
-		  
-			for($i=0; $i<count($fkey_group_gui_wms_id); $i++){
-				if($i>0){ $sql_group_gui_wms .= ",";}
-				$sql_group_gui_wms .= "'".$fkey_group_gui_wms_id[$i]."'";
+			$v = $fkey_group_gui_wms_id;
+			$t = array();
+			for ($i = 1; $i <= count($fkey_group_gui_wms_id); $i++){
+				if ($i > 1) { 
+					$sql_group_gui_wms .= ",";
+				}
+				$sql_group_gui_wms .= "$".$i;
+				array_push($t, "s");
 			}
 			$sql_group_gui_wms.= ") ORDER BY wms_title";
 		  
-			$res_group_gui_wms = db_query($sql_group_gui_wms);
+			$res_group_gui_wms = db_prep_query($sql_group_gui_wms, $v, $t);
 			while($row = db_fetch_array($res_group_gui_wms)){
 				$group_wms_title[$cnt_group_gui_wms] = $row["wms_title"];
 				$group_wms_abstract[$cnt_group_gui_wms] = $row["wms_abstract"];
@@ -383,8 +408,10 @@
 	#if ($show_group_wms > 0)
 	if ($cnt_group_gui_wms > 0){
 		/*get goup name for showing in the table ********************************************************************************************/								 
-		$sql_group_name = "SELECT mb_group_id, mb_group_name FROM mb_group WHERE mb_group_id ='".$show_group_wms."'";   
-		$res_group_name = db_query($sql_group_name);
+		$sql_group_name = "SELECT mb_group_id, mb_group_name FROM mb_group WHERE mb_group_id = $1";   
+		$v = array($show_group_wms);
+		$t = array("s");
+		$res_group_name = db_prep_query($sql_group_name, $v, $t);
 		while($row = db_fetch_array($res_group_name)){
 			$group_name_table[$cnt_group_name] = $row["mb_group_name"];
 			$my_group_id_table[$cnt_group_name] = $row["mb_group_id"];
@@ -426,10 +453,12 @@
 /*show gui wms  ********************************************************************************************/
 if (!empty($show_gui_wms)){
 	/*get group gui WMS  ********************************************************************************************/								 
-	$sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id ='".$show_gui_wms."'";
+	$sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id = $1";
+	$v = array($show_gui_wms);
+	$t = array("s");
 	#$sql_fkey_show_gui_wms.= ") ORDER BY fkey_wms_id";
 
-	$res_fkey_show_gui_wms = db_query($sql_fkey_show_gui_wms);
+	$res_fkey_show_gui_wms = db_prep_query($sql_fkey_show_gui_wms, $v, $t);
 	while($row = db_fetch_array($res_fkey_show_gui_wms)){
 		$fkey_show_gui_gui_id[$cnt_fkey_show_gui_wms] = $row["fkey_gui_id"];
 		$fkey_show_gui_wms_id[$cnt_fkey_show_gui_wms] = $row["fkey_wms_id"];
@@ -441,14 +470,18 @@
 	/*gui: get allocated wms-Abstract and wms-Capabilities from allocated gui  ********************************************************************************************/								 
 	if(count($fkey_show_gui_wms_id)>0){
 		$sql_show_gui_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_id, wms_version FROM wms WHERE wms_id IN (";
-
-		for($i=0; $i<count($fkey_show_gui_wms_id); $i++){
-			if($i>0){ $sql_show_gui_wms .= ",";}
-			$sql_show_gui_wms .= "'".$fkey_show_gui_wms_id[$i]."'";
+		$v = $fkey_show_gui_wms_id;
+		$t = array();
+		for ($i = 1; $i <= count($fkey_show_gui_wms_id); $i++){
+			if ($i > 1) { 
+				$sql_show_gui_wms .= ",";
+			}
+			$sql_show_gui_wms .= "$".$i;
+			array_push($t, "s");
 		}
 		$sql_show_gui_wms.= ") ORDER BY wms_title";
 
-		$res_show_gui_wms = db_query($sql_show_gui_wms);
+		$res_show_gui_wms = db_prep_query($sql_show_gui_wms, $v, $t);
 		while($row = db_fetch_array($res_show_gui_wms)){
 			$gui_wms_id[$cnt_show_gui_wms] = $row["wms_id"];
 			$gui_wms_title[$cnt_show_gui_wms] = $row["wms_title"];
@@ -466,8 +499,10 @@
 
 	if ($cnt_show_gui_wms > 0){
 	/*get selected gui name for table caption ********************************************************************************************/  
-	$sql_gui_table = "SELECT * FROM gui WHERE gui_id ='".$show_gui_wms."'";       
-	$res_gui_table = db_query($sql_gui_table);
+	$sql_gui_table = "SELECT * FROM gui WHERE gui_id = $1";       
+	$v = array($show_gui_wms);
+	$t = array("s");
+	$res_gui_table = db_prep_query($sql_gui_table, $v, $t);
 		while($row = db_fetch_array($res_gui_table)){
 			$gui_id_table[$cnt_gui_table] = $row["gui_id"];
 			$gui_name_table[$cnt_gui_table] = $row["gui_name"];							
@@ -513,10 +548,11 @@
 /*show gui wms  ********************************************************************************************/
 if (!empty($show_gui_configured_wms)){
 	/*get group gui WMS  ********************************************************************************************/								 
-	$sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id ='".$show_gui_configured_wms."'";
+	$sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id = $1";
 	#$sql_fkey_show_gui_wms.= ") ORDER BY fkey_wms_id";
-
-	$res_fkey_show_gui_wms = db_query($sql_fkey_show_gui_wms);
+	$v = array($show_gui_configured_wms);
+	$t = array("s");
+	$res_fkey_show_gui_wms = db_prep_query($sql_fkey_show_gui_wms, $v, $t);
 	while($row = db_fetch_array($res_fkey_show_gui_wms)){
 		$fkey_show_gui_gui_id[$cnt_fkey_show_gui_wms] = $row["fkey_gui_id"];
 		$fkey_show_gui_wms_id[$cnt_fkey_show_gui_wms] = $row["fkey_wms_id"];
@@ -528,14 +564,18 @@
 	/*gui: get allocated wms-Abstract and wms-Capabilities from allocated gui  ********************************************************************************************/								 
 	if(count($fkey_show_gui_wms_id)>0){
 		$sql_show_gui_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_id, wms_version FROM wms WHERE wms_id IN (";
-
-		for($i=0; $i<count($fkey_show_gui_wms_id); $i++){
-			if($i>0){ $sql_show_gui_wms .= ",";}
-			$sql_show_gui_wms .= "'".$fkey_show_gui_wms_id[$i]."'";
+		$v = $fkey_show_gui_wms_id;
+		$t = array();
+		for ($i = 1; $i <= count($fkey_show_gui_wms_id); $i++){
+			if ($i > 1) { 
+				$sql_show_gui_wms .= ",";
+			}
+			$sql_show_gui_wms .= "$".$i;
+			array_push($t, "s");
 		}
 		$sql_show_gui_wms.= ") ORDER BY wms_title";
 
-		$res_show_gui_wms = db_query($sql_show_gui_wms);
+		$res_show_gui_wms = db_prep_query($sql_show_gui_wms, $v, $t);
 		while($row = db_fetch_array($res_show_gui_wms)){
 			$gui_wms_id[$cnt_show_gui_wms] = $row["wms_id"];
 			$gui_wms_title[$cnt_show_gui_wms] = $row["wms_title"];
@@ -553,8 +593,10 @@
 
 	if ($cnt_show_gui_wms > 0){
 	/*get selected gui name for table caption ********************************************************************************************/  
-	$sql_gui_table = "SELECT * FROM gui WHERE gui_id ='".$show_gui_configured_wms."'";       
-	$res_gui_table = db_query($sql_gui_table);
+	$sql_gui_table = "SELECT * FROM gui WHERE gui_id = $1";
+	$v = array($show_gui_configured_wms);
+	$t = array("s");       
+	$res_gui_table = db_prep_query($sql_gui_table, $v, $t);
 		while($row = db_fetch_array($res_gui_table)){
 			$gui_id_table[$cnt_gui_table] = $row["gui_id"];
 			$gui_name_table[$cnt_gui_table] = $row["gui_name"];							

Modified: branches/2.4.5/http/javascripts/mod_addWMSfromfilteredListDB.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_addWMSfromfilteredListDB.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/javascripts/mod_addWMSfromfilteredListDB.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -1,5 +1,5 @@
 <?php
-# $Id: mod_addWMSfromfilteredList.php 1274 2007-04-25 07:01:08Z christoph $
+# $Id$
 # http://www.mapbender.org/index.php/mod_addWMSfromfilteredList.php
 # Copyright (C) 2002 CCGIS 
 #
@@ -101,14 +101,18 @@
 
 $arrayGuis=mb_getGUIs($logged_user_id);
 $sql_gui = "SELECT * FROM gui WHERE gui_id IN (";
-
-for($i=0; $i<count($arrayGuis); $i++){
-	if($i>0){ $sql_gui .= ",";}
-	$sql_gui .= "'".$arrayGuis[$i]."'";
+$v = $arrayGuis;
+$t = array();
+for ($i = 1; $i <= count($arrayGuis); $i++){
+	if ($i > 1) { 
+		$sql_gui .= ",";
+	}
+	$sql_gui .= "$" . $i;
+	array_push($t, "s");
 }
 $sql_gui.= ") ORDER BY gui_name";
 
-$res_gui = db_query($sql_gui);
+$res_gui = db_prep_query($sql_gui, $v, $t);
 				while($row = db_fetch_array($res_gui)){
 					$gui_id[$cnt_gui] = $row["gui_id"];
 					$gui_name[$cnt_gui] = $row["gui_name"];
@@ -120,14 +124,18 @@
 				 
 /*get allocated wms from allocated gui  ********************************************************************************************/								 
 $sql_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id IN (";
-
-for($i=0; $i<count($arrayGuis); $i++){
-	if($i>0){ $sql_gui_wms .= ",";}
-	$sql_gui_wms .= "'".$arrayGuis[$i]."'";
+$v = $arrayGuis;
+$t = array();
+for ($i = 1; $i <= count($arrayGuis); $i++) {
+	if ($i > 1) { 
+		$sql_gui_wms .= ",";
+	}
+	$sql_gui_wms .= "$".$i;
+	array_push($t, "s");
 }
 $sql_gui_wms.= ") ORDER BY fkey_wms_id";
 
-$res_gui_wms = db_query($sql_gui_wms);
+$res_gui_wms = db_prep_query($sql_gui_wms, $v, $t);
 while($row = db_fetch_array($res_gui_wms)){
 				$fkey_gui_id[$cnt_gui_wms] = $row["fkey_gui_id"];
 	$fkey_wms_id[$cnt_gui_wms] = $row["fkey_wms_id"];
@@ -137,14 +145,18 @@
 
 /*get allocated wms-Abstract and wms-Capabilities from allocated gui  ********************************************************************************************/								 
 $sql_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_version FROM wms WHERE wms_id IN (";
-
-for($i=0; $i<count($fkey_wms_id); $i++){
-	if($i>0){ $sql_wms .= ",";}
-	$sql_wms .= "'".$fkey_wms_id[$i]."'";
+$v = $fkey_wms_id;
+$t = array();
+for ($i = 1; $i <= count($fkey_wms_id); $i++){
+	if ($i > 1) { 
+		$sql_wms .= ",";
+	}
+	$sql_wms .= "$" . $i;
+	array_push($t, "s");
 }
 $sql_wms.= ") ORDER BY wms_title";
 
-$res_wms = db_query($sql_wms);
+$res_wms = db_prep_query($sql_wms, $v, $t);
 				while($row = db_fetch_array($res_wms)){
 					$wms_title[$cnt_wms] = $row["wms_title"];
 					$wms_abstract[$cnt_wms] = $row["wms_abstract"];
@@ -181,10 +193,12 @@
 	echo "<input type='button' class='wms_button' name='wms2' value='" . $selectOtherGuiText . "' onclick = 'mod_show_gui()'></td>";
 
 	/*get group gui WMS  ********************************************************************************************/								 
-	$sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id ='".$wms_show."'";
+	$sql_fkey_show_gui_wms = "SELECT DISTINCT fkey_wms_id, fkey_gui_id FROM gui_wms WHERE fkey_gui_id = $1";
 	#$sql_fkey_show_gui_wms.= ") ORDER BY fkey_wms_id";
 
-	$res_fkey_show_gui_wms = db_query($sql_fkey_show_gui_wms);
+	$v = array($wms_show);
+	$t = array("s");
+	$res_fkey_show_gui_wms = db_prep_query($sql_fkey_show_gui_wms, $v, $t);
 	while($row = db_fetch_array($res_fkey_show_gui_wms)){
 		$fkey_show_gui_gui_id[$cnt_fkey_show_gui_wms] = $row["fkey_gui_id"];
 		$fkey_show_gui_wms_id[$cnt_fkey_show_gui_wms] = $row["fkey_wms_id"];
@@ -196,14 +210,18 @@
 	/*gui: get allocated wms-Abstract and wms-Capabilities from allocated gui  ********************************************************************************************/								 
 	if(count($fkey_show_gui_wms_id)>0){
 		$sql_show_gui_wms = "SELECT DISTINCT wms_title, wms_abstract, wms_getcapabilities, wms_id, wms_version FROM wms WHERE wms_id IN (";
-
-		for($i=0; $i<count($fkey_show_gui_wms_id); $i++){
-			if($i>0){ $sql_show_gui_wms .= ",";}
-			$sql_show_gui_wms .= "'".$fkey_show_gui_wms_id[$i]."'";
+		$v = $fkey_show_gui_wms_id;
+		$t = array();
+		for ($i = 1; $i <= count($fkey_show_gui_wms_id); $i++){
+			if ($i > 1) { 
+				$sql_show_gui_wms .= ",";
+			}
+			$sql_show_gui_wms .= "$".$i;
+			array_push($t, "s");
 		}
 		$sql_show_gui_wms.= ") ORDER BY wms_title";
 
-		$res_show_gui_wms = db_query($sql_show_gui_wms);
+		$res_show_gui_wms = db_prep_query($sql_show_gui_wms, $v, $t);
 		while($row = db_fetch_array($res_show_gui_wms)){
 			$gui_wms_id[$cnt_show_gui_wms] = $row["wms_id"];
 			$gui_wms_title[$cnt_show_gui_wms] = $row["wms_title"];
@@ -221,8 +239,10 @@
 
 	if ($cnt_show_gui_wms > 0){
 	/*get selected gui name for table caption ********************************************************************************************/  
-	$sql_gui_table = "SELECT * FROM gui WHERE gui_id ='".$wms_show."'";       
-	$res_gui_table = db_query($sql_gui_table);
+	$sql_gui_table = "SELECT * FROM gui WHERE gui_id = $1";
+	$v = array($wms_show);
+	$t = array("s");       
+	$res_gui_table = db_prep_query($sql_gui_table, $v, $t);
 		while($row = db_fetch_array($res_gui_table)){
 			$gui_id_table[$cnt_gui_table] = $row["gui_id"];
 			$gui_name_table[$cnt_gui_table] = $row["gui_name"];							

Modified: branches/2.4.5/http/javascripts/mod_digitize_tab.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_digitize_tab.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/javascripts/mod_digitize_tab.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -641,43 +641,74 @@
 	smP += "<div class='t_img'>";
 	smP += "<img src='"+parent.mb_trans.src+"' width='0' height='"+mod_digitize_height+"'></div>";
 
-	for(var i=0; i<d.count(); i++){
-		if (!nonTransactionalEditable && !isTransactional(d.get(i))) {
-			nonTransactionalHighlight.add(d.get(i), nonTransactionalColor);
+	if (!nonTransactionalEditable) {
+		nonTransactionalHighlight.clean();
+	}
+	var smPArray = [];
+	smPArray[smPArray.length] = "<div class='t_img'>"
+			+ "<img src='"+parent.mb_trans.src+"' width='"+mod_digitize_width+"' height='0'></div>"
+			+ "<div class='t_img'>"
+			+ "<img src='"+parent.mb_trans.src+"' width='0' height='"+mod_digitize_height+"'></div>";
+	
+	var mapObj = parent.mb_mapObj[parent.getMapObjIndexByName(mod_digitize_target)];
+	var width = mapObj.width;
+	var height = mapObj.height;
+	var isMoveOrInsertOrDelete = mod_digitizeEvent == button_move || mod_digitizeEvent == button_insert || mod_digitizeEvent == button_delete;
+	var minDist = 5;
+
+	for(var i=0, lenGeomArray = d.count(); i < lenGeomArray; i++){
+		var currentGeomArray = d.get(i);
+
+		if (!nonTransactionalEditable && !isTransactional(currentGeomArray)) {
+			nonTransactionalHighlight.add(currentGeomArray, nonTransactionalColor);
 		}
 		else {
-			for(var j=0; j<d.get(i).count(); j++){
-				for(var k = 0; k < d.getGeometry(i,j).count(); k++){
-					var pos = parent.makeRealWorld2mapPos(mod_digitize_target,d.getPoint(i,j,k).x,d.getPoint(i,j,k).y);
-					
-					if (!d.getGeometry(i,j).isComplete() && 
-						( (k == 0 && d.get(i).geomType == parent.geomType.polygon) || (k == d.getGeometry(i,j).count()-1 && d.get(i).geomType == parent.geomType.line))) {
-						smP += "<div class='bp' style='top:"+(pos[1]-2)+"px;left:"+(pos[0]-2)+"px;z-index:"+digitizeTransactionalZIndex+";background-color:"+linepointColor+"'";
+			for(var j=0, lenGeom = currentGeomArray.count(); j < lenGeom ; j++){
+				var currentGeometry = d.getGeometry(i,j);
+				var isPolygon = currentGeomArray.geomType == parent.geomType.polygon;
+				var isLine = currentGeomArray.geomType == parent.geomType.line;
+				var isComplete = currentGeometry.isComplete();
+				var lastPaintedPoint = false;
+
+				for(var k = 0, lenPoint = currentGeometry.count(); k < lenPoint; k++){
+					var currentPoint = currentGeometry.get(k);
+					var currentPointMap = parent.realToMap(mod_digitize_target, currentPoint)
+
+					var isTooCloseToPrevious = lastPaintedPoint && (k > 0) && (Math.abs(currentPointMap.x-lastPaintedPoint.x) <= minDist && Math.abs(currentPointMap.y-lastPaintedPoint.y) <= minDist);
+					if (!isTooCloseToPrevious) {
+						var currentPointIsVisible = currentPointMap.x > 0 && currentPointMap.x < width && currentPointMap.y > 0 && currentPointMap.y < height;
+						if (currentPointIsVisible) {
+							if (!isComplete && ((k == 0 && isPolygon) || (k == lenPoint-1 && isLine))) {
+								smPArray[smPArray.length] = "<div class='bp' style='top:"+
+									(currentPointMap.y-2)+"px;left:"+(currentPointMap.x-2)+"px;z-index:"+
+									digitizeTransactionalZIndex+";background-color:"+linepointColor+"'";
+							}
+							else {
+								smPArray[smPArray.length] = "<div class='bp' style='top:"+(currentPointMap.y-2)+"px;left:"+(currentPointMap.x-2)+"px;z-index:"+digitizeTransactionalZIndex+";'";
+							}
+							if(k==0 && isPolygon && !isComplete){
+								smPArray[smPArray.length] = " title='"+closePolygon_title+"' ";
+							}
+							if(isMoveOrInsertOrDelete) {
+								smPArray[smPArray.length] = " onmouseover='parent.window.frames[\""+mod_digitize_elName+"\"].handleBasepoint(this,"+i+","+j+","+k+")' ;";
+							}
+							smPArray[smPArray.length] = "></div>";
+							lastPaintedPoint = currentPointMap;
+						}
+						if (k > 0) {
+							points = parent.calculateVisibleDash(currentPointMap, previousPointMap, width, height);
+							if (points != false) {
+								smPArray[smPArray.length] = evaluateDashes(points[0], points[1], i, j, k);
+							}
+						}
 					}
-					else {
-						smP += "<div class='bp' style='top:"+(pos[1]-2)+"px;left:"+(pos[0]-2)+"px;z-index:"+digitizeTransactionalZIndex+";'";
-					}
-					if(j==0 && d.get(i).geomType == parent.geomType.polygon && !d.getGeometry(i,j).isComplete()){
-						smP += " title='"+closePolygon_title+"' ";
-					}
-					if(mod_digitizeEvent == button_move || mod_digitizeEvent == button_insert || mod_digitizeEvent == button_delete) {
-						smP += " onmouseover='parent.window.frames[\""+mod_digitize_elName+"\"].handleBasepoint(this,"+i+","+j+","+k+")' ;";
-					}
-					smP += "></div>";
+					var previousPointMap = currentPointMap;
 				}
-				var mapObjInd = parent.getMapObjIndexByName(mod_digitize_target);
-				for(var k = 1; k < d.getGeometry(i,j).count(); k++){
-					var p0 = parent.realToMap(mod_digitize_target, d.getPoint(i,j,k));
-					var p1 = parent.realToMap(mod_digitize_target, d.getPoint(i,j,k-1));
-					points = parent.calculateVisibleDash(p0, p1, parent.mb_mapObj[mapObjInd].width, parent.mb_mapObj[mapObjInd].height);
-					if (points != false) {
-						smP += evaluateDashes(points[0], points[1], i, j, k);
-					}
-				}
 			}
 		}
 	}
-	digitizeDivTag.write(smP);
+	digitizeDivTag.write(smPArray.join(""));
+        
 }
 
