Antivirus
12-07-2006, 11:31 PM
the following code works fine for me using straight php, however when i try to get it to work using the vbulletin input cleaner, it just posts "array" into the responses field and wipes out the submittes results:
here's what's working for me using "non-vb" php:
foreach ($_POST['whatyoudid'] as $feedbackdetailid => $whatyoudid)
{
$db->query_write("
UPDATE scst_feedbackdetail SET
whatyoudid = '" . addslashes($whatyoudid) . "',
responses = '" . addslashes($_POST['responses'][$feedbackdetailid]) . "',
comments = '" . addslashes($_POST['comments'][$feedbackdetailid]) . "'
WHERE feedbackdetailid = '" . $feedbackdetailid . "'
");
}
i tried to clean it as follows but no dice:
$vbulletin->input->clean_array_gpc('p', array(
'feedbackdetailid' => TYPE_UINT,
'whatyoudid' => TYPE_STR,
'responses' => TYPE_STR,
'comments' => TYPE_STR
));
foreach ($db->escape_string($vbulletin->GPC['whatyoudid']) as $feedbackdetailid => $whatyoudid)
{
$db->query_write("
UPDATE " . TABLE_PREFIX . "scst_feedbackdetail SET
whatyoudid = '" . $whatyoudid . "',
responses = '" . $db->escape_string($vbulletin->GPC['responses'][$feedbackdetailid]) . "',
comments = '" . $db->escape_string($vbulletin->GPC['comments'][$feedbackdetailid]) . "'
WHERE feedbackdetailid = '" . $feedbackdetailid . "'
");
}
I just need to figure out how to clean the two arrays above... $_POST['responses'][$feedbackdetailid] and $_POST['comments'][$feedbackdetailid]
can anyone save me from bloody torment?
here's what's working for me using "non-vb" php:
foreach ($_POST['whatyoudid'] as $feedbackdetailid => $whatyoudid)
{
$db->query_write("
UPDATE scst_feedbackdetail SET
whatyoudid = '" . addslashes($whatyoudid) . "',
responses = '" . addslashes($_POST['responses'][$feedbackdetailid]) . "',
comments = '" . addslashes($_POST['comments'][$feedbackdetailid]) . "'
WHERE feedbackdetailid = '" . $feedbackdetailid . "'
");
}
i tried to clean it as follows but no dice:
$vbulletin->input->clean_array_gpc('p', array(
'feedbackdetailid' => TYPE_UINT,
'whatyoudid' => TYPE_STR,
'responses' => TYPE_STR,
'comments' => TYPE_STR
));
foreach ($db->escape_string($vbulletin->GPC['whatyoudid']) as $feedbackdetailid => $whatyoudid)
{
$db->query_write("
UPDATE " . TABLE_PREFIX . "scst_feedbackdetail SET
whatyoudid = '" . $whatyoudid . "',
responses = '" . $db->escape_string($vbulletin->GPC['responses'][$feedbackdetailid]) . "',
comments = '" . $db->escape_string($vbulletin->GPC['comments'][$feedbackdetailid]) . "'
WHERE feedbackdetailid = '" . $feedbackdetailid . "'
");
}
I just need to figure out how to clean the two arrays above... $_POST['responses'][$feedbackdetailid] and $_POST['comments'][$feedbackdetailid]
can anyone save me from bloody torment?