vb.org Archive
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   SOLVED! - starting help, using php <-> templates <-> db (https://vborg.vbsupport.ru/showthread.php?t=205281)

Lynne 02-14-2009 08:45 PM
When you just do a query (query_read), the result is just a pointer to where that data is. You then need to tell it that you would like to please see the actual data. You do that with fetch_array or similar. vBulletin does have a special way of doing both of those steps together if the result is just one item. That would be query_first in place of query_read.

Vaupell 02-14-2009 09:41 PM
so your saying i need to

1) Query
$getcontentA= $vbulletin->db->query_first(" ....

2) Start an array ?
while ($data = $vbulletin->db->fetch_array($getcontentB){

3) Then eval
eval('$data.= "' . fetch_template('test_testa') .'";');

4) end the while
}

Just to display a single row of colums, which i allready have selected in the query using WHERE.

... well of to bed, dosent make sence at all.

EDIT just tryed something else..

PHP Code:
$result $vbulletin->db->query_read("SELECT RID, Rtitle, Rdesc, Rscore, Ruid, Rlink, FROM " TABLE_PREFIX ."evireviewpost WHERE RID = 1");
while ($row $db->fetch_array($result))
{
    $rowid $row['RID']; 
    $Rtitle $row['Rtitle']; 
    $Rdesc $row['Rdesc']; 
    $Rscore $row['Rscore']; 
    $Ruid $row['Ruid']; 
    $Rlink $row['Rlink']; 
    eval('print_output .= "' fetch_template('test_testa') . '";');

But this just gives me a unspecified error at last line ?> EDIT 2, ; error,, parseing,

getting db errro instead. 'FROM evireviewpost WHERE RID = 1' at line 1
just checking this out..
EDIT 3 DB error sorte, its now working..

back to a "blank" page as result.. lol wTH..

working query
PHP Code:
$result $vbulletin->db->query_read("SELECT RID, Rtitle, Rdesc, Rscore, Ruid, Rlink FROM " TABLE_PREFIX "evireviewpost WHERE RID = 1");
while ($row $vbulletin->db->fetch_array($result))
{
    $rowid $row['RID']; 
    $Rtitle $row['Rtitle']; 
    $Rdesc $row['Rdesc']; 
    $Rscore $row['Rscore']; 
    $Ruid $row['Ruid']; 
    $Rlink $row['Rlink']; 
    eval('$row .= "' fetch_template('test_testa') .'";');

partial from the template


Code:
        <td class="tcat"> TEST </td>
</tr><tr>
<td> $rowid - $Rdesc</td>
</tr><tr>
<td> normal text </td>
--------------- Added [DATE]1234656725[/DATE] at [TIME]1234656725[/TIME] ---------------

allright GOT IT WORKING..

ADDED php]eval('print_output("' . fetch_template('test_testa') . '");');[/php]
at the end,, taddaa it "pint" the whole ting.

omg, crazy,, i think i got it.. :)

Lynne 02-15-2009 12:04 AM
Um, what I said at the end was to get just one result, use query_first instead of query_read. If it was several rows you were after, you would need to do the while statement.

Dismounted 02-15-2009 03:01 AM
Reading and wrapping your head around vBulletin's default code will get you some good knowledge. Also see the vBulletin Code Standards section of the vBulletin Manual.

Vaupell 02-15-2009 07:51 AM
well i figured out to get a list diplayed proberly,

using
Code:
                eval('$tabel_list .= "' . fetch_template('test_testtabel') .'";');
and the $tabel_testtabel ONLY contains the table formatting not table begin or end

then i made ANOTHER template named test_testa and i place a link/hook/ahm location
named $tabel_testtabel where i wanted the list displayed and it actually works.

which means i really only need one main template with the reference to the
others, and call them from the php file, depending what im trying to display.

Gonna make a complete mini test mod now ;)


@Dismounted : yep, thats where i got the final solution
was looking through the forumhome and trying to figure out how it
shows the categories. :D

just going back and forth until it made some sort of sense.. !

next step - adding user imput to the db with sql injection protection.

Dismounted 02-15-2009 11:06 AM
Quote:
Originally Posted by Vaupell (Post 1744631)
next step - adding user imput to the db with sql injection protection.
"SQL injection protection" shouldn't really be an afterthought - it should already be part of your habits. However, the "Creating Secure Mods" article will get you started.

Vaupell 02-15-2009 11:09 AM
Quote:
Originally Posted by Dismounted (Post 1744729)
"SQL injection protection" shouldn't really be an afterthought - it should already be part of your habits. However, the "Creating Secure Mods" article will get you started.
im a newb ;)

i now use
'Rdesc' => TYPE_NOHTML,
when getting data from user
and when running query i use

WHERE RUID = '" . $db->escape_string($vbulletin->GPC['RUID']) . "'"

;)

Dismounted 02-15-2009 11:20 AM
TYPE_NOHTML should be used when you are not entering data into the database, but displaying it. You should be using TYPE_STR, and use htmlspecialchars_uni() when fetching and displaying the data.

Vaupell 02-15-2009 11:44 AM
Quote:
Originally Posted by Dismounted (Post 1744747)
TYPE_NOHTML should be used when you are not entering data into the database, but displaying it. You should be using TYPE_STR, and use htmlspecialchars_uni() when fetching and displaying the data.
ahh thats how its supposed to be understod.. tx was confused by the article.

Exsample..

- retrive data

PHP Code:
$result $vbulletin->db->query_read("SELECT someinfo, ...........

// run the array

while ($row = $vbulletin->db->fetch_array($result))
  {
    $Rtitle = htmlspecialchars_uni($row['someinfo'])
  } 
And when reciving it from a user to add to the db
i would do

PHP Code:
    $vbulletin->input->clean_array_gpc('p', array(
        'someinfo'             => TYPE_STR,

$someinfo =& =& htmlspecialchars_uni($vbulletin->GPC['someinfo']);

$db->query_write("INSERT ignore into table someinfo.................. 
does this also secure agains XSS crazy people ?

Dismounted 02-16-2009 05:04 AM
You don't use htmlspecialchars() when inserting into the DB.
PHP Code:
$someinfo $db->escape_stting($vbulletin->GPC['someinfo']); 


All times are GMT. The time now is 07:38 PM.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01595 seconds
  • Memory Usage 1,765KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (5)bbcode_php_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete