Hi,

Having had only a few hours sleep I had made a right pig's ear of some code I was trying to form and for several reasons it will not work.

Basically I wanted to Enter a userid in to the form and it would run the SQL insert queries. The userid is the item that I'm having problems entering in as I cannot recall what I actually have to put (and yes it is all a little heavy handed).

Any assistance would be much appreciated :)


Simple form
<form action="multiaward2.php" method="post">
Please enter a UserID to update with grey award icons:<br>
UserID: <input type="text" name="multiid"><br>
<input type="Submit">
</form>

multiaward2.php
<?

// ######################## SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);

// ##################### DEFINE IMPORTANT CONSTANTS #######################
define('NO_REGISTER_GLOBALS', 1);
define('THIS_SCRIPT', 'award.php');

// #################### PRE-CACHE TEMPLATES AND DATA ######################
$phrasegroups = array();
$specialtemplates = array();

// ########################## REQUIRE BACK-END ############################
require_once('./global.php');

$this_script = 'award_multi';

// ######################## CHECK ADMIN PERMISSIONS #######################
if (!can_administer('canadminusers'))
{
print_cp_no_permission();
}

$multiid = '$_post["multiid"]'


$db->query_write("
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '55' , '$multiid' , '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '56' , '". $multid ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '57' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '58' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '59' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '54' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '60' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '61' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '62' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '63' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '64' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '65' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '66' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '67' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '68' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '69' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '70' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '71' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '72' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '73' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '74' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '75', '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
INSERT INTO " . TABLE_PREFIX . "award_user
(award_id, userid, issue_reason, issue_time)
VALUES ( '77' , '". $_post['multiid'] ."', '" . addslashes($vbulletin->GPC['issue_reason']) . "', " . time() . ")
");
$issue_id = mysql_insert_id();
?>

echo '<input type="hidden" name="userid" value="'. $vbulletin->userinfo['userid'] .'" />

N.B. you should be cleaning all submitted data! Using the vBulletin Input Cleaner (https://vborg.vbsupport.ru/showthread.php?t=119372&highlight=Input+Cleaner)

Thanks for that - looking vaguely familar. Where exactly would that go? :)

In the simple form...

Yes, as I thought. However, I have two seperate files - should I integrate it in to one? Would my current SQL command then work (I've just noted the first differs from the second) or would I use and define $user[userid] and use that instead?


Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in ../multiaward2.php on line 37

Is the userid you want to insert into the database the user that is currently logged in? or can it be another userid?

If it is the former just use $vbulletin->userinfo['userid'] in the SQL query...

It will change - thats the concept behind the text field - that's to be the userid thats going to be used. E.g. if I want to run the queries for user 8 I will put 8 in to the form and click submit to which it will trigger off the queries (which require that userid number too in order to insert the data for user 8).

The form is in the AdminCP so the user that will be logged in will be an Admin, trying to assign these 25 awards to one person using one field/button.

Oh ok... well in the form you need to set it as a hidden field in the form.

Oh I forgot to add the '; at the end of my code snippet before.