vb.org Archive
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Modification Requests/Questions (Unpaid) (https://vborg.vbsupport.ru/forumdisplay.php?f=112)
-   -   forumhome: PM Queries optimization! (https://vborg.vbsupport.ru/showthread.php?t=44131)

Xenon 10-01-2002 07:50 PM
you have a real wierd board have ya?
it shows also 0 at my boards...

NTLDR 10-01-2002 07:50 PM
This is the code I have, with the origional variables in the templates and it works fine on 2.2.7 and 2.2.8 and displays 0 for me:

PHP Code:
$allpm=$DB_site->query_first("SELECT COUNT(*) AS messages,
                                 SUM(IF(dateline>$bbuserinfo[lastvisit] AND folderid=0,1,0)) AS newpm,
                                 SUM(IF(messageread=0 AND folderid=0,1,0)) AS unreadpm
                                 FROM privatemessage WHERE userid=$bbuserinfo[userid] $ignoreusers");
 
$newpm=$allpm['newpm'];
$unreadpm=$allpm['unreadpm']; 

N9ne 10-01-2002 08:05 PM
I have this:

$allpm=$DB_site->query_first("SELECT COUNT(*) AS messages,
SUM(IF(dateline>$bbuserinfo[lastvisit] AND folderid=0,1,0)) AS newpm,
SUM(IF(messageread=0 AND folderid=0,1,0)) AS unreadpm
FROM privatemessage WHERE userid=$bbuserinfo[userid] $ignoreusers");

$newpm['messages']=$allpm['newpm'];
$unreadpm['messages']=$allpm['unreadpm'];

Which looks the same! However it still doesn't show 0 for unread and new PMs! Why is it doing this? Is there anything in index.php that could cause this? [i have modified it a tiny bit, but not the PM bits :S]

Xenon 10-01-2002 08:10 PM
hmm, depends on what you've changed ;)

try
PHP Code:
$newpm['messages']=intval($allpm['newpm']);
$unreadpm['messages']=intval($allpm['unreadpm']); 
instead of
PHP Code:
$newpm['messages']=$allpm['newpm'];
$unreadpm['messages']=$allpm['unreadpm']; 

N9ne 10-01-2002 08:12 PM
It works! Thankyou for putting up with me and my problems, keep up the good work :)

Xenon 10-01-2002 08:17 PM
:)
you're welcome

i'm glad finally it works ;)

btw. i think it's an php internal issue, can you tell me which php version you run?

NTLDR 10-01-2002 08:18 PM
Quote:
Originally posted by Xenon
PHP Code:
$newpm['messages']=intval($allpm['newpm']);
$unreadpm['messages']=intval($allpm['unreadpm']); 
Xenon would changeing the code I have to what you have posted be a more secure way of doing it? I read a post somewhere from one of the dev's saying you should use intval for security reasons. Also there were lots of changes that use intval in 2.2.8.

Xenon 10-01-2002 08:26 PM
well this part isn't a security risk part, so you can leave your code or change it, no problem...

intval is more secure, because strings are always converted into an int value. that'll take effect on inputboxes whenever a user should enter an intval but enters a string this could produce security problems as i can think of.

hmm, is this understandable?

perhaps an example:

PHP Code:
$posts="5, password=MD5('hello')";
$DB-site->query("UPDATE user SET posts=$posts"); 
as you can see this would run this query:
UPDATE user SET posts=5,password=MD5('hello')

if you use intval this cannot happen:
PHP Code:
$posts="5, password=MD5('hello')";
$DB-site->query("UPDATE user SET posts=".intval($posts)); 
this would just run this query (as normally wanted):
UPDATE user SET posts=5

NTLDR 10-01-2002 08:30 PM
Thanks for the explaination Xenon :) I understand why and where intval should be used now ;)

Erwin 10-01-2002 09:03 PM
Yes, I think that's why they did it - to avoid users entering in non-integer values and running the risk of corrupting the db or causing db errors.


All times are GMT. The time now is 04:07 PM.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01098 seconds
  • Memory Usage 1,747KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete