[Mapbender-commits] r1992 - branches/2.5/http/php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Sun Jan 20 05:59:05 EST 2008
Author: christoph
Date: 2008-01-20 05:59:05 -0500 (Sun, 20 Jan 2008)
New Revision: 1992
Modified:
branches/2.5/http/php/mod_gazLayerObj_conf.php
branches/2.5/http/php/mod_gazLayerObj_edit.php
branches/2.5/http/php/mod_getStyles.php
branches/2.5/http/php/mod_loadCapabilitiesList.php
branches/2.5/http/php/mod_treefolderAdmin.php
branches/2.5/http/php/mod_treefolderClient.php
branches/2.5/http/php/mod_wfs_server.php
Log:
prepared statements
Modified: branches/2.5/http/php/mod_gazLayerObj_conf.php
===================================================================
--- branches/2.5/http/php/mod_gazLayerObj_conf.php 2008-01-20 10:33:03 UTC (rev 1991)
+++ branches/2.5/http/php/mod_gazLayerObj_conf.php 2008-01-20 10:59:05 UTC (rev 1992)
@@ -76,9 +76,11 @@
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);
- $sql = "UPDATE gui_layer SET gui_layer_wfs_featuretype = '".$_REQUEST["myWFS"]."' ";
- $sql .= "WHERE fkey_gui_id='".$_REQUEST["gui"]."' AND fkey_layer_id=".$_REQUEST["layer"];
- $res = db_query($sql);
+ $sql = "UPDATE gui_layer SET gui_layer_wfs_featuretype = $1 ";
+ $sql .= "WHERE fkey_gui_id = $2 AND fkey_layer_id = $3";
+ $v = array($_REQUEST["myWFS"], $_REQUEST["gui"], $_REQUEST["layer"]);
+ $t = array("s", "s", "i");
+ $res = db_prep_query($sql, $v, $t);
echo "layer is connected with: ".$_REQUEST["myWFS"];
die();
}
Modified: branches/2.5/http/php/mod_gazLayerObj_edit.php
===================================================================
--- branches/2.5/http/php/mod_gazLayerObj_edit.php 2008-01-20 10:33:03 UTC (rev 1991)
+++ branches/2.5/http/php/mod_gazLayerObj_edit.php 2008-01-20 10:59:05 UTC (rev 1992)
@@ -54,29 +54,34 @@
if(isset($_REQUEST["save"])){
$sql = "UPDATE gazetteer SET ";
- $sql .= "gazetteer_abstract = '".$_REQUEST["gazetteer_abstract"]."',";
- $sql .= "g_label = '".$_REQUEST["g_label"]."',";
- $sql .= "g_label_id = '".$_REQUEST["g_label_id"]."',";
- $sql .= "g_button = '".$_REQUEST["g_button"]."',";
- $sql .= "g_button_id = '".$_REQUEST["g_button_id"]."',";
- $sql .= "g_style = '".$_REQUEST["g_style"]."',";
- $sql .= "g_buffer = '".$_REQUEST["g_buffer"]."'";
- $sql .= " WHERE gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"].";";
+ $sql .= "gazetteer_abstract = $1, ";
+ $sql .= "g_label = $2, ";
+ $sql .= "g_label_id = $3, ";
+ $sql .= "g_button = $4, ";
+ $sql .= "g_button_id = $5, ";
+ $sql .= "g_style = $6, ";
+ $sql .= "g_buffer = $7 ";
+ $sql .= "WHERE gazetteer_id = $8;";
- $res = db_query($sql);
+ $v = array($_REQUEST["gazetteer_abstract"], $_REQUEST["g_label"], $_REQUEST["g_label_id"], $_REQUEST["g_button"], $_REQUEST["g_button_id"], $_REQUEST["g_style"], $_REQUEST["g_buffer"], $_REQUEST["fkey_gazetteer_id"]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "i");
+ $res = db_prep_query($sql, $v, $t);
- for($i=0; $i<count($_REQUEST["f_id"]); $i++){
+ for ($i = 0; $i < count($_REQUEST["f_id"]); $i++){
$sql = "UPDATE gazetteer_element SET ";
- $sql .= "f_search = '".$_REQUEST["f_search"][$i]."',";
- $sql .= "f_pos = '".$_REQUEST["f_pos"][$i]."',";
- $sql .= "f_style_id = '".$_REQUEST["f_style_id"][$i]."',";