 function evaluateDashes(start, end, memberIndex, geomIndex, pointIndex){

Deleted: branches/2.4.5/http/javascripts/mod_measure4326.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_measure4326.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/javascripts/mod_measure4326.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -1,251 +0,0 @@
-<?php
-# $Id: mod_measure.php 267 2006-05-12 12:16:01Z vera_schulze $
-# http://www.mapbender.org/index.php/mod_measure.php
-# Copyright (C) 2002 CCGIS 
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-require_once("../../conf/mapbender.conf");
-
-$gui_id = $_REQUEST["gui_id"];
-$con = db_connect($DBSERVER,$OWNER,$PW);
-db_select_db(DB,$con);
-$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'measure' AND fkey_gui_id = $1";
-$v = array($gui_id);
-$t = array('s');
-$res = db_prep_query($sql, $v, $t);
-$cnt = 0;
-while($row = db_fetch_array($res)){ 
-	$e_src = $row["e_src"];
-	$e_target = $row["e_target"];
-	$cnt++;
-}
-if($cnt > 1){
-	echo "alert('measure: ID not unique!');";
-}
-echo "var mod_measure_target = '".$e_target."';";
-
-require_once("ajax_jquery.js");
-$e_id_css = "measure";
-include '../include/dyn_js.php';
-?>
-
-var mod_measure_color1 = "white";
-var mod_measure_color2 = "black";
-var mod_measure_font = "Arial, Helvetica, sans-serif";
-var mod_measure_fontsize = "9px";
-var mod_measure_basepoint = "#8a2be2";
-var mod_measure_linepoint = "#ff00ff";
-var mod_measure_bg = "";
-var mod_measure_pgsql = true;
-
-var mod_measure_win = null;
-
-var mod_measure_elName = "measure";
-var mod_measure_frameName = "";
-var mod_measure_epsg;
-var mod_measure_width;
-var mod_measure_height;
-var dist = false;
-var mod_measure_RX = new Array();
-var mod_measure_RY = new Array();
-var mod_measure_Dist = new Array();
-var mod_measure_TotalDist = new Array();
-var mod_measureSubFunctions = new Array();
-
-var mod_measure_img_on = new Image(); mod_measure_img_on.src = "<?php  echo preg_replace("/_off/","_on",$e_src);  ?>";
-var mod_measure_img_off = new Image(); mod_measure_img_off.src = "<?php  echo $e_src;  ?>";
-var mod_measure_img_over = new Image(); mod_measure_img_over.src = "<?php  echo preg_replace("/_off/","_over",$e_src);  ?>";
-
-function init_mod_measure(ind){
-	mb_button[ind] = document.getElementById(mod_measure_elName);
-	mb_button[ind].img_over = mod_measure_img_over.src;
-	mb_button[ind].img_on = mod_measure_img_on.src;
-	mb_button[ind].img_off = mod_measure_img_off.src;
-	mb_button[ind].status = 0;
-	mb_button[ind].elName = mod_measure_elName;
-	mb_button[ind].fName = mod_measure_frameName;
-	mb_button[ind].go = new Function ("mod_measure_go()");
-	mb_button[ind].stop = new Function ("mod_measure_disable()");
-	var ind = getMapObjIndexByName(mod_measure_target);
-	mod_measure_width = mb_mapObj[ind].width;
-	mod_measure_height = mb_mapObj[ind].height;
-	mod_measure_epsg = mb_mapObj[ind].epsg;
-	mb_registerSubFunctions("drawDashedLine()");
-	mb_registerPanSubElement("measuring");
-}
-function register_measureSubFunctions(stringFunction){
-	mod_measureSubFunctions[mod_measureSubFunctions.length] = stringFunction;
-}
-function mod_measure_go(){
-	var el = window.frames[mod_measure_target].document;
-	el.onmousedown = mod_measure_start;
-	//el.onmousemove = mod_measure_run;
-	var measureSub = "";
-	for(var i=0; i<mod_measureSubFunctions.length; i++){
-		measureSub += eval(mod_measureSubFunctions[i]);
-	}   
-	writeTag(mod_measure_target,"measure_sub",measureSub);
-}
-function mod_measure_disable(){
-	var el = window.frames[mod_measure_target].document; 
-	el.onmousedown = null;
-	el.onmousemove = null;
-	writeTag(mod_measure_target,"measure_display","");
-	writeTag(mod_measure_target,"measure_sub","");
-}
-function mod_measure_timeout(){
-	var el = window.frames[mod_measure_target].document; 
-	el.onmousedown = null;
-	el.ondblclick = null;
-	el.onmousemove = null;
-}
-function mod_measure_disableTimeout(){
-	var el = window.frames[mod_measure_target].document;
-	el.onmousedown = mod_measure_start;
-	//el.onmousemove = mod_measure_run;
-}
-function use_dist() {
-    if(dist != false){
-        mod_measure_Dist[mod_measure_Dist.length] = dist;
-		var totalDist = mod_measure_TotalDist[mod_measure_TotalDist.length-1] + dist;
-       	mod_measure_TotalDist[mod_measure_TotalDist.length] = Math.round(totalDist * 100)/100;
-        
-      } 
-      drawDashedLine(); 
-      dist = false;
-}
-function mod_measure_start(e){
-	mb_getMousePos(e,mod_measure_target);
-	var realWorldPos = my_makeClickPos2RealWorldPos(mod_measure_target,clickX,clickY);
-    
-	mod_measure_RX[mod_measure_RX.length] = realWorldPos[0];
-	mod_measure_RY[mod_measure_RY.length] = realWorldPos[1];
-       
-     if(mod_measure_RX.length > 1){
-	 
-     convert_coords(mod_measure_RX[mod_measure_RX.length-2],mod_measure_RY[mod_measure_RY.length-2],mod_measure_RX[mod_measure_RX.length-1],mod_measure_RY[mod_measure_RY.length-1],inputEPSG);         
-	}
-	else{
-		mod_measure_Dist[mod_measure_Dist.length] = 0;
-		mod_measure_TotalDist[mod_measure_TotalDist.length] = 0;
-        drawDashedLine();
-	}
-}
-function drawDashedLine(){
-	var str_mPoints = "<div style='position:absolute;left:0px;top:0px' ><img src='"+mb_trans.src+"' width='"+mod_measure_width+"' height='0'></div>";
-	str_mPoints += "<div style='position:absolute;left:0px;top:0px' ><img src='"+mb_trans.src+"' width='0' height='"+mod_measure_height+"'></div>";
-	for(var i=0; i<mod_measure_RX.length; i++){
-		var pos = makeRealWorld2mapPos(mod_measure_target,mod_measure_RX[i],mod_measure_RY[i]);
-		str_mPoints += "<div style='font-size:1px;position:absolute;top:"+(pos[1]-2)+"px;left:"+(pos[0]-2)+"px;width:4px;height:4px;background-color:"+mod_measure_basepoint+"'></div>";
-		if(i>0){
-			str_mPoints += "<div  style='font-family:"+mod_measure_font+";font-size:"+mod_measure_fontsize+";color:"+mod_measure_color1+";";
-			if(mod_measure_bg != ""){
-				str_mPoints += "background-color:"+mod_measure_bg+";";
-			}
-			str_mPoints += "position:absolute;top:"+(pos[1] + 3)+"px;left:"+(pos[0]+3)+"px;z-index:20'>"+mod_measure_TotalDist[i]+"</div>";
-			str_mPoints += "<div  style='font-family:"+mod_measure_font+";font-size:"+mod_measure_fontsize+";color:"+mod_measure_color2+";position:absolute;top:"+(pos[1] + 4)+"px;left:"+(pos[0]+4)+"px;z-index:21'>"+mod_measure_TotalDist[i]+"</div>";
-		}
-	}
-	if(mod_measure_RX.length>1){
-		for(var k=1; k<mod_measure_RX.length; k++){
-			var pos0 = makeRealWorld2mapPos(mod_measure_target,mod_measure_RX[k], mod_measure_RY[k]);
-			var pos1 = makeRealWorld2mapPos(mod_measure_target,mod_measure_RX[k-1], mod_measure_RY[k-1]);
-          
-			str_mPoints += evaluateDashes(pos1[0],pos1[1],pos0[0],pos0[1],k);
-		}
-	}
-	writeTag(mod_measure_target,"measuring",str_mPoints);
-}
-function evaluateDashes(x1,y1,x2,y2,count){
-	var str_dashedLine = "";
-	var s = 10;
-	var d = Math.sqrt(Math.pow((y1-y2),2) + Math.pow((x1-x2),2)) ;
-	var n = Math.round(d/s);
-	var s_x =  (x2 - x1)/n;
-	var s_y =  (y2 - y1)/n;
-	for(var i=1; i<n; i++){
-		var x = Math.round(x1 + i * s_x)-2;
-		var y = Math.round(y1 + i * s_y)-2;
-		if(x >= 0 && x <= mod_measure_width && y >= 0 && y <= mod_measure_height){
-			str_dashedLine += "<div style='font-size:1px;position:absolute;top:"+y+"px;left:"+x+"px;width:4px;height:4px;background-color:"+mod_measure_linepoint+"'></div>";
-		}
-	}
-	str_dashedLine += "<div style='font-family:"+mod_measure_font+";font-size:"+mod_measure_fontsize+";color:"+mod_measure_color1+";";
-	if(mod_measure_bg != ""){
-		str_dashedLine += "background-color:"+mod_measure_bg+";";
-	}   
-	str_dashedLine += "position:absolute;top:"+(Math.round(y1 + (y2-y1)/2 +3))+"px;left:"+(Math.round(x1 + (x2-x1)/2 +3))+"px'>"+mod_measure_Dist[count]+"</div>";
-	str_dashedLine += "<div style='font-family:"+mod_measure_font+";font-size:"+mod_measure_fontsize+";color:"+mod_measure_color2+";position:absolute;top:"+(Math.round(y1 + (y2-y1)/2 + 4))+"px;left:"+(Math.round(x1 + (x2-x1)/2+4))+"px'>"+mod_measure_Dist[count]+"</div>";
-	return str_dashedLine;
-}
-function mod_measure_close(){
-	if(mod_measure_RX.length < 3 || (mod_measure_RX[mod_measure_RX.length-1] == mod_measure_RX[0] && mod_measure_RY[mod_measure_RY.length-1] == mod_measure_RY[0])){return;}
-	mod_measure_RX[mod_measure_RX.length] = mod_measure_RX[0];
-	mod_measure_RY[mod_measure_RY.length] = mod_measure_RY[0];
-	if(mod_measure_RX.length > 1){
-		// circumference
-        convert_coords(mod_measure_RX[mod_measure_RX.length-2],mod_measure_RY[mod_measure_RY.length-2],mod_measure_RX[mod_measure_RX.length-1],mod_measure_RY[mod_measure_RY.length-1],inputEPSG);   
-	}
-	else{
-		mod_measure_Dist[mod_measure_Dist.length] = 0;
-		mod_measure_TotalDist[mod_measure_TotalDist.length] = 0;
-        drawDashedLine();
-	}
-}
-function mod_measure_delete(){
-	mod_measure_RX = new Array();
-	mod_measure_RY = new Array();
-    mod_measure_Dist = new Array();
-	mod_measure_TotalDist = new Array();
-    dist = false;
-    writeTag(mod_measure_target,"measuring","");
-	writeTag(mod_measure_target,"measure_display","");
-}
-function my_makeClickPos2RealWorldPos(frameName, myClickX, myClickY) {
-	var ind = getMapObjIndexByName(frameName);
-	var width = parseInt(mb_mapObj[ind].width);
-	var height = parseInt(mb_mapObj[ind].height);
-	var arrayBBox = mb_mapObj[ind].extent.split(",");
-	var minX = parseFloat(arrayBBox[0]);
-	var minY = parseFloat(arrayBBox[1]);
-	var maxX = parseFloat(arrayBBox[2]);
-	var maxY = parseFloat(arrayBBox[3]);
-	var xtentx = maxX - minX;
-	var xtenty =  maxY - minY;
-	var posX = parseFloat(minX + (myClickX / width) * xtentx);
-	var posY = parseFloat(maxY - (myClickY / height) * xtenty);
-	return new Array(posX, posY);
-}
-function convert_coords(x1,y1,x2,y2,inputEPSG){
-
-      $.post(
-    	// zielurl
-        '../javascripts/transform_coordinatesWGS84.php',
-        // parameter fuer diese datei
-        {
-        	'x1'      : x1,
-            'y1'      : y1,
-			'x2'      : x2,
-			'y2'      : y2,  
-            'inputEPSG' :  inputEPSG      
-        },
-        // callback function
-        function(xml){
-            dist = Math.round(parseFloat(xml));   
-            use_dist();   
-        }
-     );
-}
\ No newline at end of file

Modified: branches/2.4.5/http/javascripts/mod_sandclock2.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_sandclock2.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/javascripts/mod_sandclock2.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -25,7 +25,7 @@
 $sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'sandclock2' AND fkey_gui_id = $1";
 $v = array($gui_id);
 $t = array('s');
-$res = db_query($sql, $v, $t);
+$res = db_prep_query($sql, $v, $t);
 $cnt = 0;
 while($row = db_fetch_array($res)){ 
 	$e_target = db_result($res,0,"e_target");

Modified: branches/2.4.5/http/javascripts/mod_setPOI2Scale.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_setPOI2Scale.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/javascripts/mod_setPOI2Scale.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -21,8 +21,10 @@
 include("../../conf/mapbender.conf");
 $con = db_connect($DBSERVER,$OWNER,$PW);
 db_select_db(DB,$con);
-$sql = "SELECT e_target FROM gui_element WHERE e_id = 'setPOI2Scale' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
+$sql = "SELECT e_target FROM gui_element WHERE e_id = 'setPOI2Scale' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
 $cnt = 0;
 
 while($row = db_fetch_array($res)){ 

Modified: branches/2.4.5/http/javascripts/mod_wfs_SpatialRequest.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_wfs_SpatialRequest.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/javascripts/mod_wfs_SpatialRequest.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -1,5 +1,5 @@
 <?php
-#$Id: mod_wfs_spatialRequest.php,v 1.4 2006/03/08 15:26:26 c_baudson Exp $
+#$Id$
 #$Header: /cvsroot/mapbender/mapbender/http/javascripts/mod_wfs_spatialRequest.php,v 1.4 2006/03/08 15:26:26 c_baudson Exp $
 # Copyright (C) 2002 CCGIS 
 #
@@ -33,8 +33,10 @@
 include("../../conf/" . $wfs_conf_filename);
 
 include '../include/dyn_js.php';
-$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'setSpatialRequest' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
+$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'setSpatialRequest' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
 $cnt = 0;
 while($row = db_fetch_array($res)){ 
    $e_src = $row["e_src"];

Modified: branches/2.4.5/http/javascripts/mod_wfs_gazetteer_client.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_wfs_gazetteer_client.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/javascripts/mod_wfs_gazetteer_client.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -1,5 +1,5 @@
 <?php
-# $Id: mod_wfs_gazetteer_ajax.php 1307 2007-05-09 10:06:24Z christoph $
+# $Id$
 # maintained by http://www.mapbender.org/index.php/User:Verena Diewald
 # http://www.mapbender.org/index.php/WFS_gazetteer
 # Copyright (C) 2002 CCGIS 
@@ -124,7 +124,11 @@
 function appendWfsConfSelectBox() {
 	var selectNode = document.createElement("select");
 	selectNode.name = "wfs_conf_sel";
-	selectNode.setAttribute("onchange", "global_selectedWfsConfId = this.value;appendStyles();appendWfsForm()");
+	selectNode.onchange = function () {
+		global_selectedWfsConfId = this.value;
+		appendStyles();
+		appendWfsForm();
+	};
 	
 	var isSelected = false;
 	for (var wfsConfId in global_wfsConfObj) {

Modified: branches/2.4.5/http/javascripts/mod_zoomCoords.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_zoomCoords.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/javascripts/mod_zoomCoords.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -1,5 +1,5 @@
 <?php
-#$Id: mod_zoomCoords.php 76 2006-08-15 12:25:34Z heuser $
+#$Id$
 #$Header: /cvsroot/mapbender/mapbender/http/javascripts/mod_zoomCoords.php,v 1.10 2006/03/09 08:57:13 uli_rothstein Exp $
 require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
 session_start();
@@ -70,8 +70,10 @@
 
 $con = db_connect($DBSERVER,$OWNER,$PW);
 db_select_db(DB,$con);
-$sql = "SELECT e_target FROM gui_element WHERE e_id = 'zoomCoords' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res = db_query($sql);
+$sql = "SELECT e_target FROM gui_element WHERE e_id = 'zoomCoords' AND fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
 $cnt = 0;
 while($row = db_fetch_array($res)){
    $e_target = $row["e_target"];

Modified: branches/2.4.5/http/javascripts/mod_zoomFull.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_zoomFull.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/javascripts/mod_zoomFull.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -1,12 +1,14 @@
 <?php
-#$Id: mod_zoomFull.php 76 2006-08-15 12:25:34Z heuser $
+#$Id$
 #$Header: /cvsroot/mapbender/mapbender/http/javascripts/mod_zoomFull.php,v 1.8 2005/09/13 18:16:42 bjoern_heuser Exp $
 $gui_id = $_REQUEST["gui_id"];
 require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
 $con = db_connect($DBSERVER,$OWNER,$PW);
 db_select_db(DB,$con);
-$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'zoomFull' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
+$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'zoomFull' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
 $cnt = 0;
 while($row = db_fetch_array($res)){ 
    $e_src = $row["e_src"];

Modified: branches/2.4.5/http/javascripts/mod_zoomOut1.php
===================================================================
--- tags/2.4.4/http/javascripts/mod_zoomOut1.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/javascripts/mod_zoomOut1.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -1,13 +1,15 @@
 <?php
-#$Id: mod_zoomOut1.php 76 2006-08-15 12:25:34Z heuser $
+#$Id$
 #$Header: /cvsroot/mapbender/mapbender/http/javascripts/mod_zoomOut1.php,v 1.8 2005/09/13 18:16:42 bjoern_heuser Exp $
 
 $gui_id = $_REQUEST["gui_id"];
 require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
 $con = db_connect($DBSERVER,$OWNER,$PW);
 db_select_db(DB,$con);
-$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'zoomOut1' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
+$sql = "SELECT e_src, e_target FROM gui_element WHERE e_id = 'zoomOut1' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
 $cnt = 0;
 while($row = db_fetch_array($res)){ 
    $e_src = $row["e_src"];

Deleted: branches/2.4.5/http/javascripts/transform_coordinatesWGS84.php
===================================================================
--- tags/2.4.4/http/javascripts/transform_coordinatesWGS84.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/javascripts/transform_coordinatesWGS84.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -1,49 +0,0 @@
-<?php
-# $Id: mod_measure.php 267 2006-05-12 12:16:01Z vera_schulze $
-# http://www.mapbender.org/index.php/mod_measure.php
-# Copyright (C) 2002 CCGIS 
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-require_once("../../conf/mapbender.conf");
-
-$DBSERVER = '192.168.0.100';
-$OWNER = "admin";
-$PW = "&see5Toxu?";  
-
-$con = pg_connect('host=' . $DBSERVER . ' user=' . $OWNER . ' password=' . $PW . ' dbname=merlin');
-
-
-
-$sql_pointA = "SELECT X(transform(GeometryFromText('POINT(".$_POST['x1']." ".$_POST['y1'].")',4326),".$_POST['inputEPSG'].")) as minx, Y(transform(GeometryFromText('POINT(".$_POST['x1']." ".$_POST['y1'].")',4326),".$_POST['inputEPSG'].")) as miny;";
-
-$resA = db_query($sql_pointA);
-$recA = pg_fetch_array($resA);
-
-$sql_pointB = "SELECT X(transform(GeometryFromText('POINT(".$_POST['x2']." ".$_POST['y2'].")',4326),".$_POST['inputEPSG'].")) as maxx, Y(transform(GeometryFromText('POINT(".$_POST['x2']." ".$_POST['y2'].")',4326),".$_POST['inputEPSG'].")) as maxy;";
-
-$resB = db_query($sql_pointB);
-$recB = pg_fetch_array($resB);
-
-$sql_dist = "SELECT distance('POINT(".$recA['minx']." ".$recA['miny']. ")','POINT(" . $recB['maxx']." ". $recB['maxy'].")') as dist;";
-$res_dist = db_query($sql_dist);
-$rec_dist = pg_fetch_array($res_dist);
-
-echo $rec_dist['dist'];
-#echo $recA['minx']. "," . $recA['miny'] . "," . $recB['maxx']. "," . $recB['maxy']. "," .$rec_dist['dist'];
-
-
-
-?>

Modified: branches/2.4.5/http/php/createImageFromText.php
===================================================================
--- tags/2.4.4/http/php/createImageFromText.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/createImageFromText.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -23,7 +23,7 @@
 
 $text_x = 4;
 $text_y = 0;
-$rect_w = 7 * mb_strlen($text) + $text_x;
+$rect_w = 7 * strlen($text) + $text_x;
 $rect_h = 14 + $text_y;
 
 $im = ImageCreate($rect_w, $rect_h);

