[Mapbender-commits] r1991 - branches/2.5/http/php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Sun Jan 20 05:33:03 EST 2008
Author: christoph
Date: 2008-01-20 05:33:03 -0500 (Sun, 20 Jan 2008)
New Revision: 1991
Modified:
branches/2.5/http/php/mod_editFilteredGroup.php
branches/2.5/http/php/mod_editFilteredUser.php
branches/2.5/http/php/mod_editGroup.php
branches/2.5/http/php/mod_editGuiWmsMeta.php
branches/2.5/http/php/mod_editUser.php
Log:
prepared statements
Modified: branches/2.5/http/php/mod_editFilteredGroup.php
===================================================================
--- branches/2.5/http/php/mod_editFilteredGroup.php 2008-01-19 11:15:21 UTC (rev 1990)
+++ branches/2.5/http/php/mod_editFilteredGroup.php 2008-01-20 10:33:03 UTC (rev 1991)
@@ -138,11 +138,15 @@
echo "<select name='selected_group' onchange='submit()'>";
echo "<option value='new'>NEW...</option>";
$sql = "SELECT mb_group_name,mb_group_id FROM mb_group ";
+ $v = array();
+ $t = array();
if(isset($myGroup)){
- $sql .= "WHERE mb_group_owner = ".$_SESSION["mb_user_id"];
+ $sql .= "WHERE mb_group_owner = $1";
+ array_push($v, $_SESSION["mb_user_id"]);
+ array_push($t, "i");
}
$sql .= " ORDER BY mb_group_name ";
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
$count=0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["mb_group_id"]."' ";
Modified: branches/2.5/http/php/mod_editFilteredUser.php
===================================================================
--- branches/2.5/http/php/mod_editFilteredUser.php 2008-01-19 11:15:21 UTC (rev 1990)
+++ branches/2.5/http/php/mod_editFilteredUser.php 2008-01-20 10:33:03 UTC (rev 1991)
@@ -212,10 +212,16 @@
echo "<input type='text' value='' onkeyup='filterUser(document.getElementById(\"selecteduser\"),user,this.value);'/>";
echo "<br /><select id='selecteduser' name='selected_user' onchange='submit()'>";
echo "<option value='new'>NEW...</option>";
- $sql = "SELECT mb_user_name,mb_user_id,mb_user_email FROM mb_user ";
- if(isset($myUser)){ $sql .= "WHERE mb_user_owner = ".$_SESSION["mb_user_id"];}
- $sql .= " ORDER BY mb_user_name ";
- $res = db_query($sql);
+ $sql = "SELECT mb_user_name,mb_user_id,mb_user_email FROM mb_user ";
+ $v = array();
+ $t = array();
+ if (isset($myUser)) {
+ $sql .= "WHERE mb_user_owner = $1";
+ array_push($v, $_SESSION["mb_user_id"]);
+ array_push($t, "i");
+ }
+ $sql .= " ORDER BY mb_user_name ";
+ $res = db_prep_query($sql, $v, $t);
$count=0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["mb_user_id"]."' title='".$row["mb_user_email"]."'";
Modified: branches/2.5/http/php/mod_editGroup.php
===================================================================
--- branches/2.5/http/php/mod_editGroup.php 2008-01-19 11:15:21 UTC (rev 1990)
+++ branches/2.5/http/php/mod_editGroup.php 2008-01-20 10:33:03 UTC (rev 1991)
@@ -136,9 +136,15 @@
echo "<select name='selected_group' onchange='submit()'>";
echo "<option value='new'>NEW...</option>";
$sql = "SELECT mb_group_name,mb_group_id FROM mb_group ";
- if(isset($myGroup)){ $sql .= "WHERE mb_group_owner = ".$_SESSION["mb_user_id"];}
+ $v = array();
+ $t = array();