- $sql .= "f_label = '".$_REQUEST["f_label"][$i]."',";
- $sql .= "f_label_id = '".$_REQUEST["f_label_id"][$i]."',";
- $sql .= "f_show = '".$_REQUEST["f_show"][$i]."',";
- $sql .= "f_respos = '".$_REQUEST["f_respos"][$i]."'";
- $sql .= " WHERE fkey_gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"]." AND f_id = ".$_REQUEST["f_id"][$i].";";
+ $sql .= "f_search = $1, ";
+ $sql .= "f_pos = $2, ";
+ $sql .= "f_style_id = $3, ";
+ $sql .= "f_label = $4, ";
+ $sql .= "f_label_id = $5, ";
+ $sql .= "f_show = $6, ";
+ $sql .= "f_respos = $7 ";
+ $sql .= "WHERE fkey_gazetteer_id = $8 AND f_id = $9;";
- $res = db_query($sql);
+ $v = array($_REQUEST["f_search"][$i], $_REQUEST["f_pos"][$i], $_REQUEST["f_style_id"][$i], $_REQUEST["f_label"][$i], $_REQUEST["f_label_id"][$i], $_REQUEST["f_show"][$i], $_REQUEST["f_respos"][$i], $_REQUEST["fkey_gazetteer_id"], $_REQUEST["f_id"][$i]);
+ $t = array("s", "s", "s", "s", "s", "s", "s", "i", "i");
+
+ $res = db_prep_query($sql, $v, $t);
}
}
@@ -92,8 +97,10 @@
/* configure elements */
if(isset($_REQUEST["fkey_gazetteer_id"])){
- $sql = "SELECT * FROM gazetteer WHERE gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"];
- $res = db_query($sql);
+ $sql = "SELECT * FROM gazetteer WHERE gazetteer_id = $1";
+ $v = array($_REQUEST["fkey_gazetteer_id"]);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
if($row = db_fetch_array($res)){
echo "<table>";
echo "<tr><td>ID:</td><td>".$row["gazetteer_id"]."</td></tr>" ;
@@ -110,8 +117,10 @@
/* set element options */
$sql = "SELECT * FROM gazetteer_element ";
$sql .= "JOIN wfs_element ON gazetteer_element.f_id = wfs_element.element_id ";
- $sql .= "WHERE fkey_gazetteer_id = ".$_REQUEST["fkey_gazetteer_id"];
- $res = db_query($sql);
+ $sql .= "WHERE fkey_gazetteer_id = $1";
+ $v = array($_REQUEST["fkey_gazetteer_id"]);
+ $t = array("i");
+ $res = db_prep_query($sql, $v, $t);
echo "<table border='1'>";
echo "<tr>";
Modified: branches/2.5/http/php/mod_getStyles.php
===================================================================
--- branches/2.5/http/php/mod_getStyles.php 2008-01-20 10:33:03 UTC (rev 1991)
+++ branches/2.5/http/php/mod_getStyles.php 2008-01-20 10:59:05 UTC (rev 1992)
@@ -127,9 +127,11 @@
fclose($style_file);
#include(dirname(__FILE__)."/../../conf/www.conf");
$pattern = "/" . basename($login) . "/";
- $sql = "UPDATE wms SET wms_filter = '".preg_replace($pattern,$style_filename,$login)."' WHERE wms_id = ". $wmsList;
+ $sql = "UPDATE wms SET wms_filter = $1 WHERE wms_id = $2";
+ $v = array(preg_replace($pattern,$style_filename,$login), $wmsList);
+ $t = array("s", "i");
echo $sql;
- db_query($sql) or die("unable to change filter!");
+ db_prep_query($sql, $v, $t) or die("unable to change filter!");
}
###
@@ -142,8 +144,10 @@
# getStyle - Request:
if($wmsList && $row["wms_id"] == $wmsList){
$getStyle = $row["wms_getmap"]."&VERSION=1.1.1&REQUEST=getStyles&SERVICE=WMS&LAYERS=";
- $sql_style = "SELECT layer_name FROM layer WHERE fkey_wms_id = " . $wmsList;
- $res_style = db_query($sql_style);
+ $sql_style = "SELECT layer_name FROM layer WHERE fkey_wms_id = $1";
+ $v = array($wmsList);
+ $t = array("i");
+ $res_style = db_prep_query($sql_style, $v, $t);