Modified: branches/2.4.5/http/php/mb_listWMCs.php
===================================================================
--- tags/2.4.4/http/php/mb_listWMCs.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mb_listWMCs.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -98,8 +98,10 @@
 }
 
 function getTarget($gui_id) {
-	$sql = "SELECT e_requires, e_target FROM gui_element WHERE e_id = 'loadwmc' AND fkey_gui_id = '".$gui_id."'";
-	$res = db_query($sql);
+	$sql = "SELECT e_requires, e_target FROM gui_element WHERE e_id = 'loadwmc' AND fkey_gui_id = $1";
+	$v = array($gui_id);
+	$t = array("s");
+	$res = db_prep_query($sql, $v, $t);
 	$cnt = 0;
 	while($row = db_fetch_array($res)){ 
 		$e_target = $row["e_target"];

Modified: branches/2.4.5/http/php/mod_WMSpreferences.php
===================================================================
--- tags/2.4.4/http/php/mod_WMSpreferences.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_WMSpreferences.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -62,8 +62,10 @@
 </STYLE>
 <?php
 
-$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res = db_query($sql);
+$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
 $cnt = 0;
 $vis = "";
 $wmsid = "";
@@ -79,8 +81,10 @@
 echo "var mod_WMSpreferences_target2 = '".trim($target[1])."';";
 echo "</script>";
 
-$sql_visible = "SELECT * FROM gui_wms WHERE fkey_gui_id = '".$_SESSION["mb_user_gui"]."'"; 
-$res_visible = db_query($sql_visible); 
+$sql_visible = "SELECT * FROM gui_wms WHERE fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s"); 
+$res_visible = db_prep_query($sql_visible, $v, $t); 
 $cnt_visible = 0; 
 
 while($row = db_fetch_array($res_visible)){

Modified: branches/2.4.5/http/php/mod_changeEPSG.php
===================================================================
--- tags/2.4.4/http/php/mod_changeEPSG.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_changeEPSG.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -53,66 +53,79 @@
 
 # transform coordinates
 if(isset($_REQUEST["srs"])){
-	require_once("../../conf/mapbender.conf");
+	require_once(dirname(__FILE__) . "/../../conf/mapbender.conf");
 	$arraymapObj = split("###", $_REQUEST["srs"]);
 	echo "<script type='text/javascript'>";
 	echo "var newExtent = new Array();";
 	for($i=0; $i < count($arraymapObj); $i++){
 		$temp = split(",",$arraymapObj[$i]);
-		if(SYS_DBTYPE=='pgsql'){
-			$con = db_connect($DBSERVER,$OWNER,$PW);
-			$sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as minx";
-			$resMinx = db_query($sqlMinx);
-			$minx = db_result($resMinx,0,"minx");
-			
-			$sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as miny";
-			$resMiny = db_query($sqlMiny);
-			$miny = db_result($resMiny,0,"miny");
-			
-			$sqlMaxx = "SELECT X(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as maxx";
-			$resMaxx =db_query($sqlMaxx);
-			$maxx = db_result($resMaxx,0,"maxx");
-			
-			$sqlMaxy = "SELECT Y(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as maxy";
-			$resMaxy = db_query($sqlMaxy);
-			$maxy = db_result($resMaxy,0,"maxy");
-		}else{
-			$con_string = "host=$GEOS_DBSERVER port=$GEOS_PORT dbname=$GEOS_DB user=$GEOS_OWNER password=$GEOS_PW";
-			$con = pg_connect($con_string) or die ("Error while connecting database");
-			
-			$sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as minx";
-			$resMinx = pg_query($con,$sqlMinx);
-			$minx = pg_fetch_result($resMinx,0,"minx");
-			
-			$sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as miny";
-			$resMiny = pg_query($con,$sqlMiny);
-			$miny = pg_fetch_result($resMiny,0,"miny");
-			
-			$sqlMaxx = "SELECT X(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as maxx";
-			$resMaxx = pg_query($con,$sqlMaxx);
-			$maxx = pg_fetch_result($resMaxx,0,"maxx");
-			
-			$sqlMaxy = "SELECT Y(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".str_replace("EPSG:","",$temp[1])."),".str_replace("EPSG:","",$_REQUEST["newSRS"]).")) as maxy";
-			$resMaxy = pg_query($con,$sqlMaxy);
-			$maxy = pg_fetch_result($resMaxy,0,"maxy");
-		}
-		$extenty = $maxy - $miny;
-		$extentx = $maxx - $minx;
-		$relation_px_x = $temp[6] / $temp[7];
-		$relation_px_y = $temp[7] / $temp[6];
-		$relation_bbox_x = $extentx / $extenty;
 
-		if($relation_bbox_x <= $relation_px_x){
-			$centerx = $minx + ($extentx/2);
-			$minx = $centerx - $relation_px_x * $extenty / 2;
-			$maxx = $centerx + $relation_px_x * $extenty / 2;
+		// check if parameters are valid geometries to 
+		// avoid SQL injections
+
+		$oldEPSG = preg_replace("/EPSG:/","",$temp[1]);
+		$newEPSG = preg_replace("/EPSG:/","",$_REQUEST["newSRS"]);
+		 
+		if (is_numeric($temp[2]) && is_numeric($temp[3]) && is_numeric($temp[4]) && is_numeric($temp[5]) && is_numeric($oldEPSG) && is_numeric($newEPSG)) {
+		
+			if(SYS_DBTYPE=='pgsql'){
+				$con = db_connect($DBSERVER,$OWNER,$PW);
+				$sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".$oldEPSG."),".$newEPSG.")) as minx";
+				$resMinx = db_query($sqlMinx);
+				$minx = db_result($resMinx,0,"minx");
+				
+				$sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".$oldEPSG."),".$newEPSG.")) as miny";
+				$resMiny = db_query($sqlMiny);
+				$miny = db_result($resMiny,0,"miny");
+				
+				$sqlMaxx = "SELECT X(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".$oldEPSG."),".$newEPSG.")) as maxx";
+				$resMaxx = db_query($sqlMaxx);
+				$maxx = db_result($resMaxx,0,"maxx");
+				
+				$sqlMaxy = "SELECT Y(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".$oldEPSG."),".$newEPSG.")) as maxy";
+				$resMaxy = db_query($sqlMaxy);
+				$maxy = db_result($resMaxy,0,"maxy");
+			}else{
+				$con_string = "host=$GEOS_DBSERVER port=$GEOS_PORT dbname=$GEOS_DB user=$GEOS_OWNER password=$GEOS_PW";
+				$con = pg_connect($con_string) or die ("Error while connecting database");
+				
+				$sqlMinx = "SELECT X(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".$oldEPSG."),".$newEPSG.")) as minx";
+				$resMinx = pg_query($con,$sqlMinx);
+				$minx = pg_fetch_result($resMinx,0,"minx");
+				
+				$sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(".$temp[2]." ".$temp[3].")',".$oldEPSG."),".$newEPSG.")) as miny";
+				$resMiny = pg_query($con,$sqlMiny);
+				$miny = pg_fetch_result($resMiny,0,"miny");
+				
+				$sqlMaxx = "SELECT X(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".$oldEPSG."),".$newEPSG.")) as maxx";
+				$resMaxx = pg_query($con,$sqlMaxx);
+				$maxx = pg_fetch_result($resMaxx,0,"maxx");
+				
+				$sqlMaxy = "SELECT Y(transform(GeometryFromText('POINT(".$temp[4]." ".$temp[5].")',".$oldEPSG."),".$newEPSG.")) as maxy";
+				$resMaxy = pg_query($con,$sqlMaxy);
+				$maxy = pg_fetch_result($resMaxy,0,"maxy");
+			}
+			$extenty = $maxy - $miny;
+			$extentx = $maxx - $minx;
+			$relation_px_x = $temp[6] / $temp[7];
+			$relation_px_y = $temp[7] / $temp[6];
+			$relation_bbox_x = $extentx / $extenty;
+	
+			if($relation_bbox_x <= $relation_px_x){
+				$centerx = $minx + ($extentx/2);
+				$minx = $centerx - $relation_px_x * $extenty / 2;
+				$maxx = $centerx + $relation_px_x * $extenty / 2;
+			}
+			if($relation_bbox_x > $relation_px_x){
+				$centery = $miny + ($extenty/2);
+				$miny = $centery - $relation_px_y * $extentx / 2;
+				$maxy = $centery + $relation_px_y * $extentx / 2;
+			}
+			echo "newExtent[".$i."] = '".$temp[0].",".$_REQUEST["newSRS"].",".$minx.",".$miny.",".$maxx.",".$maxy."';";
 		}
-		if($relation_bbox_x > $relation_px_x){
-			$centery = $miny + ($extenty/2);
-			$miny = $centery - $relation_px_y * $extentx / 2;
-			$maxy = $centery + $relation_px_y * $extentx / 2;
-		}
-		echo "newExtent[".$i."] = '".$temp[0].",".$_REQUEST["newSRS"].",".$minx.",".$miny.",".$maxx.",".$maxy."';";
+		else {
+			echo "var e = new parent.Mb_exception('mod_changeEPSG.php: invalid input parameter (p1 = (" . $temp[2] . "," . $temp[3] . "), p2 = (" . $temp[4] . "," . $temp[5] . "), old EPSG: " . $oldEPSG . ", new EPSG: " . $newEPSG . ", ).');";
+		}		
 	}
 	echo "</script>";
 }

Modified: branches/2.4.5/http/php/mod_deleteGUI.php
===================================================================
--- tags/2.4.4/http/php/mod_deleteGUI.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_deleteGUI.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -65,12 +65,13 @@
 
 ###delete
 if($guiList){
-	 $sql = "DELETE FROM gui WHERE gui_id = '".$guiList."'";
-	 $res = db_query($sql);
+	 $sql = "DELETE FROM gui WHERE gui_id = $1";
+	 $v = array($guiList);
+	 $t = array("s");
+	 $res = db_prep_query($sql, $v, $t);
 }
 
-$sql_gui = "SELECT * FROM gui ";
-$sql_gui .= " ORDER BY gui_name";
+$sql_gui = "SELECT * FROM gui ORDER BY gui_name";
 $res_gui = db_query($sql_gui);
 $cnt_gui = 0;
 

Modified: branches/2.4.5/http/php/mod_deleteWFS.php
===================================================================
--- tags/2.4.4/http/php/mod_deleteWFS.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_deleteWFS.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -76,12 +76,13 @@
 
 ###delete
 if($wfsList){
-	 $sql = "DELETE FROM wfs WHERE wfs_id = '".$wfsList."'";
-	 $res = db_query($sql);
+	 $sql = "DELETE FROM wfs WHERE wfs_id = $1";
+	 $v = array($wfsList);
+	 $t = array("i");
+	 $res = db_prep_query($sql, $v, $t);
 }
 
-$sql_wfs = "SELECT * FROM wfs ";
-$sql_wfs .= " ORDER BY wfs_id";
+$sql_wfs = "SELECT * FROM wfs ORDER BY wfs_id";
 $res_wfs = db_query($sql_wfs);
 $cnt_wfs = 0;
 

Modified: branches/2.4.5/http/php/mod_editFilteredGroup.php
===================================================================
--- tags/2.4.4/http/php/mod_editFilteredGroup.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_editFilteredGroup.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -138,11 +138,15 @@
 echo "<select name='selected_group' onchange='submit()'>";
 	echo "<option value='new'>NEW...</option>";
 	$sql = "SELECT mb_group_name,mb_group_id FROM mb_group ";
+	$v = array();
+	$t = array();
 	if(isset($myGroup)){ 
-		$sql .= "WHERE mb_group_owner = ".$_SESSION["mb_user_id"];
+		$sql .= "WHERE mb_group_owner = $1";
+		array_push($v, $_SESSION["mb_user_id"]);
+		array_push($t, "i");
 	}
 	$sql .= " ORDER BY mb_group_name ";
-	$res = db_query($sql);
+	$res = db_prep_query($sql, $v, $t);
 	$count=0;
 	while($row = db_fetch_array($res)){
 		echo "<option value='".$row["mb_group_id"]."' ";

Modified: branches/2.4.5/http/php/mod_editFilteredUser.php
===================================================================
--- tags/2.4.4/http/php/mod_editFilteredUser.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_editFilteredUser.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -185,9 +185,15 @@
    echo "<select name='selected_user' onchange='submit()'>";
    echo "<option value='new'>NEW...</option>";
    $sql = "SELECT mb_user_name,mb_user_id FROM mb_user ";
-   if(isset($myUser)){ $sql .= "WHERE mb_user_owner = ".$_SESSION["mb_user_id"];}
-   $sql .= " ORDER BY mb_user_name ";
-   $res = db_query($sql);
+	$v = array();
+	$t = array();
+	if (isset($myUser)) { 
+		$sql .= "WHERE mb_user_owner = $1";
+		array_push($v, $_SESSION["mb_user_id"]);
+		array_push($t, "i");
+	}
+	$sql .= " ORDER BY mb_user_name ";
+	$res = db_prep_query($sql, $v, $t);
    $count=0;
    while($row = db_fetch_array($res)){
 	 	echo "<option value='".$row["mb_user_id"]."' ";

Modified: branches/2.4.5/http/php/mod_editGroup.php
===================================================================
--- tags/2.4.4/http/php/mod_editGroup.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_editGroup.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -136,9 +136,15 @@
    echo "<select name='selected_group' onchange='submit()'>";
    echo "<option value='new'>NEW...</option>";
    $sql = "SELECT mb_group_name,mb_group_id FROM mb_group ";
-   if(isset($myGroup)){ $sql .= "WHERE mb_group_owner = ".$_SESSION["mb_user_id"];}
+   $v = array();
+   $t = array();
+   if (isset($myGroup)) { 
+		$sql .= "WHERE mb_group_owner = $1";
+		array_push($v, $_SESSION["mb_user_id"]);
+		array_push($t, "i");
+   }
    $sql .= " ORDER BY mb_group_name ";
-   $res = db_query($sql);
+   $res = db_prep_query($sql, $v, $t);
    $count=0;
    while($row = db_fetch_array($res)){
 	 	echo "<option value='".$row["mb_group_id"]."' ";

Modified: branches/2.4.5/http/php/mod_editGuiWms.php
===================================================================
--- tags/2.4.4/http/php/mod_editGuiWms.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_editGuiWms.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -592,7 +592,7 @@
   echo "<td style='background:lightgrey'><input type='text' size='2' name='L_".$layer_id[$i]."___layer_id' value='".$layer_id[$i]."' readonly></td>";
   echo "<td><input type='text' size='1' name='L_".$layer_id[$i]."___layer_parent' value='".$layer_parent[$i]."' readonly></td>";
   echo "<td style='background:lightgrey'><input type='text' size='7' value='".$layer_name[$i]."' readonly></td>";
-  echo "<td><input type='text' name='".$layer_title[$i]."' size='12' value='".$layer_title[$i]."' ></td>";
+  echo "<td><input type='text' name='".$layer_title[$i]."' size='12' value='".$layer_title[$i]."' readonly></td>";
 
   echo "<td style='background:lightgrey'><input name='L_".$layer_id[$i]."___gui_layer_status' type='checkbox' ";
   if($gui_layer_status[$i] == 1){ echo "checked";}

Modified: branches/2.4.5/http/php/mod_editGuiWmsMeta.php
===================================================================
--- tags/2.4.4/http/php/mod_editGuiWmsMeta.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_editGuiWmsMeta.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -134,19 +134,23 @@
       $function = $_REQUEST["function"];
       
       if ( $function = "update" ) {
-         $sql = "UPDATE layer SET layer_meta_datum = '".$_REQUEST["layer_meta_datum"]."'";
-         $sql.= ", layer_meta_lieferant       = '".$_REQUEST["layer_meta_lieferant"]."'";
-         $sql.= ", layer_meta_quelle          = '".$_REQUEST["layer_meta_quelle"]."'";
-         $sql.= ", layer_meta_ansprechpartner = '".$_REQUEST["layer_meta_ansprechpartner"]."'";
-         $sql.= ", layer_meta_lieferant_basis = '".$_REQUEST["layer_meta_lieferant_basis"]."'";
-         $sql.= ", layer_meta_copyright       = '".$_REQUEST["layer_meta_copyright"]."'";
-         $sql.= " WHERE layer_id = ".$layer_id.";";
-         $res = db_query($sql);
+         $sql = "UPDATE layer SET layer_meta_datum = $1, ";
+         $sql.= "layer_meta_lieferant = $2, ";
+         $sql.= "layer_meta_quelle = $3, ";
+         $sql.= "layer_meta_ansprechpartner = $4, ";
+         $sql.= "layer_meta_lieferant_basis = $5, ";
+         $sql.= "layer_meta_copyright = $6 ";
+         $sql.= " WHERE layer_id = $7;";
+         $v = array($_REQUEST["layer_meta_datum"], $_REQUEST["layer_meta_lieferant"], $_REQUEST["layer_meta_quelle"], $_REQUEST["layer_meta_ansprechpartner"], $_REQUEST["layer_meta_lieferant_basis"], $_REQUEST["layer_meta_copyright"], $layer_id);
+         $t = array("s", "s", "s", "s", "s", "s", "i");
+         $res = db_prep_query($sql, $v, $t);
       }
    }
    
-   $sql = "SELECT * FROM layer WHERE layer_id = '".$layer_id."';";
-   $res = db_query($sql);
+   $sql = "SELECT * FROM layer WHERE layer_id = $1;";
+   $v = array($layer_id);
+   $t = array("i");
+   $res = db_prep_query($sql, $v, $t);
    
    if ( db_fetch_row($res, 0) ) { 	
    	  echo "         <h3>Editieren von Metadaten</h3>\n";  

Modified: branches/2.4.5/http/php/mod_editUser.php
===================================================================
--- tags/2.4.4/http/php/mod_editUser.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_editUser.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -200,9 +200,15 @@
    echo "<select name='selected_user' onchange='submit()'>";
    echo "<option value='new'>NEW...</option>";
    $sql = "SELECT mb_user_name,mb_user_id FROM mb_user ";
-   if(isset($myUser)){ $sql .= "WHERE mb_user_owner = ".$_SESSION["mb_user_id"];}
+   $v = array();
+   $t = array();
+	if (isset($myUser)) { 
+   		$sql .= "WHERE mb_user_owner = $1";
+   		array_push($v, $_SESSION["mb_user_id"]);
+   		array_push($t, "i");
+   	}
    $sql .= " ORDER BY mb_user_name ";
-   $res = db_query($sql);
+   $res = db_prep_query($sql, $v, $t);
    $count=0;
    while($row = db_fetch_array($res)){
 	 	echo "<option value='".$row["mb_user_id"]."' ";
@@ -339,5 +345,18 @@
 ?>
 <input type='hidden' name='action' value=''>
 </form>
+<script type="text/javascript">
+<!--
+var user=[];
+<?php
+for($i=0; $i<$cnt_user; $i++){
+	echo "user[".($i)."]=[];\n";
+	echo "user[".($i)."]['id']='" . $user_id[$i]  . "';\n";
+	echo "user[".($i)."]['name']='" . $user_name[$i]  . "';\n";
+	echo "user[".($i)."]['email']='" . $user_email[$i]  . "';\n";
+}
+?>
+// -->
+</script>
 </body>
 </html>
\ No newline at end of file

Modified: branches/2.4.5/http/php/mod_editWMS_Metadata.php
===================================================================
--- tags/2.4.4/http/php/mod_editWMS_Metadata.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_editWMS_Metadata.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -77,15 +77,15 @@
 function guessTimestamp($timestr) 
 {
 	
-     if (strstr($timestr, '.'))
+     if (strpos($timestr, '.'))
      {
         list($day, $month, $year) = explode(".", $timestr);
      }
-     elseif (strstr($timestr, '/'))
+     elseif (strpos($timestr, '/'))
      {
         list($month, $day, $year) = explode("/", $timestr);
      }
-     elseif (strstr($timestr, '-'))
+     elseif (strpos($timestr, '-'))
      {
         list($year, $month, $day) = explode("-", $timestr);
      }
@@ -101,51 +101,69 @@
 
 #Update handling
 
-if(isset($_REQUEST['update_content']) && $_REQUEST['update_content'] == true)
-{
+if (isset($_REQUEST['update_content']) && $_REQUEST['update_content'] == true) {
 	
