PDA

View Full Version : [BUG] minor bugs on mod_arcade.php


Logician
09-01-2007, 03:30 PM
It seems that some variables like $mid_o in mod_arcade.php needs to be intval()ed before used in queries. Otherwise it sometimes have a blank value and produce DB errors like:

mySQL query error: UPDATE tournament_players_statut SET statut='3' WHERE tid='286' AND mid=

Changing the lines to

$check=$DB->query("SELECT mid FROM ibf_tournament_players WHERE tid=".$tid." AND faceoff=".$nextfaceoff." AND rung=".($rung-1)." AND mid<>".intval($mid_o));

fixes the issue.

Likewise the line:


$getidquery = $DB->query("SELECT userid FROM ibf_user WHERE username='".$disqualify['creat']."'");


should be

$getidquery = $DB->query("SELECT userid FROM ibf_user WHERE username='".addslashes($disqualify['creat'])."'");

otherwise it produces another DB error if usernames has a ' in it.

:)