$cnt_style = 0;
while($row2 = db_fetch_array($res_style)){
Modified: branches/2.5/http/php/mod_loadCapabilitiesList.php
===================================================================
--- branches/2.5/http/php/mod_loadCapabilitiesList.php 2008-01-20 10:33:03 UTC (rev 1991)
+++ branches/2.5/http/php/mod_loadCapabilitiesList.php 2008-01-20 10:59:05 UTC (rev 1992)
@@ -154,8 +154,10 @@
$cnt++;
}
- $sql = "SELECT * FROM gui_layer WHERE fkey_gui_id = '".$guiID."' AND gui_layer_wms_id = ".$wmsID;
- $res = db_query($sql);
+ $sql = "SELECT * FROM gui_layer WHERE fkey_gui_id = $1 AND gui_layer_wms_id = $2";
+ $v = array($guiID, $wmsID);
+ $t = array("s", "i");
+ $res = db_prep_query($sql, $v, $t);
$cnt = 0;
while($row = db_fetch_array($res)){
$sql_ins = "INSERT INTO gui_layer (fkey_gui_id,fkey_layer_id,gui_layer_wms_id,gui_layer_status,gui_layer_selectable,";
@@ -180,12 +182,17 @@
echo"<br>";
$sql = "SELECT * FROM gui WHERE gui_id IN (";
- for($i=0; $i<count($ownguis); $i++){
- if($i>0){ $sql .= ",";}
- $sql .= "'".$ownguis[$i]."'";
+ $v = $ownguis;
+ $t = array();
+ for ($i = 1; $i <= count($ownguis); $i++){
+ if ($i > 1) {
+ $sql .= ",";
+ }
+ $sql .= "$".$i;
+ array_push($t, "s");
}
$sql .= ") ORDER BY gui_name";
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
$count=0;
echo"<select size='8' name='guiList' style='width:200px' onClick='submit()'>";
while($row = db_fetch_array($res)){
@@ -236,12 +243,17 @@
echo"<div class='text1'>Load WMS</div>";
$sql = "SELECT DISTINCT wms.wms_id,wms.wms_title,wms.wms_abstract,wms.wms_owner FROM gui_wms JOIN wms ON ";
$sql .= "wms.wms_id = gui_wms.fkey_wms_id WHERE gui_wms.fkey_gui_id IN(";
- for($i=0; $i<count($arrayGUIs); $i++){
- if($i>0){$sql .= ",";}
- $sql .= "'".$arrayGUIs[$i]."'";
+ $v = $arrayGUIs;
+ $t = array();
+ for ($i = 1; $i <= count($arrayGUIs); $i++){
+ if ($i > 1) {
+ $sql .= ",";
+ }
+ $sql .= "$" . $i;
+ array_push($t, "s");
}
$sql .= ") ORDER BY wms.wms_title";
- $res = db_query($sql);
+ $res = db_prep_query($sql, $v, $t);
echo "<select class='select1' name='wmsID' size='20' onchange='submit()'>";
$cnt = 0;
while($row = db_fetch_array($res)){
@@ -263,8 +275,10 @@
if(isset($wmsID)){
echo "<div class='text2'>FROM:</div>";
- $sql = "SELECT * from gui_wms WHERE fkey_wms_id ='".$wmsID."' ORDER BY fkey_gui_id";
- $res = db_query($sql);
+ $sql = "SELECT * from gui_wms WHERE fkey_wms_id = $1 ORDER BY fkey_gui_id";
+ $v = array($wmsID);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
echo "<select class='select2' name='guiID' size='20' onchange='load()'>";
$cnt = 0;
while($row = db_fetch_array($res)){
Modified: branches/2.5/http/php/mod_treefolderAdmin.php
===================================================================
--- branches/2.5/http/php/mod_treefolderAdmin.php 2008-01-20 10:33:03 UTC (rev 1991)
+++ branches/2.5/http/php/mod_treefolderAdmin.php 2008-01-20 10:59:05 UTC (rev 1992)
@@ -434,21 +434,28 @@
// this is a multinary tree structure which is easy to
// populate with database data :)
<?php
-$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = '".$guiList."'";
-$res = db_query($sql);
+$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = $1";
+// $v and $t will be re-used below!
