I am making a custom mod for someone and I'm stuck.

I made a link "battle_stats.php?bs=$post[userid]" in the postbit_legacy template and the userid shows up.

In the battle_stats.php file what do I put in the query to receive that userid from the userfield?

I am trying to make a pop-up window with certain profile fields.

I think you have to use $_GET to access a variable in a url. Also make sure you sanitize it before doing anything with it. (Globalize for 3.0 or $vbulletin->input->clean_array_gpc() for 3.5)

This is for version 3.0.8
I have tried these three but they don't work


$getstats = $DB_site->query("SELECT * FROM userfield WHERE userid='$post[userid]'")or die(mysql_error());
$stats = mysql_fetch_array($getstats);

$getstats = $DB_site->query("SELECT * FROM userfield WHERE userid='$_GET[userid]'")or die(mysql_error());
$stats = mysql_fetch_array($getstats);

$getstats = $DB_site->query("SELECT * FROM userfield WHERE userid='$userid'")or die(mysql_error());
$stats = mysql_fetch_array($getstats);

can you explain "sanitize" and "globalize"?

Your using some functions that have specific vbulletin functions

like mysql_fetch array equals $DB_site->fetch_array($foo)..

I suggest reading Brad's excellant tutorial located here (https://vborg.vbsupport.ru/showthread.php?t=75207)

You can also use $DB_site->query_first instead of just query, since your only retrieving one row.

Globalize santizes variables to make sure they are holding the correct data types, this helps greatly with security.

I have tried the following but it gave me a blank white screen.

$DB_site->query_first

Here's an example of using it:

$query = $DB_site->query_first("SELECT * FROM userfield WHERE userid='" .$userid "'");

Oh!! I see.

I tried it with

$getstats = $DB_site->query_first("SELECT * FROM userfield WHERE userid='".$userid."'");
$stats = $DB_site->fetch_array($getstats);


But "$stats = $DB_site->fetch_array($getstats);" isn't needed.

Maybe I have to join tables together because the variable isn't being passed.