Logician
09-01-2007, 03:30 PM
It seems that some variables like $mid_o in mod_arcade.php needs to be intval()ed before used in queries. Otherwise it sometimes have a blank value and produce DB errors like:
mySQL query error: UPDATE tournament_players_statut SET statut='3' WHERE tid='286' AND mid=
Changing the lines to
$check=$DB->query("SELECT mid FROM ibf_tournament_players WHERE tid=".$tid." AND faceoff=".$nextfaceoff." AND rung=".($rung-1)." AND mid<>".intval($mid_o));
fixes the issue.
Likewise the line:
$getidquery = $DB->query("SELECT userid FROM ibf_user WHERE username='".$disqualify['creat']."'");
should be
$getidquery = $DB->query("SELECT userid FROM ibf_user WHERE username='".addslashes($disqualify['creat'])."'");
otherwise it produces another DB error if usernames has a ' in it.
:)
mySQL query error: UPDATE tournament_players_statut SET statut='3' WHERE tid='286' AND mid=
Changing the lines to
$check=$DB->query("SELECT mid FROM ibf_tournament_players WHERE tid=".$tid." AND faceoff=".$nextfaceoff." AND rung=".($rung-1)." AND mid<>".intval($mid_o));
fixes the issue.
Likewise the line:
$getidquery = $DB->query("SELECT userid FROM ibf_user WHERE username='".$disqualify['creat']."'");
should be
$getidquery = $DB->query("SELECT userid FROM ibf_user WHERE username='".addslashes($disqualify['creat'])."'");
otherwise it produces another DB error if usernames has a ' in it.
:)