-            $update_wms_sql = "UPDATE wms SET " . 
-                      "wms_title = '".$_REQUEST['wms_title_box']."', " .
-                      "wms_abstract = '".$_REQUEST['wms_abstract_box']."', " . 
-                      "fees = '".$_REQUEST['fees_box']."', " .
-                      "accessconstraints = '".$_REQUEST['accessconstraints_box']."', " .
-                      "contactperson = '".$_REQUEST['contactperson_box']."', " .
-                      "contactposition = '".$_REQUEST['contactposition_box']."', " .
-                      "contactorganization = '".$_REQUEST['contactorganization_box']."', " .
-                      "address = '".$_REQUEST['address_box']."', " .
-                      "city = '".$_REQUEST['city_box']."', " .
-                      "stateorprovince = '".$_REQUEST['stateorprovince_box']."', " .
-                      "postcode = '".$_REQUEST['postcode_box']."', " .
-                      "country = '".$_REQUEST['country_box']."', " .
-                      "contactvoicetelephone = '".$_REQUEST['contactvoicetelephone_box']."', " .
-                      "contactfacsimiletelephone = '".$_REQUEST['contactfacsimiletelephone_box']."', " .
-                      "contactelectronicmailaddress = '".$_REQUEST['contactelectronicmailaddress_box']."'";
-                      if (isset($_REQUEST['wms_timestamp_box']) && $_REQUEST['wms_timestamp_box'] <> "")
-                      {
-                            $update_wms_sql .= ", " . "wms_timestamp = " .
-                            "'".guessTimestamp($_REQUEST['wms_timestamp_box'])."' ";
-                      }
-   $update_wms_sql .= "WHERE wms_id = '".$_REQUEST['wms_id']."'";
-    $res_update_wms_sql = db_query($update_wms_sql);
-     while(list($key,$val) = each($_REQUEST))
+	$update_wms_sql = "UPDATE wms SET "; 
+	$update_wms_sql .= "wms_title = $1, wms_abstract = $2, fees = $3, ";
+	$update_wms_sql .= "accessconstraints = $4, contactperson = $5, ";
+	$update_wms_sql .= "contactposition = $6, contactorganization = $7, ";
+	$update_wms_sql .= "address = $8, city = $9, stateorprovince = $10, ";
+	$update_wms_sql .= "postcode = $11, country = $12, ";
+	$update_wms_sql .= "contactvoicetelephone = $13, ";
+	$update_wms_sql .= "contactfacsimiletelephone = $14, ";
+	$update_wms_sql .= "contactelectronicmailaddress = $15 ";
+
+	$v = array();
+	array_push($v, $_REQUEST['wms_title_box']);
+	array_push($v, $_REQUEST['wms_abstract_box']);
+	array_push($v, $_REQUEST['fees_box']);
+	array_push($v, $_REQUEST['accessconstraints_box']);
+	array_push($v, $_REQUEST['contactperson_box']);
+	array_push($v, $_REQUEST['contactposition_box']);
+	array_push($v, $_REQUEST['contactorganization_box']);
+	array_push($v, $_REQUEST['address_box']);
+	array_push($v, $_REQUEST['city_box']);
+	array_push($v, $_REQUEST['stateorprovince_box']);
+	array_push($v, $_REQUEST['postcode_box']);
+	array_push($v, $_REQUEST['country_box']);
+	array_push($v, $_REQUEST['contactvoicetelephone_box']);
+	array_push($v, $_REQUEST['contactfacsimiletelephone_box']);
+	array_push($v, $_REQUEST['contactelectronicmailaddress_box']);
+	$t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s");
+
+	if (isset($_REQUEST['wms_timestamp_box']) && $_REQUEST['wms_timestamp_box'] <> "") {
+        $update_wms_sql .= ", wms_timestamp = $16 ";
+		array_push($v, guessTimestamp($_REQUEST['wms_timestamp_box']));
+		array_push($t, "s");
+
+		$update_wms_sql .= "WHERE wms_id = $17";
+	}
+	else {
+		$update_wms_sql .= "WHERE wms_id = $16";
+	}
+	array_push($v, 	$_REQUEST['wms_id']);
+	array_push($t, "s");
+
+    $res_update_wms_sql = db_prep_query($update_wms_sql, $v, $t);
+
+    while(list($key,$val) = each($_REQUEST))
     {
         if(preg_match("/___/", $key))
         {
             $myKey = explode("___", $key);
-            $layer_id = str_replace("L_","",$myKey[0]);
-            if($myKey[1]=="layer_abstract")
-            {
-                $layer_sql = "UPDATE layer SET layer_abstract = '$val' " .
-                             "WHERE layer_id = $layer_id AND fkey_wms_id = '".$_REQUEST['wms_id']."'";  
-                $res_keyword_sql = db_query($layer_sql);
+            $layer_id = preg_replace("/L_/","",$myKey[0]);
+            if($myKey[1]=="layer_abstract") {
+				$layer_sql = "UPDATE layer SET layer_abstract = $1 ";
+				$layer_sql .= "WHERE layer_id = $2 AND fkey_wms_id = $3";  
+                $v = array($val, $layer_id, $_REQUEST['wms_id']);
+                $t = array("s", "i", "s");
+                $res_keyword_sql = db_prep_query($layer_sql, $v, $t);
             }
-            if($myKey[1]=="layer_keywords")
-            {
+            if($myKey[1]=="layer_keywords") {
                 #Get all keywords depending on the given layer after user modification
                 $keywords  = explode(",",$val);
                 #delete all blanks from the keywords list
-                for($j = 0; $j < count($keywords); $j++)
-                {
+                for ($j = 0; $j < count($keywords); $j++) {
                     $word = $keywords[$j];
                     $word = trim($word);
                     $keywords[$j] = $word;
@@ -155,9 +173,12 @@
                 $keyword_sql = "SELECT keyword_id, keyword FROM keyword, layer_keyword, layer " .
                                "WHERE keyword.keyword_id = layer_keyword.fkey_keyword_id " .
                                "AND layer_keyword.fkey_layer_id = layer.layer_id " .
-                               "AND layer.fkey_wms_id = '".$_REQUEST['wms_id']."'" .
-                               "AND layer.layer_id = $layer_id";
-                $res_keyword_sql = db_query($keyword_sql);
+                               "AND layer.fkey_wms_id = $1 " .
+                               "AND layer.layer_id = $2";
+                
+                $v = array($_REQUEST['wms_id'], $layer_id); 
+                $t = array("s", "i");
+                $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
                 while($keyword_row = db_fetch_array($res_keyword_sql))
                 {
                     $keyword = $keyword_row['keyword'];
@@ -171,19 +192,25 @@
                         #echo "1c: Keyword nicht in User Liste: Keyword: ", $keyword, ";<br>";
                         #Deleting reference to the keyword from the layer_keyword table.
                         $keyword_sql = "DELETE FROM layer_keyword " .
-                                       "WHERE fkey_layer_id = $layer_id " .
-                                       "AND fkey_keyword_id = $keyword_id";
-                        db_query($keyword_sql);
+                                       "WHERE fkey_layer_id = $1 " .
+                                       "AND fkey_keyword_id = $2";
+                        $v = array($layer_id, $keyword_id);
+                        $t = array("i", "i");
+                        db_prep_query($keyword_sql, $v, $t);
                         #Checking, if the keyword is in use by any layer
                         $layer_sql = "SELECT * FROM layer_keyword " .
-                                       "WHERE fkey_keyword_id = $keyword_id";
-                        $res_layer_sql = db_query($layer_sql);
+                                       "WHERE fkey_keyword_id = $1";
+                        $v = array($keyword_id);
+                        $t = array("i");
+                        $res_layer_sql = db_prep_query($layer_sql, $v, $t);
                         if(!($row = db_fetch_array($res_layer_sql)))
                         {
                             #If keyword will not longer be in use, delete it from keyword table
                             $keyword_sql = "DELETE FROM keyword " .
-                                           "WHERE keyword_id = $keyword_id";
-                            db_query($keyword_sql);
+                                           "WHERE keyword_id = $1";
+                            $v = array($keyword_id);
+                            $t = array("i");
+                            db_prep_query($keyword_sql, $v, $t);
                         }
                     }
                     #Keyword exists in the database and in the user data
@@ -211,8 +238,10 @@
                         $keyword = trim($keywords[$i]);
                         #Check, if the keyword is exsiting in the database
                         $keyword_sql = "SELECT keyword_id FROM keyword " .
-                                       "WHERE UPPER(keyword) = UPPER('$keyword')";
-                        $res_keyword_sql = db_query($keyword_sql);
+                                       "WHERE UPPER(keyword) = UPPER($1)";
+                        $v = array($keyword);
+                        $t = array("s");
+                        $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
                         $keyword_row = db_fetch_array($res_keyword_sql);
                         #Keyword exists in the database
                         if($keyword_row != null)
@@ -223,10 +252,15 @@
                         #Keyword does not exist in the database
                         else
                         {
-                            $keyword_sql = "INSERT INTO keyword (keyword) VALUES ('$keyword')";
-                            $res_keyword_sql = db_query($keyword_sql);
-                            $keyword_sql = "SELECT keyword_id FROM keyword WHERE keyword = '$keyword'";
-                            $res_keyword_sql = db_query($keyword_sql);
+                            $keyword_sql = "INSERT INTO keyword (keyword) VALUES ($1)";
+                            $v = array($keyword);
+                            $t = array("s");
+                            $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
+                            
+                            $keyword_sql = "SELECT keyword_id FROM keyword WHERE keyword = $1";
+                            $v = array($keyword);
+                            $t = array("s");
+                            $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
                             $keyword_row = db_fetch_array($res_keyword_sql);
                             if($keyword_row != null)
                             {
@@ -236,8 +270,10 @@
                         }
                         #Inserting the reference between layer and keyword in the layer_keyword table
                         $keyword_sql = "INSERT INTO layer_keyword (fkey_layer_id, fkey_keyword_id) " .
-                                       "VALUES ('$layer_id', '$keyword_id')";
-                        $res_keyword_sql = db_query($keyword_sql);
+                                       "VALUES ($1, $2)";
+                        $v = array($layer_id, $keyword_id);
+                        $t = array("s", "s");
+                        $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
                     }
                 }
                 #Delete all elements from array
@@ -253,8 +289,10 @@
 if(isset($_REQUEST['delete_preview']) && $_REQUEST['delete_preview']=='1'
 	&& isset($_REQUEST['layer_id']))
 {
-    $preview_sql = "DELETE FROM layer_preview WHERE fkey_layer_id = ".$_REQUEST['layer_id']."";
-    $res_preview_sql = db_query($preview_sql);
+    $preview_sql = "DELETE FROM layer_preview WHERE fkey_layer_id = $1";
+    $v = array($_REQUEST['layer_id']);
+    $t = array("s");
+    $res_preview_sql = db_prep_query($preview_sql, $v, $t);
     die("Preview has been deleted!</body></html>");
 }
 ?>
@@ -277,8 +315,10 @@
 {
 
     #Querying information from wms data table 
-    $wms_sql = "SELECT wms_id, wms_title FROM wms WHERE wms_owner = ".$_SESSION["mb_user_id"]. " ORDER BY wms_title";
-    $res_wms_sql = db_query($wms_sql);
+    $wms_sql = "SELECT wms_id, wms_title FROM wms WHERE wms_owner = $1 ORDER BY wms_title";
+    $v = array($_SESSION["mb_user_id"]);
+    $t = array("i");
+    $res_wms_sql = db_prep_query($wms_sql, $v, $t);
     #wms-selection
 
     $selectBox = "";
@@ -321,8 +361,10 @@
 
 if(isset($wms_id) == true && $wms_id <>0)
 { 
-	$selected_wms_sql = "SELECT * FROM wms WHERE wms_id = '".$wms_id."'";
-    $res_selected_wms_sql = db_query($selected_wms_sql);
+	$selected_wms_sql = "SELECT * FROM wms WHERE wms_id = $1";
+	$v = array($wms_id);
+	$t = array("s");
+    $res_selected_wms_sql = db_prep_query($selected_wms_sql, $v, $t);
     $selected_row = db_fetch_array($res_selected_wms_sql);
 
 ?>
@@ -400,9 +442,11 @@
     
 <?php
    
-    $layer_sql = "SELECT * FROM layer WHERE layer.fkey_wms_id = '".$wms_id."'" .
+    $layer_sql = "SELECT * FROM layer WHERE layer.fkey_wms_id = $1" .
                  " ORDER BY layer_pos";
-    $res_layer_sql = db_query($layer_sql);
+    $v = array($wms_id);
+    $t = array("s");
+    $res_layer_sql = db_prep_query($layer_sql, $v, $t);
     
     while($layer_row = db_fetch_array($res_layer_sql))
     {
@@ -419,9 +463,11 @@
         $keyword_sql = "SELECT keyword FROM keyword, layer_keyword, layer " .
                        "WHERE keyword.keyword_id = layer_keyword.fkey_keyword_id " .
                        "AND layer_keyword.fkey_layer_id = layer.layer_id " .
-                       "AND layer.fkey_wms_id = '".$wms_id."' " .
-                       "AND layer.layer_id = ".$layer_row['layer_id']."";
-        $res_keyword_sql = db_query($keyword_sql);
+                       "AND layer.fkey_wms_id = $1 " .
+                       "AND layer.layer_id = $2";
+        $v = array($wms_id, $layer_row['layer_id']);
+        $t = array("s", "i");
+        $res_keyword_sql = db_prep_query($keyword_sql, $v, $t);
         $keywordList = "";
         $seperator = "";
         while($keyword_row = db_fetch_array($res_keyword_sql))

Modified: branches/2.4.5/http/php/mod_edit_element_vars.php
===================================================================
--- tags/2.4.4/http/php/mod_edit_element_vars.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_edit_element_vars.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -110,13 +110,20 @@
 <?php
 # handle database updates etc.....
 if(isset($mySave) && $mySave == '1'){
-   if($SYS_DBTYPE=='pgsql'){
-   $sql[0] = "SET AUTOCOMMIT=1;";}
-   else{
-   $sql[0] = "SET AUTOCOMMIT=0;shit happens";
-   }
-   $sql[1] = "BEGIN;";
-   $sql[2] = "DELETE FROM gui_element_vars WHERE fkey_e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."' and ....";
+	if ($SYS_DBTYPE=='pgsql') { 
+		$sql[0] = "SET AUTOCOMMIT=1;";
+	}
+	else {
+		$sql[0] = "SET AUTOCOMMIT=0;shit happens";
+	}
+	$v[0] = array();
+	$t[0] = array();
+	$sql[1] = "BEGIN;";
+	$v[1] = array();
+	$t[1] = array();
+	$sql[2] = "DELETE FROM gui_element_vars WHERE fkey_e_id = $1 AND fkey_gui_id = $2";
+	$v[2] = array($e_id, $guiList1);
+	$t[2] = array("s", "s");
 
 
    if($e_left < 1){$e_left = "NULL";}
@@ -124,25 +131,32 @@
    if($e_width < 1){$e_width = "NULL";}
    if($e_height < 1){$e_height = "NULL";}
    if($e_z_index < 1){$e_z_index = "NULL";}
-   $sql[3] = "INSERT INTO gui_element_vars(fkey_gui_id,e_id,e_pos,e_public,e_comment,e_element,e_src,e_attributes,e_left,e_top,e_width,e_height,e_z_index,e_more_styles,e_content,e_closetag,e_js_file,e_mb_mod,e_target,e_requires) ";
-   $sql[3] .= "VALUES ('".$guiList1."','".$e_id."','".$e_pos."','".$e_public."','".db_escape_string($e_comment)."','".$e_element."','".$e_src."','".db_escape_string($e_attributes)."',".$e_left.",".$e_top.",".$e_width.",".$e_height.",".$e_z_index.",'".$e_more_styles."','".$e_content."','".$e_closetag."','".$e_js_file."','".$e_mb_mod."','".$e_target."','".$e_requires."')";
+	$sql[3] = "INSERT INTO gui_element_vars ";
+	$sql[3] .= "(fkey_gui_id, e_id, e_pos, e_public, e_comment, e_element, e_src, ";
+	$sql[3] .= "e_attributes, e_left, e_top, e_width, e_height, e_z_index, ";
+	$sql[3] .= "e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod, e_target, ";
+	$sql[3] .= "e_requires) ";
+	$sql[3] .= "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20)";
+	$v[3] = array($guiList1, $e_id, $e_pos, $e_public, db_escape_string($e_comment), $e_element, $e_src, db_escape_string($e_attributes), $e_left, $e_top, $e_width, $e_height, $e_z_index, $e_more_styles, $e_content, $e_closetag, $e_js_file, $e_mb_mod, $e_target, $e_requires);
+	$t[3] = array("s", "s", "i", "s", "s", "s", "s", "s", "i", "i", "i", "i", "i", "s", "s", "s", "s", "s", "s", "s");
    #echo $sql[3];
-   foreach ($sql as $mysql){
-      $res = db_query($mysql);
-      if(!$res){echo $mysql; break;}
+   for ($i = 0; $i < count($sql); $i++) {
+      $res = db_prep_query($sql[$i], $v[$i], $t[$i]);
    }
    if($res){
-		$res = db_query( "COMMIT");
+      $res = db_query( "COMMIT");
       $res = db_query( "SET AUTOCOMMIT=1");
    }
    else{
       $res = db_query( "ROLLBACK");
       $res = db_query( "SET AUTOCOMMIT=1");
    }
- }
+}
 if(isset($myDelete) && $myDelete == '1'){
-   $sql = "DELETE FROM gui_element_vars WHERE fkey_e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."' AND var_name='".$var_name."'";
-   $res = db_query($sql);
+   $sql = "DELETE FROM gui_element_vars WHERE fkey_e_id = $1 AND fkey_gui_id = $2 AND var_name= $3";
+   $v = array($e_id, $guiList1, $var_name);
+   $t = array("s", "s", "s");
+   $res = db_prep_query($sql, $v, $t);
    $e_id = ""; $e_pos = ""; $e_public = ""; $e_comment = ""; $e_element = "";
    $e_src = ""; $e_attributes = ""; $e_left = ""; $e_top = ""; $e_width = ""; $e_height = ""; $e_z_index = "";
    $e_more_styles = ""; $e_content = ""; $e_closetag = ""; $e_js_file = ""; $e_mb_mod = ""; $e_target = ""; $e_requires = "";
@@ -154,24 +168,37 @@
    echo "</script>";
 }
 if(isset($all) && $all == '1'){
-   $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$guiList2."' AND fkey_e_id = '".$e_id."' and var_name='".$var_name."' ;";
-   $res = db_query($sql);
+   $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2 and var_name= $3;";
+   $v = array($guiList2, $e_id, $var_name);
+   $t = array("s", "s", "s");
+   $res = db_prep_query($sql, $v, $t);
    $cnt = 0;
    while(db_fetch_row($res)){
-      $sql_del = "DELETE FROM gui_element_vars WHERE fkey_gui_id = '".$guiList1."' AND fkey_e_id = '".db_result($res,$cnt,"fkey_e_id")."'  and var_name='".$var_name."' ";
-      $res_del = db_query($sql_del);
+      $sql_del = "DELETE FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2 and var_name= $3";
+      $v = array($guiList1, db_result($res,$cnt,"fkey_e_id"), $var_name);
+      $t = array("s", "s", "s");
+      $res_del = db_prep_query($sql_del, $v, $t);
       if(db_result($res,$cnt,"e_left") == ""){$myleft = 'NULL';} else{$myleft = db_result($res,$cnt,"e_left");}
       if(db_result($res,$cnt,"e_top") == ""){$mytop = 'NULL';} else{$mytop = db_result($res,$cnt,"e_top");}
       if(db_result($res,$cnt,"e_width") == ""){$mywidth = 'NULL';} else{$mywidth = db_result($res,$cnt,"e_width");}
       if(db_result($res,$cnt,"e_height") == ""){$myheight = 'NULL';} else{$myheight = db_result($res,$cnt,"e_height");}
       if(db_result($res,$cnt,"e_z_index") == ""){$my_z_index = 'NULL';} else{$my_z_index = db_result($res,$cnt,"e_z_index");}
 
-      $sql_ins = "INSERT INTO gui_element_vars(fkey_gui_id,e_id,e_pos,e_public,e_comment,e_element,e_src,e_attributes,e_left,e_top,e_width,e_height,e_z_index,e_more_styles,e_content,e_closetag,e_js_file,e_mb_mod,e_target,e_requires) ";
-      $sql_ins .= "VALUES ('".$guiList1."','".db_result($res,$cnt,"e_id")."','".db_result($res,$cnt,"e_pos")."','".db_result($res,$cnt,"e_public")."','".db_escape_string(db_result($res,$cnt,"e_comment"))."','".db_result($res,$cnt,"e_element")."','".db_result($res,$cnt,"e_src")."','".db_escape_string(db_result($res,$cnt,"e_attributes"))."',".$myleft.",";
-      $sql_ins .= $mytop.",".$mywidth.",".$myheight.",".$my_z_index.",'".db_result($res,$cnt,"e_more_styles")."','".db_escape_string(db_result($res,$cnt,"e_content"))."','".db_result($res,$cnt,"e_closetag")."','".db_result($res,$cnt,"e_js_file")."','".db_result($res,$cnt,"e_mb_mod")."','".db_result($res,$cnt,"e_target")."','".db_result($res,$cnt,"e_requires")."')";
+      $sql_ins = "INSERT INTO gui_element_vars ";
+      $sql_ins .= "(fkey_gui_id, e_id, e_pos,e_public, e_comment, e_element, ";
+      $sql_ins .= "e_src, e_attributes, e_left, e_top, e_width, e_height, ";
+      $sql_ins .= "e_z_index, e_more_styles, e_content, e_closetag, e_js_file, ";
+      $sql_ins .= "e_mb_mod, e_target, e_requires) ";
+      $sql_ins .= "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, ";
+      $sql_ins .= "$10, $11, $12, $13, $14, $15, $16, $17, $18, ";
+      $sql_ins .= "$19, $20)";
+      $v = array($guiList1, db_result($res,$cnt,"e_id"), db_result($res,$cnt,"e_pos"), db_result($res,$cnt,"e_public"), db_escape_string(db_result($res,$cnt,"e_comment")), db_result($res,$cnt,"e_element"), db_result($res,$cnt,"e_src"), db_escape_string(db_result($res,$cnt,"e_attributes")), $myleft, $mytop, $mywidth, $myheight, $my_z_index, db_result($res,$cnt,"e_more_styles"), db_escape_string(db_result($res,$cnt,"e_content")), db_result($res,$cnt,"e_closetag"), db_result($res,$cnt,"e_js_file"), db_result($res,$cnt,"e_mb_mod"), db_result($res,$cnt,"e_target"), db_result($res,$cnt,"e_requires"));
+      $t = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i", "i", "i", "i", "s", "s", "s", "s", "s", "s", "s");
 
