[Mapbender-commits] r1990 - branches/2.5/http/php

svn_mapbender at osgeo.org svn_mapbender at osgeo.org
Sat Jan 19 06:15:21 EST 2008 

Author: christoph
Date: 2008-01-19 06:15:21 -0500 (Sat, 19 Jan 2008)
New Revision: 1990

Modified:
   branches/2.5/http/php/mod_WMSpreferences.php
   branches/2.5/http/php/mod_wfsrequest.php
Log:
prepared statements

Modified: branches/2.5/http/php/mod_WMSpreferences.php
===================================================================
--- branches/2.5/http/php/mod_WMSpreferences.php	2008-01-19 10:27:56 UTC (rev 1989)
+++ branches/2.5/http/php/mod_WMSpreferences.php	2008-01-19 11:15:21 UTC (rev 1990)
@@ -62,8 +62,10 @@
 </STYLE>
 <?php
 
-$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = '".$_SESSION["mb_user_gui"]."'";
-$res = db_query($sql);
+$sql = "SELECT * FROM gui_element WHERE e_id = 'WMS_preferences' AND fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
 $cnt = 0;
 $vis = "";
 $wmsid = "";
@@ -79,8 +81,10 @@
 echo "var mod_WMSpreferences_target2 = '".trim($target[1])."';";
 echo "</script>";
 
-$sql_visible = "SELECT * FROM gui_wms WHERE fkey_gui_id = '".$_SESSION["mb_user_gui"]."'"; 
-$res_visible = db_query($sql_visible); 
+$sql_visible = "SELECT * FROM gui_wms WHERE fkey_gui_id = $1";
+$v = array($_SESSION["mb_user_gui"]);
+$t = array("s"); 
+$res_visible = db_prep_query($sql_visible, $v, $t); 
 $cnt_visible = 0; 
 
 while($row = db_fetch_array($res_visible)){

Modified: branches/2.5/http/php/mod_wfsrequest.php
===================================================================
--- branches/2.5/http/php/mod_wfsrequest.php	2008-01-19 10:27:56 UTC (rev 1989)
+++ branches/2.5/http/php/mod_wfsrequest.php	2008-01-19 11:15:21 UTC (rev 1990)
@@ -39,9 +39,10 @@
 /* wfs_conf */
 $sql = "SELECT * FROM wfs_conf ";
 $sql .= "JOIN wfs ON wfs_conf.fkey_wfs_id = wfs.wfs_id ";
-$sql .= "WHERE wfs_conf.wfs_conf_id = ".$_REQUEST['wfs_conf_id'];
-
-$res = db_query($sql);
+$sql .= "WHERE wfs_conf.wfs_conf_id = $1";
+$v = array($_REQUEST['wfs_conf_id']);
+$t = array("i");
+$res = db_prep_query($sql, $v, $t);
 if($row = db_fetch_array($res)){
         $g_res_style  = $row["g_res_style"];
 
@@ -50,10 +51,11 @@
 /* wfs_conf_element */
 $sql = "SELECT * FROM wfs_conf_element ";
 $sql .= "JOIN wfs_element ON wfs_conf_element.f_id = wfs_element.element_id ";
-$sql .= "WHERE wfs_conf_element.fkey_wfs_conf_id = ".$_REQUEST['wfs_conf_id']." ";
+$sql .= "WHERE wfs_conf_element.fkey_wfs_conf_id = $1 ";
 $sql .= "AND wfs_conf_element.f_show = 1 ORDER BY wfs_conf_element.f_respos;";
-
-$res = db_query($sql);
+$v = array($_REQUEST['wfs_conf_id']);
+$t = array("i");
+$res = db_prep_query($sql, $v, $t);
 $col = array();
 $cnt = 0;
 while($row = db_fetch_array($res)){

More information about the Mapbender_commits mailing list