+$v = array($guiList);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
if(!db_fetch_row($res)){
- $sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES('".$guiList."', 'new','1','4','')";
- db_query($sql);
- $sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES('".$guiList."','new','2','3','')";
- db_query($sql);
+ $sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES($1, 'new','1','4','')";
+ //using $v and $t fom above
+ db_prep_query($sql, $v, $t);
+ $sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES($1,'new','2','3','')";
+ //using $v and $t fom above
+ db_prep_query($sql, $v, $t);
}
-
+
$sql = "SELECT n.wms_id, n.id, n.my_layer_title, n.lft, n.rgt, n.layer, COUNT(*) AS level1, ((n.rgt - n.lft -1)/2) AS offspring ";
$sql .= "FROM gui_treegde as n, gui_treegde as p WHERE n.lft BETWEEN p.lft AND p.rgt ";
-$sql .= " AND n.fkey_gui_id = '".$guiList."' AND p.fkey_gui_id = '".$guiList."' ";
+$sql .= " AND n.fkey_gui_id = $1 AND p.fkey_gui_id = $2 ";
$sql .= " GROUP BY n.wms_id, n.lft, n.my_layer_title, ((n.rgt - n.lft -1)/2) , n.id, n.rgt, n.layer ORDER BY n.lft;";
#echo $sql;
-$res = db_query($sql);
+$v = array($guiList, $guiList);
+$t = array("s", "s");
+$res = db_prep_query($sql, $v, $t);
echo "function initArray(){";
echo "Note(0,-1,'','');";
$cnt = 0;
Modified: branches/2.5/http/php/mod_treefolderClient.php
===================================================================
--- branches/2.5/http/php/mod_treefolderClient.php 2008-01-20 10:33:03 UTC (rev 1991)
+++ branches/2.5/http/php/mod_treefolderClient.php 2008-01-20 10:59:05 UTC (rev 1992)
@@ -78,8 +78,10 @@
// -->
</STYLE>
<?php
-$sql = "SELECT e_target FROM gui_element WHERE e_id = 'treeConfGDE' AND fkey_gui_id = '".$guiList."'";
-$res = db_query($sql);
+$sql = "SELECT e_target FROM gui_element WHERE e_id = 'treeConfGDE' AND fkey_gui_id = $1";
+$v = array($guiList);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
$cnt = 0;
while(db_fetch_row($res)){
$e_target = db_result($res,0,"e_target");
@@ -548,21 +550,27 @@
// this is a multinary tree structure which is easy to
// populate with database data :)
<?php
-$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = '".$guiList."'";
-$res = db_query($sql);
+$sql = "SELECT id FROM gui_treegde WHERE fkey_gui_id = $1";
+// $v and $t will be re-used below!
+$v = array($guiList);
+$t = array("s");
+$res = db_prep_query($sql, $v, $t);
if(!db_fetch_row($res)){
- $sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES('".$guiList."', 'new','1','4','')";
- db_query($sql);
- $sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES('".$guiList."','new','2','3','')";
- db_query($sql);
+ $sql = "INSERT INTO gui_treegde(fkey_gui_id, my_layer_title,lft,rgt,layer) VALUES($1, 'new','1','4','')";
+ //using $v and $t fom above
+ db_prep_query($sql, $v, $t);
+ $sql = "INSERT INTO gui_treegde(fkey_gui_id,my_layer_title,lft,rgt,layer) VALUES($1,'new','2','3','')";
+ //using $v and $t fom above
+ db_prep_query($sql, $v, $t);
}
$sql = "SELECT n.wms_id, n.id, n.my_layer_title, n.lft, n.rgt, n.layer, COUNT(*) AS level1, ((n.rgt - n.lft -1)/2) AS offspring ";
$sql .= "FROM gui_treegde as n, gui_treegde as p WHERE n.lft BETWEEN p.lft AND p.rgt ";
-$sql .= " AND n.fkey_gui_id = '".$guiList."' AND p.fkey_gui_id = '".$guiList."' ";
+$sql .= " AND n.fkey_gui_id = $1 AND p.fkey_gui_id = $2 ";
$sql .= " GROUP BY n.wms_id, n.lft, n.my_layer_title, ((n.rgt - n.lft -1)/2) , n.id, n.rgt, n.layer ORDER BY n.lft";
-
-$res = db_query($sql);
+$v = array($guiList, $guiList);
+$t = array("s", "s");
+$res = db_prep_query($sql, $v, $t);
echo "function initArray(){";
echo "Note(0,-1,'','');";
$cnt = 0;
Modified: branches/2.5/http/php/mod_wfs_server.php
===================================================================
--- branches/2.5/http/php/mod_wfs_server.php 2008-01-20 10:33:03 UTC (rev 1991)
+++ branches/2.5/http/php/mod_wfs_server.php 2008-01-20 10:59:05 UTC (rev 1992)
@@ -89,8 +89,18 @@
if(count($serviceList) == 0){
return false;
}
- $sql = "SELECT * FROM wfs WHERE wfs_id IN(".join(",",$serviceList).") ORDER BY wfs_title";
- $res = db_query($sql);
+ $sql = "SELECT * FROM wfs WHERE wfs_id IN (";
+ $v = $serviceList;
+ $t = array();
+ for ($i = 1; $i <= count($serviceList); $i++) {
+ if ($i > 1) {
+ $sql .= ", ";
+ }
+ $sql .= "$" . $i;
+ array_push($t, "i");
+ }
+ $sql .= ") ORDER BY wfs_title";
+ $res = db_prep_query($sql, $v, $t);
while($row = db_fetch_array($res)){
array_push($services['id'], $row['wfs_id']);
array_push($services['title'], $row['wfs_title']);
More information about the Mapbender_commits
mailing list