Here is a small portion of the form. As you can see "planid" has a value.

<form action="hosting.php?do=do_request" method="post">
<input type="hidden" name="userid" value="1" />
<input type="hidden" name="planid" value="6" />

For some reason the query isn't picking up the value.

if($_REQUEST['do'] == "do_request")
{

$vbulletin->input->clean_array_gpc('p', array(
'userid' => TYPE_INT,
'planid' => TYPE_UINT,
'subdomain' => TYPE_STR,
'susername' => TYPE_STR,
'ignore' => TYPE_INT,
));

$getplans = $db->query_first("SELECT posts,title FROM " . TABLE_PREFIX . "hosting_plans WHERE planid='".$db->escape_string($vbulletin->GPC['planid'])."'");
$hp = $db->fetch_array($getplans);

echo "Plan: ".$hp['title']."<br />Posts: ".$hp['posts'];

}

When I echo the values it doesn't show the values.

Try this echo using $getplans instead:

echo "Plan: ".$getplans['title']."<br />Posts: ".$getplans['posts'];

No need for $hp when query_first is used.

Thank you for the quick reply. It works now.

There is no need to escape (or quote) integers in your query... you can clean it up quite a bit like this: $hp = $db->query_first("
SELECT posts, title
FROM " . TABLE_PREFIX . "hosting_plans
WHERE planid = " . $vbulletin->GPC['planid']
);Also, not sure if you figured this out from calorie's post, but using fetch_array() on the data returned by query_first() won't work, because query_first is the equivalent of calling query_read() then fetch_array().

I didn't know if I should or shouldn't use $db->escape_string($vbulletin->GPC['planid'])
Thanks for the tip.

The reason is that you are cleaning it with TYPE_UINT which casts it as an (above zero) integer. Integers can't contain anything that will need escaping.