-      $res_ins = db_query($sql_ins);
-      if(!$res_ins){echo db_error($connect); }
+      $res_ins = db_prep_query($sql_ins, $v, $t);
+      if (!$res_ins) {
+      	echo db_error($connect); 
+      }
       $cnt++;
    }
 }
@@ -179,8 +206,10 @@
 echo "<script language='javascript'>";
 echo "var varIDs = new Array();";
 if(isset($guiList1)){
-   $sql = "SELECT var_name FROM gui_element_vars WHERE  fkey_gui_id = '".$guiList1."' AND fkey_e_id = '".$e_id."'";
-   $res = db_query($sql);
+   $sql = "SELECT var_name FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2";
+   $v = array($guiList1, $e_id);
+   $t = array("s", "s");
+   $res = db_prep_query($sql, $v, $t);
    $cnt = 0;
    while(db_fetch_row($res)){
       echo  "varIDs[".$cnt."] = '".db_result($res,$cnt,"var_name")."'; ";
@@ -284,8 +313,10 @@
 if(isset($guiList1)){
    echo "<div class='guiList2_header'>Templates</div>";
 
-   $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$guiList1."' AND fkey_e_id='".$e_id."'";
-   $res = db_query($sql);
+   $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = $2";
+   $v = array($guiList1, $e_id);
+   $t = array("s", "s");
+   $res = db_prep_query($sql, $v, $t);
    $cnt = 0;
    echo "<div class='myElements'><table>";
    while($row = db_fetch_array($res)){
@@ -303,9 +334,11 @@
 #Formular:
 echo "<table class='myForm'>";
 if(isset($guiList1) && isset($var_name)){
-   $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$guiList1."' AND fkey_e_id = '".$e_id."' AND var_name='".$var_name."'";
+   $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1 AND fkey_e_id = '".$e_id."' AND var_name = $2";
+   $v = array($guiList1, $var_name);
+   $t = array("s", "s");
    //echo $sql;
-   $res = db_query($sql);
+   $res = db_prep_query($sql, $v, $t);
    if($row = db_fetch_array($res)){
       echo "<tr><td>ID: </td><td><input type='text' class='textfield' readonly name='e_id' value='".$e_id."'></td></tr>";
       echo "<tr><td>Var Type: </td><td><input type='text' class='textfield' name='type' value='".$row["type"]."'></td></tr>";

Modified: branches/2.4.5/http/php/mod_edit_metadata.php
===================================================================
--- tags/2.4.4/http/php/mod_edit_metadata.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_edit_metadata.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -112,45 +112,71 @@
 # handle database updates etc.....
 if(isset($mySave) && ($mySave == '1' || $mySave == '2')) {
    if ($mySave == '1'){
-   	$sql_vars = "SELECT * FROM gui_element_vars WHERE fkey_e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."'";
-   	 $res_vars = db_query($sql_vars);
+   	$sql_vars = "SELECT * FROM gui_element_vars WHERE fkey_e_id = $1 AND fkey_gui_id = $2";
+   	$v = array($e_id, $guiList1);
+   	$t = array("s", "s");
+   	$res_vars = db_prep_query($sql_vars, $v, $t);
    	 //$rows = db_fetch_array($res_vars);
-   	if($SYS_DBTYPE=='pgsql')
-   		{
-	   	$sql[0] = "SET AUTOCOMMIT=1";
-	 	}
-	  else
-	 	{
-	 	$sql[0] = "SET AUTOCOMMIT=0";
-		}
-	   $sql[1] = "BEGIN";
-	   $sql[2] = "DELETE FROM gui_element WHERE e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."'";
+	$sql = array();
+	$v = array();
+	$t = array();
+	if ($SYS_DBTYPE == "pgsql") {
+		$sql[0] = "SET AUTOCOMMIT=1";
+		$v[0] = array();
+		$t[0] = array();
+	}
+	else {
+		$sql[0] = "SET AUTOCOMMIT=0";
+		$v[0] = array();
+		$t[0] = array();
+	}
+	$sql[1] = "BEGIN";
+	$v[1] = array();
+	$t[1] = array();
+	
+	$sql[2] = "DELETE FROM gui_element WHERE e_id = $1 AND fkey_gui_id = $2";
+	$v[2] = array($e_id, $guiList1);
+	$t[2] = array("s", "s");
 
-
 	   if($e_left < 1){$e_left = "NULL";}
 	   if($e_top < 1){$e_top = "NULL";}
 	   if($e_width < 1){$e_width = "NULL";}
 	   if($e_height < 1){$e_height = "NULL";}
 	   if($e_z_index < 1){$e_z_index = "NULL";}
-	   $sql[3] = "INSERT INTO gui_element(fkey_gui_id,e_id,e_pos,e_public,e_comment,e_element,e_src,e_attributes,e_left,e_top,e_width,e_height,e_z_index,e_more_styles,e_content,e_closetag,e_js_file,e_mb_mod,e_target,e_requires) ";
-	   $sql[3] .= "VALUES ('".$guiList1."','".$e_id."','".$e_pos."','".$e_public."','".db_escape_string($e_comment)."','".$e_element."','".$e_src."','".db_escape_string($e_attributes)."',".$e_left.",".$e_top.",".$e_width.",".$e_height.",".$e_z_index.",'".$e_more_styles."','".db_escape_string($e_content)."','".$e_closetag."','".$e_js_file."','".$e_mb_mod."','".$e_target."','".$e_requires."')";
-
+	$sql[3] = "INSERT INTO gui_element (fkey_gui_id, e_id, e_pos, e_public, ";
+	$sql[3] .= "e_comment, e_element, e_src, e_attributes, e_left, e_top, ";
+	$sql[3] .= "e_width, e_height, e_z_index, e_more_styles, e_content, ";
+	$sql[3] .= "e_closetag, e_js_file, e_mb_mod, e_target, e_requires) ";
+	$sql[3] .= "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, ";
+	$sql[3] .= "$13, $14, $15, $16, $17, $18, $19, $20)";
+	$v[3] = array($guiList1, $e_id, $e_pos, $e_public, db_escape_string($e_comment), $e_element, $e_src, db_escape_string($e_attributes), $e_left, $e_top, $e_width, $e_height, $e_z_index, $e_more_styles, db_escape_string($e_content), $e_closetag, $e_js_file, $e_mb_mod, $e_target, $e_requires);
+	$t[3] = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i", "i", "i", "i", "s", "s", "s", "s", "s", "s", "s");
    }
    # mySave == 2 <=> just save GUI description
    elseif ($mySave == '2') {
-	   if($SYS_DBTYPE=='pgsql')
-   		{
-	   	$sql[0] = "SET AUTOCOMMIT=1";
-	 	}
-	  else
-	 	{
-	 	$sql[0] = "SET AUTOCOMMIT=0";
+		$sql = array();
+		$v = array();
+		$t = array();
+		if ($SYS_DBTYPE == "pgsql") {
+			$sql[0] = "SET AUTOCOMMIT=1";
+			$v[0] = array();
+			$t[0] = array();
 		}
-	   $sql[1] = "BEGIN";
-	   $sql[3] = "UPDATE gui SET gui_description = '". $guiDesc."' WHERE gui_id ='".$guiId."'";
-   }
-   foreach ($sql as $mysql){
-      $res = db_query($mysql);
+		else {
+			$sql[0] = "SET AUTOCOMMIT=0";
+			$v[0] = array();
+			$t[0] = array();
+		}
+		$sql[1] = "BEGIN";
+		$v[1] = array();
+		$t[1] = array();
+
+		$sql[2] = "UPDATE gui SET gui_description = $1 WHERE gui_id = $2";
+		$v[2] = array($guiDesc, $guiId);
+		$t[2] = array("s", "s");
+	}
+	for ($i = 0; $i < count($sql); $i++) {
+      $res = db_prep_query($sql[$i], $v[$i], $t[$i]);
       if(!$res){break;}
    }
    if($res){
@@ -161,19 +187,25 @@
       $res = db_query( "ROLLBACK");
       $res = db_query( "SET AUTOCOMMIT=1");
    }
-   if(isset($sql_vars)){//sicherstellen das keine Element_Vars gelöscht wurden
+   if(isset($sql_vars)){//sicherstellen das keine Element_Vars gel�scht wurden
    	 while($row =  db_fetch_array($res_vars)){
-     			$securesql = "INSERT INTO gui_element_vars (fkey_gui_id,fkey_e_id,var_name,var_value,context,type) VALUES ('".$guiList1."','".$e_id."','".$row["var_name"]."','".$row["var_value"]."','".$row["context"]."','".$row["type"]."');";
-     			//echo $securesql."<BR>";
-     			$secureinsert = db_query($securesql);
-     		}
-   }
+			$securesql = "INSERT INTO gui_element_vars (fkey_gui_id, ";
+			$securesql .= "fkey_e_id, var_name, var_value, context,type) ";
+			$securesql .= "VALUES ($1, $2, $3, $4, $5, $6)";
+			$v = array($guiList1, $e_id, $row["var_name"], $row["var_value"], $row["context"], $row["type"]);
+			$t = array("s", "s", "s", "s", "s", "s");
+			//echo $securesql."<BR>";
+			$secureinsert = db_prep_query($securesql, $v, $t);
+		}
+	}
       if(!$res){break;}
 
 }
 if(isset($myDelete) && $myDelete == '1'){
-   $sql = "DELETE FROM gui_element WHERE e_id = '".$e_id."' AND fkey_gui_id = '".$guiList1."'";
-   $res = db_query($sql);
+   $sql = "DELETE FROM gui_element WHERE e_id = $1 AND fkey_gui_id = $2";
+   $v = array($e_id, $guiList1);
+   $t = array("s", "s");
+   $res = db_prep_query($sql, $v, $t);
    $e_id = ""; $e_pos = ""; $e_public = ""; $e_comment = ""; $e_element = "";
    $e_src = ""; $e_attributes = ""; $e_left = ""; $e_top = ""; $e_width = ""; $e_height = ""; $e_z_index = "";
    $e_more_styles = ""; $e_content = ""; $e_closetag = ""; $e_js_file = ""; $e_mb_mod = ""; $e_target = ""; $e_requires = "";
@@ -185,33 +217,47 @@
    echo "</script>";
 }
 if(isset($all) && $all == '1'){
-   $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = '".$guiList2."'";
-   $res = db_query($sql);
+   $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = $1";
+   $v = array($guiList2);
+   $t = array("s");
+   $res = db_prep_query($sql, $v, $t);
    $cnt = 0;
    while(db_fetch_row($res)){
-      $sql_del = "DELETE FROM gui_element WHERE fkey_gui_id = '".$guiList1."' AND e_id = '".db_result($res,$cnt,"e_id")."'";
-      $res_del = db_query($sql_del);
+      $sql_del = "DELETE FROM gui_element WHERE fkey_gui_id = $1 AND e_id = $2";
+      $v = array($guiList1, db_result($res,$cnt,"e_id"));
+      $t = array("s", "s");
+      $res_del = db_prep_query($sql_del, $v, $t);
       if(db_result($res,$cnt,"e_left") == ""){$myleft = 'NULL';} else{$myleft = db_result($res,$cnt,"e_left");}
       if(db_result($res,$cnt,"e_top") == ""){$mytop = 'NULL';} else{$mytop = db_result($res,$cnt,"e_top");}
       if(db_result($res,$cnt,"e_width") == ""){$mywidth = 'NULL';} else{$mywidth = db_result($res,$cnt,"e_width");}
       if(db_result($res,$cnt,"e_height") == ""){$myheight = 'NULL';} else{$myheight = db_result($res,$cnt,"e_height");}
       if(db_result($res,$cnt,"e_z_index") == ""){$my_z_index = 'NULL';} else{$my_z_index = db_result($res,$cnt,"e_z_index");}
 
-      $sql_ins = "INSERT INTO gui_element(fkey_gui_id,e_id,e_pos,e_public,e_comment,e_element,e_src,e_attributes,e_left,e_top,e_width,e_height,e_z_index,e_more_styles,e_content,e_closetag,e_js_file,e_mb_mod,e_target,e_requires) ";
-      $sql_ins .= "VALUES ('".$guiList1."','".db_result($res,$cnt,"e_id")."','".db_result($res,$cnt,"e_pos")."','".db_result($res,$cnt,"e_public")."','".db_escape_string(db_result($res,$cnt,"e_comment"))."','".db_result($res,$cnt,"e_element")."','".db_result($res,$cnt,"e_src")."','".db_escape_string(db_result($res,$cnt,"e_attributes"))."',".$myleft.",";
-      $sql_ins .= $mytop.",".$mywidth.",".$myheight.",".$my_z_index.",'".db_result($res,$cnt,"e_more_styles")."','".db_escape_string(db_result($res,$cnt,"e_content"))."','".db_result($res,$cnt,"e_closetag")."','".db_result($res,$cnt,"e_js_file")."','".db_result($res,$cnt,"e_mb_mod")."','".db_result($res,$cnt,"e_target")."','".db_result($res,$cnt,"e_requires")."')";
-
-      $res_ins = db_query($sql_ins);
+      $sql_ins = "INSERT INTO gui_element (fkey_gui_id, e_id, e_pos, e_public, ";
+      $sql_ins .= "e_comment, e_element, e_src, e_attributes, e_left, e_top, ";
+      $sql_ins .= "e_width, e_height, e_z_index, e_more_styles, e_content, ";
+      $sql_ins .= "e_closetag, e_js_file, e_mb_mod, e_target, e_requires) ";
+      $sql_ins .= "VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, ";
+      $sql_ins .= "$10, $11, $12, $13, $14, $15, $16, $17, $18, $19);";
+      $v = array($guiList1, db_result($res,$cnt,"e_id"), db_result($res,$cnt,"e_pos"), db_result($res,$cnt,"e_public"), db_escape_string(db_result($res,$cnt,"e_comment")), db_result($res,$cnt,"e_element"), db_result($res,$cnt,"e_src"), db_escape_string(db_result($res,$cnt,"e_attributes")), $myleft, $mytop, $mywidth, $myheight, $my_z_index, db_result($res,$cnt,"e_more_styles"), db_escape_string(db_result($res,$cnt,"e_content")), db_result($res,$cnt,"e_closetag"), db_result($res,$cnt,"e_js_file"), db_result($res,$cnt,"e_mb_mod"), db_result($res,$cnt,"e_target"), db_result($res,$cnt,"e_requires"));
+      $t = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i", "i", "i", "i", "s", "s", "s", "s", "s", "s", "s");
+		
+      $res_ins = db_prep_query($sql_ins, $v, $t);
       if(!$res_ins){echo db_error($con); }
       $cnt++;
    }
-   $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = '".$guiList2."'";
-      $res = db_query($sql);
+   $sql = "SELECT * FROM gui_element_vars WHERE fkey_gui_id = $1";
+   $v = array($guiList2);
+   $t = array("s");
+      $res = db_prep_query($sql, $v, $t);
    	$cnt = 0;
        while(db_fetch_row($res)){
-      $sql_ins2 = "INSERT INTO gui_element_vars(fkey_gui_id,fkey_e_id,var_name,var_value,context,type) ";
-      $sql_ins2 .= "VALUES ('".$guiList1."','".db_result($res,$cnt,"fkey_e_id")."','".db_result($res,$cnt,"var_name")."','".db_escape_string(db_result($res,$cnt,"var_value"))."','".db_escape_string(db_result($res,$cnt,"context"))."','".db_result($res,$cnt,"type")."')";
-      $res_ins2 = db_query($sql_ins2);
+      $sql_ins2 = "INSERT INTO gui_element_vars (fkey_gui_id, fkey_e_id, ";
+      $sql_ins2 .= "var_name, var_value, context, type) VALUES (";
+      $sql_ins2 .= "$1, $2, $3, $4, $5, $6);";
+      $v = array($guiList1, db_result($res,$cnt,"fkey_e_id"), db_result($res,$cnt,"var_name"), db_escape_string(db_result($res,$cnt,"var_value")), db_escape_string(db_result($res,$cnt,"context")), db_result($res,$cnt,"type"));
+      $t = array("s", "s", "s", "s", "s", "s");
+      $res_ins2 = db_prep_query($sql_ins2, $v, $t);
       if(!$res_ins2){echo db_error($connect); }
 
       $cnt++;
@@ -223,8 +269,10 @@
 echo "<script language='javascript'>";
 echo "var guiIDs = new Array();";
 if(isset($guiList1)){
-   $sql = "SELECT e_id FROM gui_element WHERE  fkey_gui_id = '".$guiList1."'";
-   $res = db_query($sql);
+   $sql = "SELECT e_id FROM gui_element WHERE  fkey_gui_id = $1";
+   $v = array($guiList1);
+   $t = array("s");
+   $res = db_prep_query($sql, $v, $t);
    $cnt = 0;
    while(db_fetch_row($res)){
       echo  "guiIDs[".$cnt."] = '".db_result($res,$cnt,"e_id")."'; ";
@@ -313,14 +361,20 @@
 $permguis = $admin->getGuisByPermission($_SESSION["mb_user_id"],true);
 echo "<form name='form1' action='" . $PHP_SELF . "?".SID."' method='post'>\n";
 
-$sql = "SELECT * from gui WHERE gui.gui_id IN(";
-for($i=0; $i<count($ownguis); $i++){
-	if($i>0){ $sql .= ",";}
-	$sql .= "'".$ownguis[$i]."'";
+$sql = "SELECT * from gui WHERE gui.gui_id IN (";
+$v = $ownguis;
+$t = array();
+
+for ($i = 1; $i <= count($ownguis); $i++) {
+	if ($i > 1) {
+		$sql .= ",";
+	}
+	$sql .= "$" . $i;
+	array_push($t, "s");
 }
 $sql .= ")";
 //echo $sql;
-$res = db_query($sql);
+$res = db_prep_query($sql, $v, $t);
 $count=0;
 while(db_fetch_row($res)){
 	$gui_id_own[$count]=db_result($res,$count,"gui_id");
@@ -330,13 +384,19 @@
 }
 
 
-$sql = "SELECT * from gui WHERE gui.gui_id IN(";
-for($i=0; $i<count($permguis); $i++){
-	if($i>0){ $sql .= ",";}
-	$sql .= "'".$permguis[$i]."'";
+$sql = "SELECT * from gui WHERE gui.gui_id IN (";
+$v = $permguis;
+$t = array();
+
+for ($i = 1; $i <= count($permguis); $i++){
+	if ($i > 1) { 
+		$sql .= ",";
+	}
+	$sql .= "$" . $i;
+	array_push($t, "s");
 }
 $sql .= ")";
-$res = db_query($sql);
+$res = db_prep_query($sql, $v, $t);
 $count=0;
 while($row = db_fetch_array($res)){
 	$gui_id_perm[$count]= $row["gui_id"];
@@ -413,8 +473,10 @@
 	else{
 		echo "<div class='guiList2_header'>Templates</div>\n";
 	}
-	$sql = "SELECT * FROM gui_element WHERE fkey_gui_id = '".$guiList2."' ORDER BY e_id";
-	$res = db_query($sql);
+	$sql = "SELECT * FROM gui_element WHERE fkey_gui_id = $1 ORDER BY e_id";
+	$v = array($guiList2);
+	$t = array("s");
+	$res = db_prep_query($sql, $v, $t);
 	$cnt = 0;
 
 	echo "<div class='myElements'>\n<table>\n";
@@ -440,8 +502,10 @@
 #Formular:
 echo "<table class='myForm'>\n";
 if(isset($myElement)){
-   $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = '".$guiList2."' AND e_id = '".$myElement."'";
-   $res = db_query($sql);
+   $sql = "SELECT * FROM gui_element WHERE fkey_gui_id = $1 AND e_id = $2";
+   $v = array($guiList2, $myElement);
+   $t = array("s", "s");
+   $res = db_prep_query($sql, $v, $t);
    if(db_fetch_row($res)){
       echo "<tr><td>ID: </td><td><input type='text' class='textfield' name='e_id' value='".db_result($res,0,"e_id")."'></td></tr>\n";
       echo "<tr><td>Position: </td><td><input type='text' class='textfield' name='e_pos' value='".db_result($res,0,"e_pos")."'></td></tr>\n";

Modified: branches/2.4.5/http/php/mod_evalArea.php
===================================================================
--- tags/2.4.4/http/php/mod_evalArea.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_evalArea.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -20,6 +20,7 @@
 include '../include/dyn_css.php';
 require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
 require_once(dirname(__FILE__)."/../classes/class_administration.php");
+require_once(dirname(__FILE__)."/../classes/class_mb_exception.php");
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
@@ -61,55 +62,71 @@
 $posY = explode (",", $y);
 
