[mapserver-users] Dynamic mapping with CGI parameters

Tue Feb 26 13:20:43 PST 2008

Hello Colin,

as I tried to clear to you before, I would go for option 2! Better 
still, I am using option 2 in a lot of real life cases.
Add userid=1234 to the request string (and as you say, pass it through 
perl to sanitize, excelent choice)

And use:

    DATA "line FROM (
        SELECT num, id, line
        FROM jsview_journeyroutes
        WHERE us_id = %userid%
      ) AS foo USING UNIQUE id USING SRID=4326"

I can guarantee you that will work.

Kind regards,

Milo van der Linden

Colin Wetherbee schreef:
> Greetings.
>
> I have a fledgling MapServer application that uses PostgreSQL as its 
> back-end.  Each set of data I would like to retrieve from PostgreSQL 
> is specific to a certain user.  Currently, since the application is 
> only in an alpha phase, I have MapServer retrieve the aggregate sum of 
> the data in the database and display it on my map.  This isn't going 
> to work for the real application, since different users need to see 
> different sets of data.
>
> I would like to do one of two things, but I've been poring over the 
> documentation today and can't find any way to achieve either.  I would 
> very much appreciate some assistance.  My two approaches are as 
> follows, but if there are others, I would certainly be open to 
> implementing something different.
>
> Approach #1:
>
> Since my application is written in Perl, I could use MapScript in Perl 
> to generate bits of maps and return them to the browser as needed.  
> Perl would interpret cookies and perform session authentication before 
> generating a customized map file to pass along to MapServer.  The Perl 
> code [0] would look something like:
>
> sub GetMapPiece()
> {
>   $req = new mapscript::OWSRequest();
>   $req->setParameter("SERVICE", "WMS");
>   $req->setParameter("VERSION", "1.1.0");
>   $req->setParameter("REQUEST", $something);
>
>   # The next two lines are the important ones...
>   my $mapFile = GenerateMapFile({ userid => $someUserId });
>   my $mapObj = new mapscript::mapObj($mapFile);
>
>   mapscript::msIO_installStdoutToBuffer();
>   my $dispatch_out = $map->OWSDispatch($req);
>   return mapscript::msIO_getStdoutBufferString();
> }
>
> The problem with this is that, as far as I can tell, I can't create a 
> mapObj from anything other than a file on disk.  I would like $mapFile 
> to contain the full text of a dynamically created map file, and I 
> would then like to be able to create a new mapObj from it.  My 
> imaginary GenerateMapFile() function would generate the text for the 
> map file, but it would never be saved to disk.
>
> Approach #2:
>
> This would be my preferred method, but from what I've read, I think 
> approach #1 is more likely to happen.
>
> This approach entails passing a CGI parameter to mapserv that could be 
> substituted somewhere in the map file.  For example, the URL could be:
>
> http://example.com/cgi-bin/mapserv?userid=1234
>
> Then, the map file could contain something like:
>
>     DATA "line FROM (
>         SELECT num, id, line
>         FROM jsview_journeyroutes
>         WHERE us_id = {userid}
>       ) AS foo USING UNIQUE id USING SRID=4326"
>
> And, MapServer would see "WHERE us_id = {userid}" and, for {userid}, 
> substitute the 1234 that was passed into mapserv as a CGI parameter.
>
> Of course, doing this directly would cause nasty SQL injection attack 
> problems, but I could properly sanitize the input with Perl.  No big 
> deal there.
>
> End Approaches.
>
> Any thoughts on this?
>
> Thanks.
>
> Colin
>
> [0] Adapted from 
> <http://mapserver.gis.umn.edu/docs/howto/wxs_mapscript/#perl-example>.
> _______________________________________________
> mapserver-users mailing list
> mapserver-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-users
>