[Mapbender-commits] r5565 - branches/2.6/http/php

Sat Feb 20 09:51:32 EST 2010

Author: astrid_emde
Date: 2010-02-20 09:51:32 -0500 (Sat, 20 Feb 2010)
New Revision: 5565

Modified:
   branches/2.6/http/php/mod_gazetteerMetadata_search.php
Log:
error in SQl ;

Modified: branches/2.6/http/php/mod_gazetteerMetadata_search.php
===================================================================

--- branches/2.6/http/php/mod_gazetteerMetadata_search.php	2010-02-20 14:50:52 UTC (rev 5564)
+++ branches/2.6/http/php/mod_gazetteerMetadata_search.php	2010-02-20 14:51:32 UTC (rev 5565)
@@ -8,7 +8,17 @@
 $user_id = $_SESSION["mb_user_id"];
 $query = stripslashes($_REQUEST["search"]);
 $srs = stripslashes($_REQUEST["srs"]);
+$searchColumnsWms = $_REQUEST["searchColumnsWms"];
+$searchColumnsLayer = $_REQUEST["searchColumnsLayer"];
 
+if ($searchColumnsWms && !preg_match("/^[a-zA-Z_\-, ]+$/", $searchColumnsWms)) {
+	echo "[]"; die;
+}
+
+if ($searchColumnsLayer && !preg_match("/^[a-zA-Z_\-, ]+$/", $searchColumnsLayer)) {
+	echo "[]"; die;
+}
+
 if (!preg_match("/^[a-zA-Z_\- ]+$/", $query)) {
 	echo "[]"; die;
 }
@@ -55,7 +65,22 @@
 		array_push($v, $mywms[$i]);
 		array_push($t, 'i');   
 	}
-	$sql_wms .= ") AND (wms_title ILIKE '%".$query."%' OR wms_abstract ILIKE '%".$query."%') ORDER BY wms_title";
+	
+	$sql_wms .= ") AND (";
+	if($searchColumnsWms == "") {
+		$sql_wms .= "wms_title ILIKE '%".$query."%' OR wms_abstract ILIKE '%".$query."%'";
+	}
+	else{
+		$wmsColumnArray = split(",", $searchColumnsWms);
+		for($j = 0; $j < count($wmsColumnArray); $j++) {
+			if ($j > 0) {
+				$sql_wms .= " OR ";
+			}
+			$sql_wms .= trim($wmsColumnArray[$j]) . " ILIKE '%".$query."%'";
+		}
+	}
+	
+	$sql_wms .= ") ORDER BY wms_title";
 	$res_wms = db_prep_query($sql_wms,$v,$t);
 
 	while ($row = db_fetch_array($res_wms)) {
@@ -95,14 +120,27 @@
 		array_push($t, 'i');   
 	}
 
-	$sql_layer .= ") AND (" . 
-		"layer_title ILIKE '%".$query."%' OR " . 
-		"layer_name ILIKE '%".$query."%' OR " . 
-		"layer_abstract ILIKE '%".$query."%' OR " . 
-		"kw.keyword ILIKE '%".$query."%') ";
-	$sql_layer .= "ORDER BY l.layer_title;";
+	$sql_layer .= ") AND (";
+	if($searchColumnsLayer == "") {
+		$sql_layer .= 	"layer_title ILIKE '%".$query."%' OR " . 
+						"layer_name ILIKE '%".$query."%' OR " . 
+						"layer_abstract ILIKE '%".$query."%' "; 
+	}
+	else{
+		$layerColumnArray = split(",", $searchColumnsLayer);
+		for($k = 0; $k < count($layerColumnArray); $k++) {
+			if ($k > 0) {
+				$sql_layer .= " OR ";
+			}
+			$sql_layer .= trim($layerColumnArray[$k]) . " ILIKE '%".$query."%'";
+		}
+	}
+	
+	$sql_layer .= " OR kw.keyword ILIKE '%".$query."%') ORDER BY l.layer_title;";
+	
 	$res_layer = db_prep_query($sql_layer,$v,$t);
 
+
 	while ($row = db_fetch_array($res_layer)) {
 		array_push($obj, array(
 			'wms_getcapabilities' => $row['wms_getcapabilities'], 

