Antivirus
07-17-2006, 02:33 AM
I have been trying to do all code goingforward utilizing vb's input cleaner class as opposed to $_GET, $_POST, $_REQUEST, etc... but it doesn't seem to want to cooperate with me... The block of code i havew which works fine as-is, is:
$sql = "SELECT " . TABLE_PREFIX . "erc_artistmbr.*, " . TABLE_PREFIX . "erc_artist.artisttitle
FROM " . TABLE_PREFIX . "erc_artistmbr
LEFT JOIN " . TABLE_PREFIX . "erc_artist ON " . TABLE_PREFIX . "erc_artist.artistid = " . TABLE_PREFIX . "erc_artistmbr.artistid
";
if ($_GET['artistid'])
{
$sql .= " WHERE " . TABLE_PREFIX . "erc_artistmbr.artistid = '".$_GET['artistid']."'";
}
$sql .= " ORDER BY " . TABLE_PREFIX . "erc_artist.artisttitle, erc_artistmbr.displayorder";
$artistmbrs = $db->query_read($sql);
and i tried to utilize it as follows, with no luck...
$getartistid = $vbulletin->input->clean_gpc('g', 'artistid', TYPE_INT);
$sql = "SELECT " . TABLE_PREFIX . "erc_artistmbr.*, " . TABLE_PREFIX . "erc_artist.artisttitle
FROM " . TABLE_PREFIX . "erc_artistmbr
LEFT JOIN " . TABLE_PREFIX . "erc_artist ON " . TABLE_PREFIX . "erc_artist.artistid = " . TABLE_PREFIX . "erc_artistmbr.artistid
";
if ($getartistid)
{
$sql .= " WHERE " . TABLE_PREFIX . "erc_artistmbr.artistid = '$getartistid'";
}
$sql .= " ORDER BY " . TABLE_PREFIX . "erc_artist.artisttitle, erc_artistmbr.displayorder";
$artistmbrs = $db->query_read($sql);
Anyone know why it's not working? The var $getartistid seems like it's set up properly, but whe ni run the script, it just comes up with a blank result set. :(
Thanks!
$sql = "SELECT " . TABLE_PREFIX . "erc_artistmbr.*, " . TABLE_PREFIX . "erc_artist.artisttitle
FROM " . TABLE_PREFIX . "erc_artistmbr
LEFT JOIN " . TABLE_PREFIX . "erc_artist ON " . TABLE_PREFIX . "erc_artist.artistid = " . TABLE_PREFIX . "erc_artistmbr.artistid
";
if ($_GET['artistid'])
{
$sql .= " WHERE " . TABLE_PREFIX . "erc_artistmbr.artistid = '".$_GET['artistid']."'";
}
$sql .= " ORDER BY " . TABLE_PREFIX . "erc_artist.artisttitle, erc_artistmbr.displayorder";
$artistmbrs = $db->query_read($sql);
and i tried to utilize it as follows, with no luck...
$getartistid = $vbulletin->input->clean_gpc('g', 'artistid', TYPE_INT);
$sql = "SELECT " . TABLE_PREFIX . "erc_artistmbr.*, " . TABLE_PREFIX . "erc_artist.artisttitle
FROM " . TABLE_PREFIX . "erc_artistmbr
LEFT JOIN " . TABLE_PREFIX . "erc_artist ON " . TABLE_PREFIX . "erc_artist.artistid = " . TABLE_PREFIX . "erc_artistmbr.artistid
";
if ($getartistid)
{
$sql .= " WHERE " . TABLE_PREFIX . "erc_artistmbr.artistid = '$getartistid'";
}
$sql .= " ORDER BY " . TABLE_PREFIX . "erc_artist.artisttitle, erc_artistmbr.displayorder";
$artistmbrs = $db->query_read($sql);
Anyone know why it's not working? The var $getartistid seems like it's set up properly, but whe ni run the script, it just comes up with a blank result set. :(
Thanks!