+ if (isset($myGroup)) {
+ $sql .= "WHERE mb_group_owner = $1";
+ array_push($v, $_SESSION["mb_user_id"]);
+ array_push($t, "i");
+ }
$sql .= " ORDER BY mb_group_name ";
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
$count=0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["mb_group_id"]."' ";
Modified: branches/2.5/http/php/mod_editGuiWmsMeta.php
===================================================================
--- branches/2.5/http/php/mod_editGuiWmsMeta.php 2008-01-19 11:15:21 UTC (rev 1990)
+++ branches/2.5/http/php/mod_editGuiWmsMeta.php 2008-01-20 10:33:03 UTC (rev 1991)
@@ -134,19 +134,23 @@
$function = $_REQUEST["function"];
if ( $function = "update" ) {
- $sql = "UPDATE layer SET layer_meta_datum = '".$_REQUEST["layer_meta_datum"]."'";
- $sql.= ", layer_meta_lieferant = '".$_REQUEST["layer_meta_lieferant"]."'";
- $sql.= ", layer_meta_quelle = '".$_REQUEST["layer_meta_quelle"]."'";
- $sql.= ", layer_meta_ansprechpartner = '".$_REQUEST["layer_meta_ansprechpartner"]."'";
- $sql.= ", layer_meta_lieferant_basis = '".$_REQUEST["layer_meta_lieferant_basis"]."'";
- $sql.= ", layer_meta_copyright = '".$_REQUEST["layer_meta_copyright"]."'";
- $sql.= " WHERE layer_id = ".$layer_id.";";
+ $sql = "UPDATE layer SET layer_meta_datum = $1, ";
+ $sql.= "layer_meta_lieferant = $2, ";
+ $sql.= "layer_meta_quelle = $3, ";
+ $sql.= "layer_meta_ansprechpartner = $4, ";
+ $sql.= "layer_meta_lieferant_basis = $5, ";
+ $sql.= "layer_meta_copyright = $6 ";
+ $sql.= " WHERE layer_id = $7;";
+ $v = array($_REQUEST["layer_meta_datum"], $_REQUEST["layer_meta_lieferant"], $_REQUEST["layer_meta_quelle"], $_REQUEST["layer_meta_ansprechpartner"], $_REQUEST["layer_meta_lieferant_basis"], $_REQUEST["layer_meta_copyright"], $layer_id);
+ $t = array("s", "s", "s", "s", "s", "s", "i");
$res = db_query($sql);
}
}
- $sql = "SELECT * FROM layer WHERE layer_id = '".$layer_id."';";
- $res = db_query($sql);
+ $sql = "SELECT * FROM layer WHERE layer_id = $1;";
+ $v = array($layer_id);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
if ( db_fetch_row($res, 0) ) {
echo " <h3>Editieren von Metadaten</h3>\n";
Modified: branches/2.5/http/php/mod_editUser.php
===================================================================
--- branches/2.5/http/php/mod_editUser.php 2008-01-19 11:15:21 UTC (rev 1990)
+++ branches/2.5/http/php/mod_editUser.php 2008-01-20 10:33:03 UTC (rev 1991)
@@ -228,9 +228,15 @@
echo "<br /><select id='selecteduser' name='selected_user' onchange='submit()'>";
echo "<option value='new'>NEW...</option>";
$sql = "SELECT mb_user_name,mb_user_id,mb_user_email FROM mb_user ";
- if(isset($myUser)){ $sql .= "WHERE mb_user_owner = ".$_SESSION["mb_user_id"];}
+ $v = array();
+ $t = array();
+ if (isset($myUser)) {
+ $sql .= "WHERE mb_user_owner = $1";
+ array_push($v, $_SESSION["mb_user_id"]);
+ array_push($t, "i");
+ }
$sql .= " ORDER BY mb_user_name ";
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
$count=0;
while($row = db_fetch_array($res)){
echo "<option value='".$row["mb_user_id"]."' title='".$row["mb_user_email"]."'";
More information about the Mapbender_commits
mailing list