PDA

View Full Version : Query problem with username


smirkley
05-09-2013, 06:29 PM
Seems simple enough, but I have a way with making it difficult it seems. :(


I have a variable that is loaded, $username

And I want to fill the variable $useremail from that username

This will go in a php file. But I cant figure out how to do a query that will accomplish this.

$username
$useremail = sqlquery from the $username


Can someone smak me with the obvious please?

nhawk
05-09-2013, 06:42 PM
Here you go...

$tmpname = $vbulletin->db->query_first("SELECT email
FROM " . TABLE_PREFIX . "user
WHERE username = '" . $username . "'");

$useremail = $tmpname['email'];

smirkley
05-09-2013, 07:26 PM
Thanks, giving it a try now.

Quick question?... can I do this to put it into an html template?


<?php
$tmpname = $vbulletin->db->query_first("SELECT email
FROM " . TABLE_PREFIX . "user
WHERE username = '" . $username . "'");

$useremail = $tmpname['email'];
?>

--------------- Added 1368133742 at 1368133742 ---------------

Reason asking about the html template is, I found where I need to inject this query is in an embedded html template within the php file.

<?php
\$tmpname = \$vbulletin->db->query_first("SELECT email
FROM " . TABLE_PREFIX . "user
WHERE username = '" . \$username . "'");

\$useremail = \$tmpname['email'];
?>

Currently produces
"Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING"

in

WHERE username = '" . \$username . "'");

I have to add the backslashes infront of $ to eliminate another error.

--------------- Added 1368135094 at 1368135094 ---------------

$HTML_header_t is the only place I can execute this sql query, with of course $useremail being printed in the body of that page..


<?php
$HTML_header_t = <<< TEOL
<meta http-equiv="Content-Type" content="text/html; charset={\$stylevar[charset]}" />
<html>
<head>
\$css
</head>
<body>

....etc

Lynne
05-09-2013, 10:42 PM
You cannot put php into a template. You need to put the php into a plugin and then you preregister the resulting variable for the variable you are going to use it in. It's not clear at all which template you are wanting to use this in so there is no way I can get more specific.

I can point you to this article about preregistering variables (near the end) - [vB4] Rendering templates and registering variables - a short guide (https://vborg.vbsupport.ru/showthread.php?t=228078)

smirkley
05-09-2013, 10:52 PM
You cannot put php into a template. You need to put the php into a plugin and then you preregister the resulting variable for the variable you are going to use it in. It's not clear at all which template you are wanting to use this in so there is no way I can get more specific.

I can point you to this article about preregistering variables (near the end) - [vB4] Rendering templates and registering variables - a short guide (https://vborg.vbsupport.ru/showthread.php?t=228078)

Thanks Lynne.

I am reading that and hopefully may find a solution.

This isnt a template per se', at least not a stock vb template. It is a custom file and called by another custom file.

It is a php file as you can see at the bottom of my last post for part of it. Unless that is a template by definition.

--------------- Added 1368150006 at 1368150006 ---------------

Lynne, I read that completely and I do understand what I have read, but that doesnt, nor can it, apply here.

I know that my problem is the sql syntax here, and I cant seem to find the syntax issue.

Thanks anyway, but still looking for a tad bit-o-help.

nhawk
05-10-2013, 09:08 AM
When you use HTML and PHP mixed on a page, you use the .php extension for the file but you separate the PHP and HTML like this...


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" <?php echo HTML_PARAMS; ?>>
<head>
<title><?php echo META_TAG_TITLE; ?></title>

<body>
etc..


Also, to use the query I gave you would need to require vBulletin's global.php file to setup the vB database connection. I'm don't recall if init.php is needed or not. You can try it without it to find out.

So something like this would be needed...

<?php
define('CSRF_PROTECTION', true);
require_once('./global.php');
require_once (CWD . '/includes/init.php');

$username = "Joe";

$tmpname = $vbulletin->db->query_first("SELECT email
FROM " . TABLE_PREFIX . "user
WHERE username = '" . $username . "'");

$useremail = $tmpname['email'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" <?php echo HTML_PARAMS; ?>>
<head>
<title><?php echo META_TAG_TITLE; ?></title>

<body>
My Email Address Is: <?php echo $useremail ?>
etc..



I hope that helps.

nerbert
05-10-2013, 11:28 AM
If you include or requite global.php you should be able to get any user information without an extra query, something like this:

$vbulletin->userinfo['email']

Lynne
05-10-2013, 03:46 PM
If you include the global.php file, you don't need to also include the init.php file.

kh99
05-10-2013, 07:30 PM
You should probably use $vbulletin->db->escape_string($username) in the query, otherwise if a username has a special character it may cause an error.

smirkley
05-11-2013, 12:58 AM
You should probably use $vbulletin->db->escape_string($username) in the query, otherwise if a username has a special character it may cause an error.How would I reference that using $username to get $useremail?

kh99
05-11-2013, 10:45 AM
You would just insert it where you use $username in the query. For example in the code nhawk posted it would be:

$tmpname = $vbulletin->db->query_first("SELECT email
FROM " . TABLE_PREFIX . "user
WHERE username = '" . $vbulletin->db->escape_string($username) . "'");

$useremail = $tmpname['email'];

smirkley
05-14-2013, 02:48 AM
I have attempted and tried every which way to make any of you all's suggestions, to my dismay unsuccessfully.