 
-if(SYS_DBTYPE=='pgsql'){
-	if(count($posX) > 3){
-	  $sql = "SELECT area2d(GeometryFromText('MULTIPOLYGON(((";
-	  for($i=0; $i<count($posX); $i++){
-	  	if($i>0){$sql .= ",";}
-	  	$sql .= $posX[$i] . " " . $posY[$i];
-	  }
-	  $sql .= ")))',".rawurldecode($epsg).")) as myArea";
-	  $res = db_query($sql);
-	  if($row = db_fetch_array($res)){
-	     echo "Fl&auml;che: ".round($row[0]*100)/100 . " m<sup>2</sup>";
-	  }
+// check if parameters are valid geometries to 
+// avoid SQL injections
+$regExp = "/\d(,\d)*/";
+if (preg_match($regExp, $x) && preg_match($regExp, $y)) {
+
+	if(SYS_DBTYPE=='pgsql'){
+		if (count($posX) > 3) {
+			$sql = "SELECT area2d(GeometryFromText('MULTIPOLYGON(((";
+			for ($i = 0; $i < count($posX); $i++) {
+				if ($i > 0) {
+					$sql .= ",";
+				}
+				$sql .= $posX[$i] . " " . $posY[$i];
+			}
+			$sql .= ")))',".rawurldecode($epsg).")) as myArea";
+	
+			// the input parameters are valid
+			$res = db_query($sql);
+			if($row = db_fetch_array($res)){
+				echo "Fl&auml;che: ".round($row[0]*100)/100 . " m<sup>2</sup>";
+			}
+		}
+		else{
+			echo "Fl&auml;che: 0 m<sup>2</sup>";
+		}
+	}else{
+		#echo "Fl�chenberechnung f�r MySQL liegt derzeit nicht vor<br></sup>";
+		#$con = db_connect($GEOS_DBSERVER,$GEOS_PORT,$GEOS_OWNER,$GEOS_PW);
+		#db_select_db($GEOS_DBSERVER,$con);
+		$con_string = "host=$GEOS_DBSERVER port=$GEOS_PORT dbname=$GEOS_DB user=$GEOS_OWNER password=$GEOS_PW";
+		
+		$con = pg_connect($con_string) or die ("Error while connecting database");
+		
+		
+		if(count($posX) > 3){
+		  $sql = "SELECT area2d(GeometryFromText('MULTIPOLYGON(((";
+		  $i==0;
+		  for($i=0; $i<count($posX); $i++){
+		  	if($i>0){$sql .= ",";}
+		  	$sql .= $posX[$i] . " " . $posY[$i];
+		  }
+		  $sql .= ")))',".rawurldecode($epsg).")) as myArea";
+		  $res = pg_query($con,$sql);
+		  
+		  $cnt = 0;
+		  while(pg_fetch_row($res)){
+		  	 $area = pg_fetch_result($res,$cnt,0);
+		     echo "Fl&auml;che: ".round($area*100)/100 . " m<sup>2</sup>";
+		     $cnt++;
+		  }
+		}
+		else{
+		   echo "Fl&auml;che: 0 m<sup>2</sup>";
+		}
 	}
-	else{
-	   echo "Fl&auml;che: 0 m<sup>2</sup>";
-	}
-}else{
-	#echo "Flächenberechnung für MySQL liegt derzeit nicht vor<br></sup>";
-	#$con = db_connect($GEOS_DBSERVER,$GEOS_PORT,$GEOS_OWNER,$GEOS_PW);
-	#db_select_db($GEOS_DBSERVER,$con);
-	$con_string = "host=$GEOS_DBSERVER port=$GEOS_PORT dbname=$GEOS_DB user=$GEOS_OWNER password=$GEOS_PW";
 	
-	$con = pg_connect($con_string) or die ("Error while connecting database");
-	
-	
-	if(count($posX) > 3){
-	  $sql = "SELECT area2d(GeometryFromText('MULTIPOLYGON(((";
-	  $i==0;
-	  for($i=0; $i<count($posX); $i++){
-	  	if($i>0){$sql .= ",";}
-	  	$sql .= $posX[$i] . " " . $posY[$i];
-	  }
-	  $sql .= ")))',".rawurldecode($epsg).")) as myArea";
-	  $res = pg_query($con,$sql);
-	  
-	  $cnt = 0;
-	  while(pg_fetch_row($res)){
-	  	 $area = pg_fetch_result($res,$cnt,0);
-	     echo "Fl&auml;che: ".round($area*100)/100 . " m<sup>2</sup>";
-	     $cnt++;
-	  }
-	}
-	else{
-	   echo "Fl&auml;che: 0 m<sup>2</sup>";
-	}
+	echo "<br>";
+	echo "Umfang: ". $length . " m";
+} 
+else {
+	$e = new mb_exception("mod_evalArea.php: invalid input geometry; coordinates not float values.");
+	echo "Fl&auml;che: 0 m<sup>2</sup>";
 }
 
-echo "<br>";
-echo "Umfang: ". $length . " m";
+
 #Centroid(geometry)
 /*
 $sql = "SELECT Centroid(GeometryFromText('MULTIPOLYGON(((";

Modified: branches/2.4.5/http/php/mod_gazLayerObj_conf.php
===================================================================
--- tags/2.4.4/http/php/mod_gazLayerObj_conf.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_gazLayerObj_conf.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -76,9 +76,11 @@
 	$con = db_connect($DBSERVER,$OWNER,$PW);
 	db_select_db(DB,$con);
 	
-	$sql = "UPDATE gui_layer SET gui_layer_wfs_featuretype = '".$_REQUEST["myWFS"]."' ";
-	$sql .= "WHERE fkey_gui_id='".$_REQUEST["gui"]."' AND fkey_layer_id=".$_REQUEST["layer"];
-	$res = db_query($sql);
+	$sql = "UPDATE gui_layer SET gui_layer_wfs_featuretype = $1 ";
+	$sql .= "WHERE fkey_gui_id = $2 AND fkey_layer_id = $3";
+	$v = array($_REQUEST["myWFS"], $_REQUEST["gui"], $_REQUEST["layer"]);
+	$t = array("s", "s", "i");
+	$res = db_prep_query($sql, $v, $t);
 	echo "layer is connected with: ".$_REQUEST["myWFS"];
 	die();
 }

Modified: branches/2.4.5/http/php/mod_gazLayerObj_edit.php
===================================================================
--- tags/2.4.4/http/php/mod_gazLayerObj_edit.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_gazLayerObj_edit.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -54,29 +54,34 @@
 if(isset($_REQUEST["save"])){
 	
 	$sql = "UPDATE gazetteer SET ";
-	$sql .= "gazetteer_abstract = '".$_REQUEST["gazetteer_abstract"]."',";
-	$sql .= "g_label = '".$_REQUEST["g_label"]."',";
-	$sql .= "g_label_id = '".$_REQUEST["g_label_id"]."',";
-	$sql .= "g_button = '".$_REQUEST["g_button"]."',";
-	$sql .= "g_button_id = '".$_REQUEST["g_button_id"]."',";
-	$sql .= "g_style = '".$_REQUEST["g_style"]."',";
-	$sql .= "g_buffer = '".$_REQUEST["g_buffer"]."'";	
-	$sql .= " WHERE gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"].";";
+	$sql .= "gazetteer_abstract = $1, ";
+	$sql .= "g_label = $2, ";
+	$sql .= "g_label_id = $3, ";
+	$sql .= "g_button = $4, ";
+	$sql .= "g_button_id = $5, ";
+	$sql .= "g_style = $6, ";
+	$sql .= "g_buffer = $7 ";	
+	$sql .= "WHERE gazetteer_id = $8;";
 	
-	$res = db_query($sql);		
+	$v = array($_REQUEST["gazetteer_abstract"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["fkey_gazetteer_id"]);
+	$t = array("s", "s", "s", "s", "s", "s", "s", "i");
+	$res = db_prep_query($sql, $v, $t);		
 
-	for($i=0; $i<count($_REQUEST["f_id"]); $i++){
+	for ($i = 0; $i < count($_REQUEST["f_id"]); $i++){
 		$sql = "UPDATE gazetteer_element SET ";		
-		$sql .= "f_search = '".$_REQUEST["f_search"][$i]."',";
-		$sql .= "f_pos = '".$_REQUEST["f_pos"][$i]."',";
-		$sql .= "f_style_id = '".$_REQUEST["f_style_id"][$i]."',";
-		$sql .= "f_label = '".$_REQUEST["f_label"][$i]."',";
-		$sql .= "f_label_id = '".$_REQUEST["f_label_id"][$i]."',";
-		$sql .= "f_show = '".$_REQUEST["f_show"][$i]."',";
-		$sql .= "f_respos = '".$_REQUEST["f_respos"][$i]."'";
-		$sql .= " WHERE fkey_gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"]." AND f_id = ".$_REQUEST["f_id"][$i].";";
+		$sql .= "f_search = $1, ";
+		$sql .= "f_pos = $2, ";
+		$sql .= "f_style_id = $3, ";
+		$sql .= "f_label = $4, ";
+		$sql .= "f_label_id = $5, ";
+		$sql .= "f_show = $6, ";
+		$sql .= "f_respos = $7 ";
+		$sql .= "WHERE fkey_gazetteer_id = $8 AND f_id = $9;";
 		
-		$res = db_query($sql);
+		$v = array($_REQUEST["f_search"][$i], $_REQUEST["f_pos"][$i], $_REQUEST["f_style_id"][$i], $_REQUEST["f_label"][$i], $_REQUEST["f_label_id"][$i], $_REQUEST["f_show"][$i], $_REQUEST["f_respos"][$i], $_REQUEST["fkey_gazetteer_id"], $_REQUEST["f_id"][$i]);
+		$t = array("s", "s", "s", "s", "s", "s", "s", "i", "i");
+		
+		$res = db_prep_query($sql, $v, $t);
 	}		
 }
 
@@ -92,8 +97,10 @@
 
 /* configure elements */
 if(isset($_REQUEST["fkey_gazetteer_id"])){
-	$sql = "SELECT * FROM gazetteer WHERE gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"];
-	$res = db_query($sql);
+	$sql = "SELECT * FROM gazetteer WHERE gazetteer_id = $1";
+	$v = array($_REQUEST["fkey_gazetteer_id"]);
+	$t = array("i");
+	$res = db_prep_query($sql, $v, $t);
 	if($row = db_fetch_array($res)){	
 		echo "<table>";
 		echo "<tr><td>ID:</td><td>".$row["gazetteer_id"]."</td></tr>" ;
@@ -110,8 +117,10 @@
 	/* set element options */
 	$sql = "SELECT * FROM gazetteer_element ";
 	$sql .= "JOIN wfs_element ON gazetteer_element.f_id = wfs_element.element_id ";
-	$sql .= "WHERE fkey_gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"];
-	$res = db_query($sql);
+	$sql .= "WHERE fkey_gazetteer_id = $1";
+	$v = array($_REQUEST["fkey_gazetteer_id"]);
+	$t = array("i");
+	$res = db_prep_query($sql, $v, $t);
 	
 	echo "<table border='1'>";
 	echo "<tr>";

Modified: branches/2.4.5/http/php/mod_gazetteer_conf.php
===================================================================
--- tags/2.4.4/http/php/mod_gazetteer_conf.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_gazetteer_conf.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -72,36 +72,22 @@
 	$con = db_connect($DBSERVER,$OWNER,$PW);
 	db_select_db($DB,$con);
 	
-	$sql = "INSERT INTO gazetteer (gazetteer_abstract,fkey_wfs_id,fkey_featuretype_id,g_label,g_label_id,g_button,g_button_id,g_style,g_buffer,g_res_style,g_use_wzgraphics) VALUES(";
-	$sql .= "'".$_REQUEST["gazetteer_abstract"]."',";
-	$sql .= "'".$_REQUEST["wfs"]."',";
-	$sql .= "'".$_REQUEST["featuretype"]."',";
-	$sql .= "'".$_REQUEST["g_label"]."',";
-	$sql .= "'".$_REQUEST["g_label_id"]."',";
-	$sql .= "'".$_REQUEST["g_button"]."',";
-	$sql .= "'".$_REQUEST["g_button_id"]."',";
-	$sql .= "'".$_REQUEST["g_style"]."',";	
-	$sql .= "'".$_REQUEST["g_buffer"]."',";	
-	$sql .= "'".$_REQUEST["g_res_style"]."',";
-	$sql .= $_REQUEST["g_use_wzgraphics"];
-	$sql .= "); ";
-	
-	$res = db_query($sql);		
+	$sql = "INSERT INTO gazetteer (gazetteer_abstract, fkey_wfs_id, ";
+	$sql .= "fkey_featuretype_id, g_label, g_label_id, g_button, ";
+	$sql .= "g_button_id, g_style, g_buffer, g_res_style, g_use_wzgraphics) ";
+	$sql .= "VALUES($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11);";
+	$v = array($_REQUEST["gazetteer_abstract"], $_REQUEST["wfs"], $_REQUEST["featuretype"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"], $_REQUEST["g_use_wzgraphics"]);
+	$t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "i");
+	$res = db_prep_query($sql, $v, $t);		
 	$wfsID = db_insert_id($con);
 	for($i=0; $i<count($_REQUEST["f_id"]); $i++){
-		$sql = "INSERT INTO gazetteer_element (fkey_gazetteer_id,f_id,f_search,f_pos,f_style_id,f_toupper,f_label,f_label_id,f_show,f_respos) VALUES(";
-		$sql .= "'".$wfsID."',";
-		$sql .= "'".$_REQUEST["f_id"][$i]."',";
-		$sql .= "'".$_REQUEST["f_search"][$i]."',";
-		$sql .= "'".$_REQUEST["f_pos"][$i]."',";
-		$sql .= "'".$_REQUEST["f_style_id"][$i]."',";
-		$sql .= "'".$_REQUEST["f_toupper"][$i]."',";		
-		$sql .= "'".$_REQUEST["f_label"][$i]."',";
-		$sql .= "'".$_REQUEST["f_label_id"][$i]."',";
-		$sql .= "'".$_REQUEST["f_show"][$i]."',";
-		$sql .= "'".$_REQUEST["f_respos"][$i]."'";
-		$sql .= "); ";
-		$res = db_query($sql);
+		$sql = "INSERT INTO gazetteer_element (fkey_gazetteer_id, ";
+		$sql .= "f_id, f_search, f_pos, f_style_id, f_toupper, f_label, ";
+		$sql .= "f_label_id, f_show, f_respos) VALUES (";
+		$sql .= "$1, $2, $3, $4, $5, $6, $7, $8, $9, $10);";
+		$v = array($wfsID, $_REQUEST["f_id"][$i], $_REQUEST["f_search"][$i], $_REQUEST["f_pos"][$i], $_REQUEST["f_style_id"][$i], $_REQUEST["f_toupper"][$i], $_REQUEST["f_label"][$i], $_REQUEST["f_label_id"][$i], $_REQUEST["f_show"][$i], $_REQUEST["f_respos"][$i]);
+		$t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s");
+		$res = db_prep_query($sql, $v, $t);
 	}		
 }
 

Modified: branches/2.4.5/http/php/mod_gazetteer_edit.php
===================================================================
--- tags/2.4.4/http/php/mod_gazetteer_edit.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_gazetteer_edit.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -56,31 +56,34 @@
 if(isset($_REQUEST["save"])){
 	
 	$sql = "UPDATE gazetteer SET ";
-	$sql .= "gazetteer_abstract = '".$_REQUEST["gazetteer_abstract"]."',";
-	$sql .= "g_label = '".$_REQUEST["g_label"]."',";
-	$sql .= "g_label_id = '".$_REQUEST["g_label_id"]."',";
-	$sql .= "g_button = '".$_REQUEST["g_button"]."',";
-	$sql .= "g_button_id = '".$_REQUEST["g_button_id"]."',";
-	$sql .= "g_style = '".$_REQUEST["g_style"]."',";
-	$sql .= "g_buffer = '".$_REQUEST["g_buffer"]."',";	
-	$sql .= "g_res_style = '".$_REQUEST["g_res_style"]."',";
-	$sql .= "g_use_wzgraphics = ".$_REQUEST["g_use_wzgraphics"];
-	$sql .= " WHERE gazetteer_id = ".$_REQUEST["gaz"].";";
-	$res = db_query($sql);		
+	$sql .= "gazetteer_abstract = $1, ";
+	$sql .= "g_label = $2, ";
+	$sql .= "g_label_id = $3, ";
+	$sql .= "g_button = $4, ";
+	$sql .= "g_button_id = $5, ";
+	$sql .= "g_style = $6, ";
+	$sql .= "g_buffer = $7, ";	
+	$sql .= "g_res_style = $8, ";
+	$sql .= "g_use_wzgraphics = $9 ";
+	$sql .= "WHERE gazetteer_id = $10;";
+	$v = array($_REQUEST["gazetteer_abstract"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"], $_REQUEST["g_use_wzgraphics"], $_REQUEST["gaz"]);
+	$t = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i");
+	$res = db_prep_query($sql, $v, $t);		
 
 	for($i=0; $i<count($_REQUEST["f_id"]); $i++){
 		$sql = "UPDATE gazetteer_element SET ";		
-		$sql .= "f_search = '".$_REQUEST["f_search"][$i]."',";
-		$sql .= "f_pos = '".$_REQUEST["f_pos"][$i]."',";
-		$sql .= "f_style_id = '".$_REQUEST["f_style_id"][$i]."',";
-		$sql .= "f_toupper = '".$_REQUEST["f_toupper"][$i]."',";
-		$sql .= "f_label = '".$_REQUEST["f_label"][$i]."',";
-		$sql .= "f_label_id = '".$_REQUEST["f_label_id"][$i]."',";
-		$sql .= "f_show = '".$_REQUEST["f_show"][$i]."',";
-		$sql .= "f_respos = '".$_REQUEST["f_respos"][$i]."'";
-		$sql .= " WHERE fkey_gazetteer_id = ".$_REQUEST["gaz"]." AND f_id = ".$_REQUEST["f_id"][$i].";";
-		
-		$res = db_query($sql);
+		$sql .= "f_search = $1, ";
+		$sql .= "f_pos = $2, ";
+		$sql .= "f_style_id = $3, ";
+		$sql .= "f_toupper = $4, ";
+		$sql .= "f_label = $5, ";
+		$sql .= "f_label_id = $6, ";
+		$sql .= "f_show = $7, ";
+		$sql .= "f_respos = $8 ";
+		$sql .= "WHERE fkey_gazetteer_id = $9 AND f_id = $10;";
+		$v = array($_REQUEST["f_search"][$i], $_REQUEST["f_pos"][$i], $_REQUEST["f_style_id"][$i], $_REQUEST["f_toupper"][$i], $_REQUEST["f_label"][$i], $_REQUEST["f_label_id"][$i], $_REQUEST["f_show"][$i], $_REQUEST["f_respos"][$i], $_REQUEST["gaz"], $_REQUEST["f_id"][$i]);
+		$t = array("s", "s", "s", "s", "s", "s", "s", "s", "i", "i");
+		$res = db_prep_query($sql, $v, $t);		
 	}		
 }
 
@@ -110,8 +113,10 @@
 
 /* configure elements */
 if(isset($_REQUEST["gaz"])){
-	$sql = "SELECT * FROM gazetteer WHERE gazetteer_id = ".$_REQUEST["gaz"];
-	$res = db_query($sql);
+	$sql = "SELECT * FROM gazetteer WHERE gazetteer_id = $1";
+	$v = array($_REQUEST["gaz"]);
+	$t = array("i");
+	$res = db_prep_query($sql, $v, $t);
 	if($row = db_fetch_array($res)){	
 		echo "<table>";
 		echo "<tr><td>GazetterID:</td><td>".$row["gazetteer_id"]."</td></tr>" ;
@@ -132,9 +137,11 @@
 	/* set element options */
 	$sql = "SELECT * FROM gazetteer_element ";
 	$sql .= "JOIN wfs_element ON gazetteer_element.f_id = wfs_element.element_id ";
-	$sql .= "WHERE fkey_gazetteer_id = ".$_REQUEST["gaz"];
+	$sql .= "WHERE fkey_gazetteer_id = $1";
+	$v = array($_REQUEST["gaz"]);
+	$t = array("i");
 	echo $sql;
-	$res = db_query($sql);
+	$res = db_prep_query($sql, $v, $t);
 	
 	echo "<table border='1'>";
 	echo "<tr>";

Modified: branches/2.4.5/http/php/mod_getStyles.php
===================================================================
--- tags/2.4.4/http/php/mod_getStyles.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_getStyles.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -81,7 +81,7 @@
 {
    global $proxy_name,$proxy_port,$proxy_cont,$proxy_user,$proxy_pass;
 //echo $proxy_user;
-   $proxy_fp = fsockopen($proxy_name, $proxy_port) or die ("Fehler beim öffnen der Verbindung zum Proxy");
+   $proxy_fp = fsockopen($proxy_name, $proxy_port) or die ("Fehler beim �ffnen der Verbindung zum Proxy");
    if (!$proxy_fp)    {return false;}
       $headers = "GET $proxy_url HTTP/1.0\r\nHost: $proxy_name\r\n";
    $headers .= 'Proxy-Authorization: ' . 'Basic ' . base64_encode($proxy_user . ':' . $proxy_pass)."\r\nConnection: Keep-Alive\r\n\r\n";
@@ -126,9 +126,12 @@
 	@fclose($style_xml);
 	fclose($style_file);
 	#include(dirname(__FILE__)."/../../conf/www.conf");
-	$sql = "UPDATE wms SET wms_filter = '".str_replace(basename($login),$style_filename,$login)."' WHERE wms_id = ". $wmsList;
+	$pattern = "/" . basename($login) . "/";
+	$sql = "UPDATE wms SET wms_filter = $1 WHERE wms_id = $2";
+	$v = array(preg_replace($pattern,$style_filename,$login), $wmsList);
+	$t = array("s", "i");
 	echo $sql;
-	db_query($sql) or die("unable to change filter!");	
+	db_prep_query($sql, $v, $t) or die("unable to change filter!");	
 }
 ###
 
