This is wierd. I have a variable within a string.

Basically I am setting a query string in a variable, then executing that variable.

example:

$sbc_ban_query = "INSERT INTO `".TABLE_PREFIX."userban` VALUES ($sbc_poster,$sbc_p_group,$sbc_display,'','0',$sbc _bot_userid,".time().", 0, '$sbc_ban_message')";
mysql_query($sbc_ban_query);


The problem is, for some reason the $sbc_ban_message is not returning a value during the query, though the variable is set well before it, so it's returning a BLANK value, so there's no ban reason at all.

I got very confused by this and had it PM me the query. To my surprise the message WAS there and I never changed the value of the query string. I even ran the query to PHPmyAdmin and it executes correctly with all the correct values.

I can't figure out why the query string is "apparently" blank before the query, but when I echo/PM it to myself, it's all visible.

Is there something I am totally missing?

Are you using a vBulletin-backend on this? If you are, you should use the vBulletin DB class.

I really hope you're not doing what I think you're doing when you say this: "Basically I am setting a query string in a variable, then executing that variable.".

It sounds like you're extracting request parameters using extract($_REQUEST); and then using the approriate request string, directly in your query, which is a security disaster!

no, what i'm doing is setting all the preset variables that are already sanitized into one variable, then doing a query on $query.

what's the difference between mysql_query(); and using the db class?

'$sbc_ban_message'

Variables do not work inside single-quotes. ;)

'$sbc_ban_message'

Variables do not work inside single-quotes. ;)
He has it in double quotes :p the single-quotes are for MySQL.

Dump the $sbv_ban_message just before the query and exit the script before the query is run, then you can see weather it is the query or the actual variable that is wrong.

I think you should use the INSERT INTO `table` (`cols`) VALUES ('values') so that you can ensure the values are being set in the right column, it maybe you have mixed up the order and the message isn't being inserted into the right column and so it appears as though it hasn't been entered.

(Like dismounted said if you are using the vBulletin backend use the vB database class here is an article about using it: https://vborg.vbsupport.ru/showthread.php?t=119350)

It's not a col problem or a variable not evaluation problem.. because I have it PM me the value of the query string and the ban reason IS there. I even run it through PHPmyAdmin and it executes properly, it's jut wierd because I make no changes to it before having it PM me the value. I'll try switching over to the $db-> class

I think I got the problem figured out. I had the plugin switch the user's usergroup to a "is banned usergroup".. apparently moving them to a banned usergroup adds a ban for them too, so it was trying to insert when something already was there.

I made it ban the user before changing usergroup and seems to work now.