It seems something in the query string that is outputting a syntax error and it will not perform the query.

"Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING"

Now, I know that there can be some sql differences in revision, I am currently running on "mySQL rev: 5.0.96-community-log".

I know on another site I had to make some changes after performing an sql upgrade in rev, but I cant see here where my problem might be here.

kh99
05-14-2013, 10:07 AM
Looks like a typo or mismatched quotes or something like that. You'd have to post your exact code.

smirkley
05-14-2013, 01:42 PM
You would just insert it where you use $username in the query. For example in the code nhawk posted it would be:

$tmpname = $vbulletin->db->query_first("SELECT email
FROM " . TABLE_PREFIX . "user
WHERE username = '" . $vbulletin->db->escape_string($username) . "'");

$useremail = $tmpname['email'];

Well, the code you suggested.
I know I have to add a preceeding backslash to all points of $, and that doesnt change execution but on my setup adding the backslash removes the initial error.

But now it hangs on :

$tmpname = $vbulletin->db->query_first("SELECT email
FROM " . TABLE_PREFIX . "user
WHERE username = '" . $vbulletin->db->escape_string($username) . "'");

kh99
05-14-2013, 01:48 PM
Hmm, well, it's true that I haven't tried any of that code, but it looks OK. You shouldn't have to add any backslashes to it if you have the quotes right, because the $vbulletin->db->escape_string($username) part isn't inside the quotes.

Maybe someone else will see something I missed.

DaveNGU
05-16-2013, 06:50 PM
Did you say this is in a custom file? If it is, there's no need to use $vbulletin->db->query_first - just use PHP.

But, assuming its not (in all honesty I haven't read all of this), try this..


$tmpname = $vbulletin->db->query_first("
SELECT email
FROM " . TABLE_PREFIX . "user
WHERE username = '" . $vbulletin->db->escape_string($username) . "'
");

$tmpnamer = $tmpname->row_array();

$usermail = $tmpnamer['email'];

echo $usermail;

tbworld
05-16-2013, 07:32 PM
Reading this I believe you need to post your code. Are you querying for the current username, a selected username or creating a list for their email.

If I am reading in between the lines correctly, I think you have been trying to embed the query inside the escaped html string <-- you are calling an embedded template.

What we need to do is restructure what you have so you can see your way clear.

smirkley
05-17-2013, 03:51 AM
Reading this I believe you need to post your code. Are you querying for the current username, a selected username or creating a list for their email.

If I am reading in between the lines correctly, I think you have been trying to embed the query inside the escaped html string <-- you are calling an embedded template.

What we need to do is restructure what you have so you can see your way clear.

I think I will have to post a portion of the code. I dont know that I have rights to post it completely though, as it is propietary.

IE:

I run a third party product on my vb that uses a php based template, albiet that it is mixed with php and template html.

And it works, and by generating a page consisting of a header/body/footer.

In this template are variables like $username and a few others. $username is populated in the php file that calles this "template".php. And $username can and is used in the html part of the file.

I have a need now to create a way of making $useremail work the same way.



But the snag, or I would have it by now myself, the file that fills $username is encoded so that file can not be changed.

My only option is to find a way to make it work by way of a query, in the template file as it isnt encoded.

Otherwise I am SOL.

tbworld
05-17-2013, 04:41 AM
But the snag, or I would have it by now myself, the file that fills $username is encoded so that file can not be changed.

Is this a vbulletin page calling a vbulletin template or an external page calling their own type of mixed php/html template?

Is the outputting of the template encoded? (Not the template)
Can you parse the output $username in php to extract the data you need for your query?

Trying to understand a little further. Not all the questions I asked above will make sense
under your code condition, but it will let me fill in the gaps of information.

smirkley
05-17-2013, 01:01 PM
It is not a vb page nor template, the php files although running as a vb product modification, run independantly from vb short of the attachment to the database and other misc variables.

The page generated does not contain vb elements such as vb header or footer, and the body is independant and stand-alone.

The output is not encoded, just the original process in the php files are. As a anote, I can unencode the calling file, but only to view its contents, I cannot run it outside of being encoded.

Yes the $username can and is parsed in the outputting of the html generated page reletive to the user that the page is generated for.

tbworld
05-17-2013, 10:44 PM
Okay I have the picture. Unfortunately, because of all the particulars, I doubt that I can help you without seeing code. Sorry :(