PDA

View Full Version : Question about input cleaner class


Antivirus
07-17-2006, 02:33 AM
I have been trying to do all code goingforward utilizing vb's input cleaner class as opposed to $_GET, $_POST, $_REQUEST, etc... but it doesn't seem to want to cooperate with me... The block of code i havew which works fine as-is, is:

$sql = "SELECT " . TABLE_PREFIX . "erc_artistmbr.*, " . TABLE_PREFIX . "erc_artist.artisttitle
FROM " . TABLE_PREFIX . "erc_artistmbr
LEFT JOIN " . TABLE_PREFIX . "erc_artist ON " . TABLE_PREFIX . "erc_artist.artistid = " . TABLE_PREFIX . "erc_artistmbr.artistid
";

if ($_GET['artistid'])
{
$sql .= " WHERE " . TABLE_PREFIX . "erc_artistmbr.artistid = '".$_GET['artistid']."'";
}

$sql .= " ORDER BY " . TABLE_PREFIX . "erc_artist.artisttitle, erc_artistmbr.displayorder";
$artistmbrs = $db->query_read($sql);


and i tried to utilize it as follows, with no luck...

$getartistid = $vbulletin->input->clean_gpc('g', 'artistid', TYPE_INT);

$sql = "SELECT " . TABLE_PREFIX . "erc_artistmbr.*, " . TABLE_PREFIX . "erc_artist.artisttitle
FROM " . TABLE_PREFIX . "erc_artistmbr
LEFT JOIN " . TABLE_PREFIX . "erc_artist ON " . TABLE_PREFIX . "erc_artist.artistid = " . TABLE_PREFIX . "erc_artistmbr.artistid
";

if ($getartistid)
{
$sql .= " WHERE " . TABLE_PREFIX . "erc_artistmbr.artistid = '$getartistid'";
}

$sql .= " ORDER BY " . TABLE_PREFIX . "erc_artist.artisttitle, erc_artistmbr.displayorder";
$artistmbrs = $db->query_read($sql);



Anyone know why it's not working? The var $getartistid seems like it's set up properly, but whe ni run the script, it just comes up with a blank result set. :(
Thanks!

Code Monkey
07-17-2006, 03:20 AM
$vbulletin->input->clean_array_gpc('r', array(
'artistid' => TYPE_UINT
));

$sql = "SELECT " . TABLE_PREFIX . "erc_artistmbr.*, " . TABLE_PREFIX . "erc_artist.artisttitle
FROM " . TABLE_PREFIX . "erc_artistmbr
LEFT JOIN " . TABLE_PREFIX . "erc_artist ON " . TABLE_PREFIX . "erc_artist.artistid = " . TABLE_PREFIX . "erc_artistmbr.artistid
";

if ($vbulletin->GPC['artistid'])
{
$artistid = $vbulletin->GPC['artistid'];
$sql .= " WHERE " . TABLE_PREFIX . "erc_artistmbr.artistid = $artistid";
}

$sql .= " ORDER BY " . TABLE_PREFIX . "erc_artist.artisttitle, erc_artistmbr.displayorder";
$artistmbrs = $db->query_read($sql);

Antivirus
07-18-2006, 12:48 AM
thanks jumpd, works nicely in that instance, however for another situation, I am having problems using the cleaner class within a foreach loop...

My current code:

if ($_POST['do'] == 'updatedisplayorder')
{
foreach ($_POST['order'] as $artistmbrid => $xdisplayorder)
{
$db->query_write("UPDATE " . TABLE_PREFIX . "erc_artistmbr SET `displayorder` = '".$xdisplayorder."' WHERE artistmbrid = '".$artistmbrid."'");
}
}



What i tried that didn't work:

if ($_POST['do'] == 'updatedisplayorder')
{
$vbulletin->input->clean_array_gpc('p', array(
'order' => TYPE_INT
));

foreach ($vbulletin->GPC['order'] as $artistmbrid => $xdisplayorder)
{
$db->query_write("UPDATE " . TABLE_PREFIX . "erc_artistmbr SET `displayorder` = '".$xdisplayorder."' WHERE artistmbrid = '".$artistmbrid."'");
}
}


When i run the second above, it fails to update the display order. It does nothing. I know this class will start to make sense to me once i see a few examples with & without it's use, just taking me a little time to get used to using the cleaner class.