I keep getting a database error whenever I try to update a user...

Can someone tell me what is wrong with this line?

if ($exists=$DB_site->query_first("SELECT userid FROM user WHERE username=".addslashes(htmlspecialchars($ausername))." AND userid <> $userid")) {
echo "There is already an ".makelinkcode('user',"user.php?do=edit&userid=$exists[userid]",1)." named <b>".htmlspecialchars($ausername)."</b>";
exit;
}

It keeps causing an error, and I dont know why...

Also - Our member numbers jumped from "386" or thereabouts, to something like "12123134"...

Could that be the cause of the error, and if so, how can I change it?

Satan

Whats the database error you are getting?

hellsatan try changing::

userid <> $userid

to

userid != $userid

regards... as for the member issue ouch ;)

g-force2k2

Thanks gforce...I shall try that;)

@NTLDR - If gforce hasnt fixed it, I shall post it;)

Satan

Actually hellsatan the coding doesn't look right at all from my pov... replace your code ::

if ($exists=$DB_site->query_first("SELECT userid FROM user WHERE username=".addslashes(htmlspecialchars($ausername))." AND userid <> $userid")) {
echo "There is already an ".makelinkcode('user',"user.php?do=edit&userid=$exists[userid]",1)." named <b>".htmlspecialchars($ausername)."</b>";
exit;
}

with::

$exists = $DB_site->query_first("SELECT username FROM user WHERE username='".addslashes(htmlspecialchars($ausername))."' AND userid != $userid");
if($exists[username] == "$ausername") {
echo "<p>[ error message here]</p>";
exit;
}

regards... also you forgot the ' slashes around addslashes ;)

g-force2k2

It didnt fix it, even with gforce's attempt...

I now get this error :

Database error in vBulletin Control Panel 2.2.5:

Invalid SQL: SELECT username FROM user WHERE username='9Teen90Nine' AND userid !=
mysql error: You have an error in your SQL syntax near '' at line 1

mysql error number: 1064

Satan

Hell satan its because you have an empty $userid... the userid variable doesn't seem like its being selected... regards...

edit: what coding do you have that uses the $userid variable?

g-force2k2

How do you mean gforce?

It is supposed to work in the user.php from the admin file...It is just not working, and I cannot start again, because it is hacked, and I have forgotten which ones I added:(

Satan

hellsatan i just looked at admin/user.php

find:

$exists = $DB_site->query_first("SELECT username FROM user WHERE username='".addslashes(htmlspecialchars($ausername))."' AND userid != $userid");

replace with:

$exists = $DB_site->query_first("SELECT username FROM user WHERE username='".addslashes(htmlspecialchars($ausername))."'");

see if that works hellsatan... regards...

g-force2k2

Thanks...

It sorta works...

Now when I try to update someone, I get :

"There is already an [user] named 9Teen90Nine"

Satan

hellsatan for that one you have to add...

WHERE userid != '$user[userid]'

to the end of that sql ;) regards...

g-force2k2

this is a common bug.. i had this same problem a while ago....

Originally posted by Mist
this is a common bug.. i had this same problem a while ago....

thats only if you don't tell the php to skip the user being edited ;) regards...

g-force2k2

Ok...

I did that...

It still doesnt work...

What it appears to be doing is showing no userid...

Im confused...

Satan

my bad hellsatan... try this code... regards...

WHERE userid != '$userid'

if that doesn't work :p ....

WHERE username != '".addslashes(htmlspecialchars($ausername)."'

regards... ;)

g-force2k2

No...Neither of them work:(

I just get this error now...:(

Satan

hellsatan this code doesn't work?

$exists = $DB_site->query_first("SELECT username FROM user WHERE username='".addslashes(htmlspecialchars($ausername))."' AND userid != $userid");

regards...

g-force2k2

Aha...

I have WHERE in place of AND;)

Satan

Ok...

Now I get this again :(

There is already an [user] named 9Teen90Nine

:confused:

Satan

hmm... and you're trying to update the user yes? regards...

Edit :: Actually make the $userid and change it to $user['userid']

see if that works now :)

g-force2k2

I get this :

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/hsphere/local/home/madness/madnessforum.com/vb/admin/user.php on line 325

Satan

Probably a missing colon at the end of that line?

Yeah make sure it looks like this ;)

$exists = $DB_site->query_first("SELECT username FROM user WHERE username='".addslashes(htmlspecialchars($ausername))."' AND userid != $user[userid]");

regards...

g-force2k2

Thanke Schon, mais il ne marche pas:(:cry:

Database error in vBulletin Control Panel 2.2.5:

Invalid SQL: SELECT username FROM user WHERE username='9Teen90Nine' AND userid !=
mysql error: You have an error in your SQL syntax near '' at line 1

mysql error number: 1064

Satan

well then it has to be $userid variable but why it isn't working i am not really sure... you could send me your admin/user.php and i can debug it for you if you like... regards...

g-force2k2

Ok:)

I shall PM you for your email address;)

Satan