hey im making a page.
I'll provide it a user id & i want it to show that
- user name (with proper HTML markup)
- user title (custom title if that user use one)
- ranks

i mean i'll type the link like this:
http://DOMAIN/PATH/MYFILE.php?u=6 (here 6 is the user id)

it'll show me those info of user-6

plz give me the php code for such a file...

thank you. :)

Look up the function fetch_userinfo (do a search in your files for it, I can't remember which file it is in).

i looked in function.php file & found some code...based on those i wrote these code

$userid = $_REQUEST['u'];

$userinfo = $db->query_read("SELECT username, usertitle, usergroupid FROM " . TABLE_PREFIX . "user WHERE userid=$userid");
$userinfo = $vbulletin->db->fetch_array($userinfo);

$usergroup = $userinfo['usergroupid'];

$username = $userinfo['username'];
$musername = $vbulletin->usergroupcache["$usergroup"]['opentag'] . $username . $vbulletin->usergroupcache["$usergroup"]['closetag'];

$usertitle = $userinfo['usertitle'];


so it can show username (with html mark) by $musername & that user's title (or custom title) by $usertitle

but what about Ranks

plz help me about RANKS

You might want to familiarize yourself with the vBulletin API (http://members.vbulletin.com/api/). In the functions, you will find fetch_rank.

Isn't his SQL query open to injection attacks?
Unless vB's query_read() function protects against it.

Like I told him, he should use the existing functions. And yes, he should use the input cleaner also.

guys english plz :( im not an advance vb coder.

1st of all what is "SQL query open to injection attacks". how can i solve it?

lynne u told about existing functions !

could u guys plz, plz & plz post some PHP code here as an example? plz stop telling look here or there...find it....its really not an easy thing for a novice coder

The existing php code is in the vbulletin files. Did you try a search in the files for fetch_userinfo? It shows up many times and you can see the use of it. These are some excepts from a page I use:

First the cleaner is used on the userid that is passed from the form:

$vbulletin->input->clean_array_gpc('r', array(
'f' => TYPE_UINT,
'do' => TYPE_STR,
'u' => TYPE_UINT,
));then the userinfo is obtained a few lines after and I grab the username (and other stuff later):
$userinfo = fetch_userinfo($vbulletin->GPC['u']);
$username = $userinfo['username'];Take a look at the function itself to see all the info obtained in the query - in includes/functions.php

There are articles you can read on the user of the vbulletin cleaner and on writing secure code.

thank you Lynne. thank you very much.
especially for
fetch_userinfo($vbulletin->GPC['u']);

but still cant do it for Rank
i tried something like this
require_once('./includes/functions_ranks.php');

$vbulletin->input->clean_array_gpc('r', array(
'f' => TYPE_UINT,
'do' => TYPE_STR,
'u' => TYPE_UINT,
));

$rank = fetch_rank($vbulletin->GPC['u']);
$rank = $rank['rankimg'];

echo $rank;


showing nothing


can u plz help me....plz

Did you look the function up in the API like I suggested? The API will tell you what file it is in. Or, do a search in the files for the function to find what file it is in and then make sure you either include the file in your code, or copy/paste the function into your code.

Did you look the function up in the API like I suggested? The API will tell you what file it is in. Or, do a search in the files for the function to find what file it is in and then make sure you either include the file in your code, or copy/paste the function into your code.

sorry lynne i just edited my last post...with update

plz see that now

You really need to read the function and look at examples in the code. From cron/promotion.php:

$userrank =& fetch_rank($user);
if ($promotion['rank'] != $userrank)
{
$userupdates["$promotion[userid]"]['rank'] = $userrank;
}

$userrank is used directly.

@Lynne - Thank you. I know it's over 4 years old, but this thread got me set in the right direction for fixing my own problem.