highlighting a feature in mode=map
Fawcett, David
David.Fawcett at STATE.MN.US
Wed Apr 11 06:58:14 PDT 2007
John,
I know that there are quite a few people using database backends to
MapServer. I will let the developers comment on the extent of input
validation and protection against SQL injection.
David.
-----Original Message-----
From: UMN MapServer Users List [mailto:MAPSERVER-USERS at LISTS.UMN.EDU] On
Behalf Of John Cole
Sent: Tuesday, April 10, 2007 2:53 PM
To: MAPSERVER-USERS at LISTS.UMN.EDU
Subject: Re: [UMN_MAPSERVER-USERS] highlighting a feature in mode=map
David,
This works quite well, but I'm wondering if this kind of query opens a
sql layer up to a sql injection attack? Are MapServer's expressions
scrubbed for this possibility?
Thanks,
John
John,
I have done this when I want to highlight a particular county in the
state. To do this, I need to know the ID (FIPS) for the poly. I create
a URL variable that is passed to mapserv in the url and then use that
variable in an expression in a class in the counties layer. If you can
successfully use GID in an expression in your map file, you can do it
this way.
Here is an example LAYER:
LAYER
NAME basemap
STATUS DEFAULT
TYPE POLYGON
DATA 'county'
CLASSITEM "COUNTY_FIP"
CLASS
NAME "Low"
EXPRESSION ('[COUNTY_FIP]' in '%group1%')
OUTLINECOLOR 0 0 0
COLOR 255 204 204
END
END
--
View this message in context:
http://www.nabble.com/highlighting-a-feature-in-mode%3Dmap-tf3553524.htm
l#a9926997
Sent from the Mapserver - User mailing list archive at Nabble.com.
More information about the MapServer-users
mailing list