@@ -141,8 +144,10 @@
 	# getStyle - Request:
 	if($wmsList && $row["wms_id"] == $wmsList){
 		$getStyle = $row["wms_getmap"]."&VERSION=1.1.1&REQUEST=getStyles&SERVICE=WMS&LAYERS=";
-		$sql_style = "SELECT layer_name FROM layer WHERE fkey_wms_id = " . $wmsList;
-		$res_style = db_query($sql_style);
+		$sql_style = "SELECT layer_name FROM layer WHERE fkey_wms_id = $1";
+		$v = array($wmsList);
+		$t = array("i");
+		$res_style = db_prep_query($sql_style, $v, $t);
 	
 		$cnt_style = 0;
 		while($row2 = db_fetch_array($res_style)){

Modified: branches/2.4.5/http/php/mod_loadCapabilitiesList.php
===================================================================
--- tags/2.4.4/http/php/mod_loadCapabilitiesList.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_loadCapabilitiesList.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -154,8 +154,10 @@
 		$cnt++;
 	}
 
-	$sql = "SELECT * FROM gui_layer WHERE fkey_gui_id = '".$guiID."' AND gui_layer_wms_id = ".$wmsID;
-	$res = db_query($sql);
+	$sql = "SELECT * FROM gui_layer WHERE fkey_gui_id = $1 AND gui_layer_wms_id = $2";
+	$v = array($guiID, $wmsID);
+	$t = array("s", "i");
+	$res = db_prep_query($sql, $v, $t);
 	$cnt = 0;
 	while($row = db_fetch_array($res)){
 		$sql_ins = "INSERT INTO gui_layer (fkey_gui_id,fkey_layer_id,gui_layer_wms_id,gui_layer_status,gui_layer_selectable,";
@@ -180,12 +182,17 @@
 	echo"<br>";
 	 
 	$sql = "SELECT * FROM gui WHERE gui_id IN (";
-	for($i=0; $i<count($ownguis); $i++){
-		if($i>0){ $sql .= ",";}
-		$sql .= "'".$ownguis[$i]."'";
+	$v = $ownguis;
+	$t = array();
+	for ($i = 1; $i <= count($ownguis); $i++){
+		if ($i > 1) { 
+			$sql .= ",";
+		}
+		$sql .= "$".$i;
+		array_push($t, "s");
 	}
 	$sql .= ") ORDER BY gui_name";	
-	$res = db_query($sql);
+	$res = db_prep_query($sql, $v, $t);
 	$count=0;
 	echo"<select size='8' name='guiList' style='width:200px' onClick='submit()'>";
 	while($row = db_fetch_array($res)){
@@ -236,12 +243,17 @@
 	echo"<div class='text1'>Load WMS</div>";
 	$sql = "SELECT DISTINCT wms.wms_id,wms.wms_title,wms.wms_abstract,wms.wms_owner FROM gui_wms JOIN wms ON ";
 	$sql .= "wms.wms_id = gui_wms.fkey_wms_id WHERE gui_wms.fkey_gui_id IN(";
-	for($i=0; $i<count($arrayGUIs); $i++){
-		if($i>0){$sql .= ",";}
-		$sql .= "'".$arrayGUIs[$i]."'";
+	$v = $arrayGUIs;
+	$t = array();
+	for ($i = 1; $i <= count($arrayGUIs); $i++){
+		if ($i > 1) {
+			$sql .= ",";
+		}
+		$sql .= "$" . $i;
+		array_push($t, "s");
 	}
 	$sql .= ") ORDER BY wms.wms_title";
-	$res = db_query($sql);
+	$res = db_prep_query($sql, $v, $t);
 	echo "<select class='select1' name='wmsID' size='20' onchange='submit()'>";
 	$cnt = 0;
 	while($row = db_fetch_array($res)){
@@ -263,8 +275,10 @@
 	
 	if(isset($wmsID)){
 		echo "<div class='text2'>FROM:</div>";
-		$sql = "SELECT * from gui_wms WHERE fkey_wms_id ='".$wmsID."' ORDER BY fkey_gui_id";
-		$res = db_query($sql);
+		$sql = "SELECT * from gui_wms WHERE fkey_wms_id = $1 ORDER BY fkey_gui_id";
+		$v = array($wmsID);
+		$t = array("s");
+		$res = db_prep_query($sql, $v, $t);
 		echo "<select class='select2' name='guiID' size='20' onchange='load()'>";
 		$cnt = 0;
 		while($row = db_fetch_array($res)){

Modified: branches/2.4.5/http/php/mod_map1.php
===================================================================
--- tags/2.4.4/http/php/mod_map1.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_map1.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -37,8 +37,10 @@
 
 <title>mod_map1</title>
 <?php
-$sql = "SELECT e_width, e_height FROM gui_element WHERE e_id = 'mapframe1' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res = db_query($sql);
+$sql = "SELECT e_width, e_height FROM gui_element WHERE e_id = 'mapframe1' AND fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
 $cnt = 0;
 while($row = db_fetch_array($res)){
    $e_width = $row["e_width"];

Modified: branches/2.4.5/http/php/mod_mapOV.php
===================================================================
--- tags/2.4.4/http/php/mod_mapOV.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_mapOV.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -45,8 +45,10 @@
 ?>
 <?php
 $gui_id = $_SESSION["mb_user_gui"];
-$sql = "SELECT e_width,e_height, e_target FROM gui_element WHERE e_id = 'overview' AND fkey_gui_id = '".$gui_id."'";
-$res = db_query($sql);
+$sql = "SELECT e_width,e_height, e_target FROM gui_element WHERE e_id = 'overview' AND fkey_gui_id = $1";
+$v = array($gui_id);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
 $cnt = 0;
 echo "<script type='text/javascript'>";
 while($row = db_fetch_array($res)){ 

Modified: branches/2.4.5/http/php/mod_renameGUI.php
===================================================================
--- tags/2.4.4/http/php/mod_renameGUI.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_renameGUI.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -150,7 +150,7 @@
 }
 </script>
 </head>
-<body onLoad='document.form1.newGuiName.focus()'>
+<body>
 <?php
 
 require_once(dirname(__FILE__)."/../classes/class_administration.php");

Modified: branches/2.4.5/http/php/mod_simpleWMSpreferences.php
===================================================================
--- tags/2.4.4/http/php/mod_simpleWMSpreferences.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_simpleWMSpreferences.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -76,8 +76,10 @@
 <?php
 $con = db_connect($DBSERVER,$OWNER,$PW);
 db_select_db(DB,$con);
-$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res = db_query($sql);
+$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
 $cnt = 0;
 while($row = db_fetch_array($res)){
    $e_target = $row["e_target"];

Modified: branches/2.4.5/http/php/mod_treefolderAdmin.php
===================================================================
--- tags/2.4.4/http/php/mod_treefolderAdmin.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_treefolderAdmin.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -434,21 +434,28 @@
   // this is a multinary tree structure which is easy to
   // populate with database data :)
 <?php
-$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = '".$guiList."'";
-$res = db_query($sql);
+$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = $1";
+// $v and $t will be re-used below!
+$v = array($guiList);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
 if(!db_fetch_row($res)){
-	$sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES('".$guiList."', 'new','1','4','')";
-	db_query($sql);
-	$sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES('".$guiList."','new','2','3','')";
-	db_query($sql);      
+	$sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES($1, 'new','1','4','')";
+	//using $v and $t fom above
+	db_prep_query($sql, $v, $t);
+	$sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES($1,'new','2','3','')";
+	//using $v and $t fom above
+	db_prep_query($sql, $v, $t);
 }
-
+	
 $sql = "SELECT n.wms_id, n.id, n.my_layer_title, n.lft, n.rgt, n.layer, COUNT(*) AS level1, ((n.rgt - n.lft -1)/2) AS offspring ";
 $sql .= "FROM gui_treegde as n, gui_treegde as p WHERE n.lft BETWEEN p.lft AND p.rgt ";
-$sql .= " AND n.fkey_gui_id = '".$guiList."' AND p.fkey_gui_id = '".$guiList."' ";
+$sql .= " AND n.fkey_gui_id = $1 AND p.fkey_gui_id = $2 ";
 $sql .= " GROUP BY n.wms_id, n.lft, n.my_layer_title,  ((n.rgt - n.lft -1)/2) , n.id, n.rgt, n.layer ORDER BY n.lft;";
 #echo $sql;
-$res = db_query($sql);
+$v = array($guiList, $guiList);
+$t = array("s", "s");
+$res = db_prep_query($sql, $v, $t);
 	echo "function initArray(){";
 	echo "Note(0,-1,'','');";
 	$cnt = 0;

Modified: branches/2.4.5/http/php/mod_treefolderClient.php
===================================================================
--- tags/2.4.4/http/php/mod_treefolderClient.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_treefolderClient.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -78,8 +78,10 @@
     // -->
     </STYLE>
 <?php
-$sql = "SELECT e_target FROM gui_element WHERE e_id = 'treeConfGDE' AND fkey_gui_id = '".$guiList."'";
-$res = db_query($sql);
+$sql = "SELECT e_target FROM gui_element WHERE e_id = 'treeConfGDE' AND fkey_gui_id = $1";
+$v = array($guiList);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
 $cnt = 0;
 while(db_fetch_row($res)){ 
 	$e_target = db_result($res,0,"e_target");
@@ -548,21 +550,27 @@
   // this is a multinary tree structure which is easy to
   // populate with database data :)
 <?php
-$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = '".$guiList."'";
-$res = db_query($sql);
+$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = $1";
+// $v and $t will be re-used below!
+$v = array($guiList);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
 if(!db_fetch_row($res)){
-	$sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES('".$guiList."', 'new','1','4','')";
-	db_query($sql);
-	$sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES('".$guiList."','new','2','3','')";
-	db_query($sql);      
+	$sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES($1, 'new','1','4','')";
+	//using $v and $t fom above
+	db_prep_query($sql, $v, $t);
+	$sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES($1,'new','2','3','')";
+	//using $v and $t fom above
+	db_prep_query($sql, $v, $t);
 }
 
 $sql = "SELECT n.wms_id, n.id, n.my_layer_title, n.lft, n.rgt, n.layer, COUNT(*) AS level1, ((n.rgt - n.lft -1)/2) AS offspring ";
 $sql .= "FROM gui_treegde as n, gui_treegde as p WHERE n.lft BETWEEN p.lft AND p.rgt ";
-$sql .= " AND n.fkey_gui_id = '".$guiList."' AND p.fkey_gui_id = '".$guiList."' ";
+$sql .= " AND n.fkey_gui_id = $1 AND p.fkey_gui_id = $2 ";
 $sql .= " GROUP BY n.wms_id, n.lft, n.my_layer_title,  ((n.rgt - n.lft -1)/2) , n.id, n.rgt, n.layer ORDER BY n.lft";
-
-$res = db_query($sql);
+$v = array($guiList, $guiList);
+$t = array("s", "s");
+$res = db_prep_query($sql, $v, $t);
 	echo "function initArray(){";
 	echo "Note(0,-1,'','');";
 	$cnt = 0;

Modified: branches/2.4.5/http/php/mod_wfs_conf.php
===================================================================
--- tags/2.4.4/http/php/mod_wfs_conf.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_wfs_conf.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -89,62 +89,74 @@
 
         db_select_db($DB,$con);
 
-        $sql = "INSERT INTO wfs_conf (wfs_conf_abstract,fkey_wfs_id,fkey_featuretype_id,g_label,g_label_id,g_button,g_button_id,g_style,g_buffer,g_res_style,g_use_wzgraphics) VALUES(";
-        $sql .= "'".$_REQUEST["wfs_conf_abstract"]."',";
-        $sql .= "'".$_REQUEST["wfs"]."',";
-        $sql .= "'".$_REQUEST["featuretype"]."',";
-        $sql .= "'".$_REQUEST["g_label"]."',";
-        $sql .= "'".$_REQUEST["g_label_id"]."',";
-        $sql .= "'".$_REQUEST["g_button"]."',";
-        $sql .= "'".$_REQUEST["g_button_id"]."',";
-        $sql .= "'".$_REQUEST["g_style"]."',";
-        $sql .= "'".$_REQUEST["g_buffer"]."',";
-        $sql .= "'".$_REQUEST["g_res_style"]."',";        
-        if(!empty($_REQUEST["g_use_wzgraphics"])){
+        $sql = "INSERT INTO wfs_conf (";
+        $sql .= "wfs_conf_abstract, fkey_wfs_id, ";
+        $sql .= "fkey_featuretype_id, g_label, g_label_id, g_button, ";
+        $sql .= "g_button_id, g_style, g_buffer, g_res_style, g_use_wzgraphics";
+		$sql .= ") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, ";
+        if (!empty($_REQUEST["g_use_wzgraphics"])) {
 			$sql .= "'1'";
-		}else{$sql .= "'0'";}
+		}
+		else {
+			$sql .= "'0'";
+		}
         $sql .= "); ";
+        
+		$v = array($_REQUEST["wfs_conf_abstract"], $_REQUEST["wfs"], $_REQUEST["featuretype"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"]);
+		$t = array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s");
+        $res = db_prep_query($sql, $v, $t);
+        
+        $wfsID = db_insert_id($con,'wfs_conf','wfs_conf_id');
 
-        $res = db_query($sql);
-        $wfsID = db_insert_id($con,'wfs_conf','wfs_conf_id');
-        for($i=0; $i<$_REQUEST["num"]; $i++){
+        for ($i = 0; $i < $_REQUEST["num"]; $i++){
                 $sql = "INSERT INTO wfs_conf_element (fkey_wfs_conf_id,f_id,f_search,f_pos,f_style_id,f_toupper,f_label,f_label_id,f_show,f_respos,f_edit,f_form_element_html,f_mandatory) VALUES(";
-                $sql .= "'".$wfsID."',";
-                $sql .= "'".$_REQUEST["f_id".$i]."',";
-                if(!empty($_REQUEST["f_search".$i])){
-                	$sql .= "'1',";
-                }else{$sql .= "'0',";}
-                $sql .= "'".$_REQUEST["f_pos".$i]."',";
-                $sql .= "'".$_REQUEST["f_style_id".$i]."',";                
-				if(!empty($_REQUEST["f_toupper".$i])){
-                	$sql .= "'1',";
-                }else{$sql .= "'0',";}				
-                $sql .= "'".$_REQUEST["f_label".$i]."',";
-                $sql .= "'".$_REQUEST["f_label_id".$i]."',";
-                if(!empty($_REQUEST["f_show".$i])){
-                	$sql .= "'1',";
-                }else{$sql .= "'0',";}
-                $sql .= "'".$_REQUEST["f_respos".$i]."'";
-				$sql .= ",";
-                if(!empty($_REQUEST["f_edit".$i])){
-                	$sql .= "'1',";
-                }else{$sql .= "'0',";}
-                $sql .= "'".$_REQUEST["f_form_element_html".$i]."',";
-                if(!empty($_REQUEST["f_mandatory".$i])){
+                $sql .= "$1, $2, ";
+                if (!empty($_REQUEST["f_search".$i])) {
                 	$sql .= "'1'";
-                }else{$sql .= "'0'";}
-//                $sql .= ", ";
-//                $sql .= "'".addslashes($_REQUEST["f_auth_varname".$i]);
-//				$sql .= "'";
-                $sql .= "); ";
+                }
+                else {
+                	$sql .= "'0'";
+                }
+                $sql .= ", $3, $4, ";
+				if (!empty($_REQUEST["f_toupper".$i])) {
+                	$sql .= "'1'";
+                }
+                else {
+                	$sql .= "'0'";
+                }				
+                $sql .= ",$5, $6, ";
+                if (!empty($_REQUEST["f_show".$i])) {
+                	$sql .= "'1'";
+                }
+                else {
+                	$sql .= "'0',";
+                }
+                $sql .= ", $7, ";
+                if (!empty($_REQUEST["f_edit".$i])) {
+                	$sql .= "'1'";
+                } 
+                else {
+                	$sql .= "'0'";
+                }
+                $sql .= ",$8, ";
+                if (!empty($_REQUEST["f_mandatory".$i])) {
+                	$sql .= "'1'";
+                }
+                else {
+                	$sql .= "'0'";
+                }
+ 				$sql .= "); ";
 
-                $res = db_query($sql);
+				$v = array($wfsID, $_REQUEST["f_id".$i], $_REQUEST["f_pos".$i], $_REQUEST["f_style_id".$i], $_REQUEST["f_label".$i], $_REQUEST["f_label_id".$i], $_REQUEST["f_respos".$i], $_REQUEST["f_form_element_html".$i], $_REQUEST["f_auth_varname".$i]);
+				$t = array("s", "s", "s", "s", "s", "s", "s", "s", "s");
+                $res = db_prep_query($sql, $v, $t);
         }
         if (isset($_REQUEST["f_geom"])) {
-	        $sql = "UPDATE wfs_conf_element SET ";
-	        $sql .= "f_geom = 1";
-	        $sql .= " WHERE fkey_wfs_conf_id = ".$wfsID." AND f_id = ".$_REQUEST["f_geom"].";";
-			$res = db_query($sql);
+	        $sql = "UPDATE wfs_conf_element SET f_geom = 1 ";
+	        $sql .= "WHERE fkey_wfs_conf_id = $1 AND f_id = $2;";
+	        $v = array($wfsID, $_REQUEST["f_geom"]);
+	        $t = array("i", "i");
+			$res = db_prep_query($sql, $v, $t);
         }
 		
 		echo "<script language='javascript'>";
@@ -271,8 +283,7 @@
                 echo "<td><input name='f_respos".$i."' type='text' size='1' value='0'></td>";
                 echo "<td><input name='f_mandatory".$i."' type='checkbox'></td>";
                 echo "<td><input name='f_edit".$i."' type='checkbox'></td>";
-                echo "<td><textarea name='f_form_element_html".$cnt."' cols='15' rows='1' ></textarea></td>";
-//                echo "<td><input name='f_auth_varname".$cnt."' type='text' size='8' value='".$row["f_auth_varname"]."'></td>";
+                echo "<td><textarea name='f_form_element_html".$i."' cols='15' rows='1' ></textarea></td>";
                 echo "</tr>";
         }
         echo "</table>";

Modified: branches/2.4.5/http/php/mod_wfs_edit.php
===================================================================
--- tags/2.4.4/http/php/mod_wfs_edit.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_wfs_edit.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -58,78 +58,89 @@
 if(isset($_REQUEST["save"])){
 
         $sql = "UPDATE wfs_conf SET ";
-        $sql .= "wfs_conf_abstract = '".$_REQUEST["wfs_conf_abstract"]."',";
-        $sql .= "g_label = '".$_REQUEST["g_label"]."',";
-        $sql .= "g_label_id = '".$_REQUEST["g_label_id"]."',";
-        $sql .= "g_button = '".$_REQUEST["g_button"]."',";
-        $sql .= "g_button_id = '".$_REQUEST["g_button_id"]."',";
-        $sql .= "g_style = '".$_REQUEST["g_style"]."',";
-        $sql .= "g_buffer = '".$_REQUEST["g_buffer"]."',";
-        $sql .= "g_res_style = '".$_REQUEST["g_res_style"]."',";
-        $sql .= "g_use_wzgraphics = ";
-        if(!empty($_REQUEST["g_use_wzgraphics"])){
-        	$sql .= '1';
-        }else{$sql .= '0';}
-        $sql .= " WHERE wfs_conf_id = ".$_REQUEST["gaz"].";";
+        $sql .= "wfs_conf_abstract = $1, g_label = $2, ";
+        $sql .= "g_label_id = $3, g_button = $4, g_button_id = $5, g_style = $6, ";
+        $sql .= "g_buffer = $7, g_res_style = $8, g_use_wzgraphics = ";
+        if (!empty($_REQUEST["g_use_wzgraphics"])) {
+        	$sql .= "1";
+        }
+        else {
+        	$sql .= "0";
+        }
+        $sql .= " WHERE wfs_conf_id = $9;";
         
-        $res = db_query($sql);
+        $v = array($_REQUEST["wfs_conf_abstract"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["g_res_style"], $_REQUEST["gaz"]);
+        $t = array("s", "s", "s", "s", "s", "s", "s", "i", "s", "i");
+        $res = db_prep_query($sql, $v, $t);
 		        
 		if (isset($_REQUEST["f_geom"])) {
-	        $sql = "UPDATE wfs_conf_element SET ";
-	        $sql .= "f_geom = 1";
-	        $sql .= " WHERE fkey_wfs_conf_id = ".$_REQUEST["gaz"]." AND f_id = ".$_REQUEST["f_geom"].";";
-			$res = db_query($sql);
+	        $sql = "UPDATE wfs_conf_element SET f_geom = 1 ";
+	        $sql .= "WHERE fkey_wfs_conf_id = $1 AND f_id = $2;";
+	        $v = array($_REQUEST["gaz"], $_REQUEST["f_geom"]);
+	        $t = array("i", "s");
+			$res = db_prep_query($sql);
 			
-			$sql = "UPDATE wfs_conf_element SET ";
-	        $sql .= "f_geom = 0";
-	        $sql .= " WHERE fkey_wfs_conf_id = ".$_REQUEST["gaz"]." AND f_id <>  ".$_REQUEST["f_geom"].";";
-			$res = db_query($sql);
+			$sql = "UPDATE wfs_conf_element SET f_geom = 0 ";
+	        $sql .= "WHERE fkey_wfs_conf_id = $1 AND f_id <> $2;";
+	        $v = array($_REQUEST["gaz"], $_REQUEST["f_geom"]);
+	        $t = array("i", "s");
+			$res = db_prep_query($sql);
 		}
 		else {
-			$sql = "UPDATE wfs_conf_element SET ";
-	        $sql .= "f_geom = 0";
-	        $sql .= " WHERE fkey_wfs_conf_id = ".$_REQUEST["gaz"].";";
-			$res = db_query($sql);
+			$sql = "UPDATE wfs_conf_element SET f_geom = 0 ";
+	        $sql .= "WHERE fkey_wfs_conf_id = $1;";
+	        $v = array($_REQUEST["gaz"]);
+	        $t = array("i");
+			$res = db_prep_query($sql);
 		}
 		
         for($i=0; $i<$_REQUEST["num"]; $i++){
         	
-                $sql = "UPDATE wfs_conf_element SET ";
-                $sql .= "f_search = '";
-                if(!empty($_REQUEST["f_search".$i])){
-                	$sql .= '1';
-                }else{$sql .= '0';}
-                $sql .= "',";
-                $sql .= "f_pos = '".$_REQUEST["f_pos".$i]."',";
-                $sql .= "f_style_id = '".$_REQUEST["f_style_id".$i]."',";
+                $sql = "UPDATE wfs_conf_element SET f_search = '";
+                if (!empty($_REQUEST["f_search".$i])) {
+                	$sql .= "1";
+                }
+                else {
+                	$sql .= "0";
+                }
+                $sql .= "', f_pos = $1, f_style_id = $2,";
                 $sql .= "f_toupper = '" ;
-                if(!empty($_REQUEST["f_toupper".$i])){
-                	$sql .= '1';
-                }else{$sql .= '0';}
-                $sql .= "',";
-                $sql .= "f_label = '".$_REQUEST["f_label".$i]."',";
-                $sql .= "f_label_id = '".$_REQUEST["f_label_id".$i]."',";
+                if (!empty($_REQUEST["f_toupper".$i])) {
+                	$sql .= "1";
+                }
+                else { 
+                	$sql .= "0";
+                }
+                $sql .= "',f_label = $3, f_label_id = $4,";
                 $sql .= "f_show = '";
-                if(!empty($_REQUEST["f_show".$i])){
-                	$sql .= '1';
-                }else{$sql .= '0';}
-				$sql .= "',";
-                $sql .= "f_respos = '".$_REQUEST["f_respos".$i]."' ";
-				$sql .= ",";
+                if (!empty($_REQUEST["f_show".$i])) {
+                	$sql .= "1";
+                }
+                else {
+                	$sql .= "0";
+                }
+				$sql .= "',f_respos = $5,";
                 $sql .= "f_edit = '";
-                if(!empty($_REQUEST["f_edit".$i])){
-                	$sql .= '1';
-                }else{$sql .= '0';}
-				$sql .= "',";
-                $sql .= "f_form_element_html = '".addslashes($_REQUEST["f_form_element_html".$i]);
-				$sql .= "',";
+                if (!empty($_REQUEST["f_edit".$i])) {
+                	$sql .= "1";
+                }
+                else {
+                	$sql .= "0";
+                }
+				$sql .= "', f_form_element_html = $6,";
                 $sql .= "f_mandatory = '";
-                if(!empty($_REQUEST["f_mandatory".$i])){
+                if (!empty($_REQUEST["f_mandatory".$i])) {
                 	$sql .= "1";
-                }else{$sql .= "0";}
+                }
+                else {
+                	$sql .= "0";
+                }
 				$sql .= "'";
-                $sql .= " WHERE fkey_wfs_conf_id = ".$_REQUEST["gaz"]." AND f_id = ".$_REQUEST["f_id".$i].";";
-                $res = db_query($sql);
+				$sql .= " WHERE fkey_wfs_conf_id = $8 AND f_id = $9;";
+
+				$v = array($_REQUEST["f_pos".$i], $_REQUEST["f_style_id".$i], $_REQUEST["f_label".$i], $_REQUEST["f_label_id".$i], $_REQUEST["f_respos".$i], addslashes($_REQUEST["f_form_element_html".$i]), $_REQUEST["f_auth_varname".$i], $_REQUEST["gaz"], $_REQUEST["f_id".$i]);
+				$t = array("s", "s", "s", "s", "s", "s", "s", "i", "s");
+                $res = db_prep_query($sql, $v, $t);
         }
 }
 
@@ -164,9 +175,11 @@
 }
 
 /* configure elements */
-if(isset($_REQUEST["gaz"])){
-        $sql = "SELECT * FROM wfs_conf WHERE wfs_conf_id = ".$_REQUEST["gaz"];
-        $res = db_query($sql);
+if (isset($_REQUEST["gaz"])) {
+        $sql = "SELECT * FROM wfs_conf WHERE wfs_conf_id = $1";
+        $v = array($_REQUEST["gaz"]);
+        $t = array("i");
+        $res = db_prep_query($sql, $v, $t);
         if($row = db_fetch_array($res)){
                 echo "<table>";
                 echo "<tr><td>GazetterID:</td><td>".$row["wfs_conf_id"]."</td></tr>" ;
@@ -187,9 +200,10 @@
         /* set element options */
         $sql = "SELECT * FROM wfs_conf_element ";
         $sql .= "JOIN wfs_element ON wfs_conf_element.f_id = wfs_element.element_id ";
-        $sql .= "WHERE fkey_wfs_conf_id = ".$_REQUEST["gaz"]." ORDER BY f_id";
-
-        $res = db_query($sql);
+        $sql .= "WHERE fkey_wfs_conf_id = $1 ORDER BY f_id";
+		$v = array($_REQUEST["gaz"]);
+		$t = array("i");
+        $res = db_prep_query($sql, $v, $t);
 		
         echo "<table border='1'>";
         echo "<tr valign = bottom>";

Modified: branches/2.4.5/http/php/mod_wfsrequest.php
===================================================================
--- tags/2.4.4/http/php/mod_wfsrequest.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/mod_wfsrequest.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -32,8 +32,8 @@
 $sql .= "WHERE wfs_conf.wfs_conf_id = $1";
 
 $v = array($_REQUEST['wfs_conf_id']);
-$t = array('i');
-$res = db_prep_query($sql,$v,$t);
+$t = array("i");
+$res = db_prep_query($sql, $v, $t);
 if($row = db_fetch_array($res)){
         $g_res_style  = $row["g_res_style"];
         
@@ -45,8 +45,8 @@
 $sql .= "WHERE wfs_conf_element.fkey_wfs_conf_id = $1 ";
 $sql .= "AND wfs_conf_element.f_show = 1 ORDER BY wfs_conf_element.f_respos;";
 $v = array($_REQUEST['wfs_conf_id']);
-$t = array('i');
-$res = db_prep_query($sql,$v,$t);
+$t = array("i");
+$res = db_prep_query($sql, $v, $t);
 $col = array();
 $cnt = 0;
 while($row = db_fetch_array($res)){

Modified: branches/2.4.5/http/php/nestedSets.php
===================================================================
--- tags/2.4.4/http/php/nestedSets.php	2008-01-21 09:19:43 UTC (rev 2000)
+++ branches/2.4.5/http/php/nestedSets.php	2008-02-13 08:21:37 UTC (rev 2082)
@@ -58,16 +58,16 @@
 	if(value == 'insert'){
 		/*
 		if(document.forms[0].title.value == ''){alert("Bitte geben Sie einen Titel an."); permission = false; return;}
-		if(document.forms[0].left.value == ''){alert("Wählen Sie eine Position."); permission = false; return;}
+		if(document.forms[0].left.value == ''){alert("W�hlen Sie eine Position."); permission = false; return;}
       	*/
       	if(document.forms[0].title.value == ''){alert("Please insert a title."); permission = false; return;}
 		if(document.forms[0].left.value == ''){alert("Please choose a position."); permission = false; return;}
       
-      if(document.forms[0].wmsList.selectedIndex > 0 && document.forms[0].layer.selectedIndex == 0){alert("Wählen Sie einen Layer."); permission = false; return;}
+      if(document.forms[0].wmsList.selectedIndex > 0 && document.forms[0].layer.selectedIndex == 0){alert("W�hlen Sie einen Layer."); permission = false; return;}
 		if(permission == true){document.forms[0].action.value = "insert"; document.forms[0].submit();}
 	}
 	if(value == 'delete'){
-		//permission = confirm("Soll das Objekt mit Inhalten gelöscht werden?");
+		//permission = confirm("Soll das Objekt mit Inhalten gel�scht werden?");
 		permission = confirm("Do you want to delete the object and the content of the object?");
 		if(permission == true){
 		document.forms[0].action.value = "delete"; 
@@ -77,7 +77,7 @@
 	if(value == 'update'){
 		/*
 		if(document.forms[0].title.value == ''){alert("Bitte geben Sie einen Titel an."); permission = false; return;}
-		if(document.forms[0].left.value == ''){alert("Bitte wählen Sie eine Position."); permission = false; return;}
+		if(document.forms[0].left.value == ''){alert("Bitte w�hlen Sie eine Position."); permission = false; return;}
 		*/
 		
 		if(document.forms[0].title.value == ''){alert("Please fill in a labeling."); permission = false; return;}
@@ -87,10 +87,10 @@
 	}
 	if(value == 'add'){
 		/*
-		if(document.forms[0].left.value == ''){alert("Bitte wählen Sie eine Position."); permission = false; return;}
-		if(document.forms[0].guiList.selectedIndex == 0){alert("Bitte wählen Sie eine GUI."); permission = false; return;}
-		if(document.forms[0].wmsList.selectedIndex == 0){alert("Bitte wählen Sie einen WMS."); permission = false; return;}
-		if(document.forms[0].layer.selectedIndex == 0){alert("Bitte wählen Sie eine Ebene."); permission = false; return;}
+		if(document.forms[0].left.value == ''){alert("Bitte w�hlen Sie eine Position."); permission = false; return;}
+		if(document.forms[0].guiList.selectedIndex == 0){alert("Bitte w�hlen Sie eine GUI."); permission = false; return;}
+		if(document.forms[0].wmsList.selectedIndex == 0){alert("Bitte w�hlen Sie einen WMS."); permission = false; return;}
+		if(document.forms[0].layer.selectedIndex == 0){alert("Bitte w�hlen Sie eine Ebene."); permission = false; return;}
 		*/
 		
 		if(document.forms[0].left.value == ''){alert("Please fill in a position."); permission = false; return;}
@@ -116,26 +116,31 @@
 }
 if(isset($action) && $action == "insert"){
 	$temp = explode("###", $layer);
-	$sql = "SELECT rgt FROM gui_treegde WHERE lft = ".$left." AND fkey_gui_id = '".$guiList."'";
-	$res = db_query($sql);
+	$sql = "SELECT rgt FROM gui_treegde WHERE lft = $1 AND fkey_gui_id = $1";
+	$v = array($left, $guiList);
+	$t = array("i", "s");
+	$res = db_prep_query($sql, $v, $t);
 	if($pos == 'in'){$left = $left + 1;}
 	else if($pos == 'hinter'){$left = db_result($res,0,"rgt") + 1;}
 	else{ $left = $left + 2;}
-	$sql = "UPDATE gui_treegde SET rgt=rgt+2 WHERE rgt >=". $left." AND fkey_gui_id = '".$guiList."'";
-	db_query($sql);
-	$sql = "UPDATE gui_treegde SET lft=lft+2 WHERE lft >=".$left." AND fkey_gui_id = '".$guiList."'";
-	db_query($sql);
-	$sql = "INSERT INTO gui_treegde(fkey_gui_id, fkey_layer_id, lft,rgt, my_layer_title, layer, wms_id) VALUES(";
-		$sql .= "'".$guiList."', ";
-		$sql .= "'".$temp[0]."', ";	
-		$sql .= $left.", ";
-		$sql .= ($left+1).", ";
-		$sql .= "'".$name."', ";
-		$sql .= "'".$temp[1]."', ";
-		$sql .= "'".$wmsList."'";
-		$sql .= ")";
-		#echo $sql . "<br>";		
-	db_query($sql);
+	
+	$sql = "UPDATE gui_treegde SET rgt=rgt+2 WHERE rgt >= $1 AND fkey_gui_id = $2";
+	$v = array($left, $guiList);
+	$t = array("i", "s");
+	db_prep_query($sql, $v, $t);
+	
+	$sql = "UPDATE gui_treegde SET lft=lft+2 WHERE lft >= $1 AND fkey_gui_id = $2";
+	$v = array($left, $guiList);
+	$t = array("i", "s");
+	db_prep_query($sql, $v, $t);
+
+	$sql = "INSERT INTO gui_treegde(fkey_gui_id, fkey_layer_id, lft,rgt, ";
+	$sql .= "my_layer_title, layer, wms_id) VALUES($1, $2, $3, $4, $5, $6, $7)";
+		#echo $sql . "<br>";
+	$v = array($guiList, $temp[0], $left, ($left+1), $name, $temp[1], $wmsList);
+	$t = array("s", "s", "i", "i", "s", "s", "s");		
+	db_prep_query($sql, $v, $t);
+
 	/*
 	if($layer == ""){
 		$left = $left + 1;
@@ -152,53 +157,79 @@
 }
 if(isset($action) && $action == "delete"){	
 	if($left){
-		$sql = "SELECT rgt FROM gui_treegde WHERE lft =". $left." AND fkey_gui_id = '".$guiList."'";
-		$res = db_query($sql);
+		$sql = "SELECT rgt FROM gui_treegde WHERE lft = $1 AND fkey_gui_id = $2";
+		$v = array($left, $guiList);
+		$t = array("i", "s");
+		$res = db_prep_query($sql, $v, $t);
 		$right = db_result($res,0,"rgt");
-		$sql = "DELETE FROM gui_treegde WHERE lft BETWEEN ".$left." and ".$right." AND fkey_gui_id = '".$guiList."'";
-		db_query($sql);
-		$sql = "UPDATE gui_treegde SET lft=lft-((".$right."-".$left."+1)) WHERE lft>".$right." AND fkey_gui_id = '".$guiList."'";
-		db_query($sql);
-		$sql = "UPDATE gui_treegde SET rgt=rgt-((".$right."-".$left."+1)) WHERE rgt>".$right." AND fkey_gui_id = '".$guiList."'";
-		db_query($sql);
+		
+		$sql = "DELETE FROM gui_treegde WHERE lft BETWEEN $1 and $2 AND fkey_gui_id = $3";
+		$v = array($left, $right, $guiList);
+		$t = array("i", "i", "s");
+		db_prep_query($sql, $v, $t);
+
+		$sql = "UPDATE gui_treegde SET lft=lft-(($1 - $2 + 1)) WHERE lft > $3 AND fkey_gui_id = $4";
+		$v = array($right, $left, $right, $guiList);
+		$t = array("i", "i", "i", "s");
+		db_prep_query($sql, $v, $t);
+
+		$sql = "UPDATE gui_treegde SET rgt=rgt-(($1 - $2 + 1)) WHERE rgt > $3 AND fkey_gui_id = $4";
+		$v = array($right, $left, $right, $guiList);
+		$t = array("i", "i", "i", "s");
+		db_prep_query($sql, $v, $t);
 	}
 }
 if(isset($action) && $action == "update"){
 	$temp = explode("###", $layer);
 	$sql = "UPDATE gui_treegde SET ";
-	$sql .= "my_layer_title = '".$name."', ";
-	$sql .= "fkey_layer_id = '".$temp[0]."', ";
-	$sql .= "layer = '".$temp[1]."', ";
-	$sql .= "wms_id = '" . $wmsList."'";
-	$sql .= " WHERE lft = ".$left." AND fkey_gui_id = '".$guiList."'";
-	db_query($sql);
+	$sql .= "my_layer_title = $1, ";
+	$sql .= "fkey_layer_id = $2, ";
+	$sql .= "layer = $3, ";
+	$sql .= "wms_id = $4";
+	$sql .= " WHERE lft = $5 AND fkey_gui_id = $6";
+	$v = array($name, $temp[0], $temp[1], $wmsList, $left, $guiList);
+	$t = array("s", "s", "s", "s", "i", "s");
+	db_prep_query($sql, $v, $t);
 }
 if(isset($action) && $action == "add"){
 	$temp = explode("###", $layer);
 	
-	$sql_val = "SELECT * FROM gui_treegde WHERE lft =". $left." AND fkey_gui_id = '".$guiList."'";
-	$res_val = db_query($sql_val);
+	$sql_val = "SELECT * FROM gui_treegde WHERE lft = $1 AND fkey_gui_id = $2";
+	$v = array($left, $guiList);
+	$t = array("i", "s");
+	$res = db_prep_query($sql_val, $v, $t);
 	
 	$sql = "UPDATE gui_treegde SET ";
+	$sql .= "fkey_layer_id = $1, layer = $2, wms_id =  $3 ";
+	$sql .= "WHERE lft = $4 AND fkey_gui_id = $5";
 	
-	$sql .= "fkey_layer_id = ";
-	$sql .= "'";
-	if(db_result($res_val, 0, "fkey_layer_id") != ''){ $sql .= db_result($res_val, 0, "fkey_layer_id") . ","; }
-	$sql .=  $temp[0] . "', ";
+	$v = array();
+	$t = array("s", "s", "s", "i", "s");	
+
+	if (db_result($res_val, 0, "fkey_layer_id") != '') {
+		array_push($v, db_result($res_val, 0, "fkey_layer_id") . "," . $temp[0]);
+	}
+	else {
+		array_push($v, $temp[0]);
+	}
 	
-	$sql .= "layer = ";
-	$sql .= "'";
-	if(db_result($res_val, 0, "layer") != ''){ $sql .= db_result($res_val, 0, "layer") . ","; }
-	$sql .= $temp[1] . "', ";
+	if (db_result($res_val, 0, "layer") != '') {
+		array_push($v, db_result($res_val, 0, "layer") . "," . $temp[1]);
+	}
+	else {
+		array_push($v, $temp[1]);
+	}
 	
-	$sql .= "wms_id = ";
-	$sql .= "'";
-	if(db_result($res_val, 0, "wms_id") != ''){ $sql .= db_result($res_val, 0, "wms_id") . ","; }
-	$sql .= $wmsList . "' ";
-	
-	$sql .= " WHERE lft = ".$left." AND fkey_gui_id = '".$guiList."'";
-	#echo $sql . "<br>";
-	db_query($sql);
+	if (db_result($res_val, 0, "wms_id") != '') {
+		array_push($v, db_result($res_val, 0, "wms_id") . "," . $wmsList);
+	}
+	else {
+		array_push($v, $wmsList);
+	}
+
+	array_push($v, $left);	
+	array_push($v, $guiList);	
+	db_prep_query($sql, $v, $t);
 }
 ?>
 <br />
@@ -228,14 +259,19 @@
 $admin = new administration();
 $ownguis = $admin->getGuisByOwner($_SESSION["mb_user_id"],true);
 
-$sql = "SELECT * FROM gui WHERE gui_id IN ("; for($i=0; 
-$i<count($ownguis); $i++){
-				if($i>0){ $sql .= ",";}
-				$sql .= "'".$ownguis[$i]."'";
-				}
+$sql = "SELECT * FROM gui WHERE gui_id IN ("; 
+$v = $ownguis;
+$t = array();
+for ($i = 1; $i <= count($ownguis); $i++){
+	if ($i > 1) { 
+		$sql .= ",";
+	}
+	$sql .= "$" . $i;
+	array_push($t, "s");
+}
 $sql .= ") ORDER BY gui_name";
 
-$res = db_query($sql);
+$res = db_prep_query($sql, $v, $t);
 $cnt = 0;
 echo "<select class='guiList' size='10' name='guiList' class='guiList'  onchange='document.forms[0].submit()'>";
 echo "<option value=''>GUI ...</option>";
@@ -265,9 +301,11 @@
 	if(isset($guiList) && $guiList != ""){
 		$sql = "SELECT gui_wms.fkey_wms_id, wms.wms_title FROM gui_wms ";
 		$sql .= "INNER JOIN wms ON gui_wms.fkey_wms_id = wms.wms_id  ";
-		$sql .= "WHERE gui_wms.fkey_gui_id = '" . $guiList . "' ";
+		$sql .= "WHERE gui_wms.fkey_gui_id = $1 ";
 		$sql .= "ORDER BY wms.wms_title";
-		$res = db_query($sql);
+		$v = array($guiList);
+		$t = array("s");
+		$res = db_prep_query($sql, $v, $t);
 		$cnt = 0;
 		while($row = db_fetch_array($res)){
 			echo "<option value='".$row["fkey_wms_id"]."' ";
@@ -293,9 +331,11 @@
 	if(isset($wmsList) && $wmsList != ""){
 		$sql_l = "SELECT gui_layer.fkey_layer_id, layer.layer_name, layer.layer_title FROM gui_layer ";
 		$sql_l .= "LEFT JOIN layer ON gui_layer.fkey_layer_id = layer.layer_id ";
-		$sql_l .= "WHERE gui_layer.gui_layer_wms_id = " . $wmsList . " AND layer.layer_parent = '0' AND gui_layer.fkey_gui_id = '".$guiList."'";
+		$sql_l .= "WHERE gui_layer.gui_layer_wms_id = $1 AND layer.layer_parent = '0' AND gui_layer.fkey_gui_id = $2";
 		$sql_l .= " ORDER BY layer.layer_title";
-		$res_l = db_query($sql_l);
+		$v = array($wmsList, $guiList);
+		$t = array("i", "s");
+		$res_l = db_prep_query($sql_l, $v, $t);
 		$cnt = 0;
 		while($row = db_fetch_array($res_l)){
 			echo "<option value='".$row["fkey_layer_id"]."###".$row["layer_name"]."'>";



More information about the Mapbender_commits mailing list