vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Variable not behaving in query (https://vborg.vbsupport.ru/showthread.php?t=156902)

Knippschild 09-03-2007 02:41 AM
Variable not behaving in query
 
This is wierd. I have a variable within a string.

Basically I am setting a query string in a variable, then executing that variable.

example:

Code:
                $sbc_ban_query = "INSERT INTO `".TABLE_PREFIX."userban` VALUES ($sbc_poster,$sbc_p_group,$sbc_display,'','0',$sbc_bot_userid,".time().", 0, '$sbc_ban_message')";
                        mysql_query($sbc_ban_query);
The problem is, for some reason the $sbc_ban_message is not returning a value during the query, though the variable is set well before it, so it's returning a BLANK value, so there's no ban reason at all.

I got very confused by this and had it PM me the query. To my surprise the message WAS there and I never changed the value of the query string. I even ran the query to PHPmyAdmin and it executes correctly with all the correct values.

I can't figure out why the query string is "apparently" blank before the query, but when I echo/PM it to myself, it's all visible.

Is there something I am totally missing?

Dismounted 09-03-2007 06:19 AM
Are you using a vBulletin-backend on this? If you are, you should use the vBulletin DB class.

Dean C 09-03-2007 06:21 AM
I really hope you're not doing what I think you're doing when you say this: "Basically I am setting a query string in a variable, then executing that variable.".

It sounds like you're extracting request parameters using extract($_REQUEST); and then using the approriate request string, directly in your query, which is a security disaster!

Knippschild 09-03-2007 06:23 AM
no, what i'm doing is setting all the preset variables that are already sanitized into one variable, then doing a query on $query.

what's the difference between mysql_query(); and using the db class?

Marco van Herwaarden 09-03-2007 08:44 AM
'$sbc_ban_message'

Variables do not work inside single-quotes. ;)

Opserty 09-03-2007 09:18 AM
Quote:
Originally Posted by Marco van Herwaarden (Post 1331266)
'$sbc_ban_message'

Variables do not work inside single-quotes. ;)
He has it in double quotes :p the single-quotes are for MySQL.

Dump the $sbv_ban_message just before the query and exit the script before the query is run, then you can see weather it is the query or the actual variable that is wrong.

I think you should use the INSERT INTO `table` (`cols`) VALUES ('values') so that you can ensure the values are being set in the right column, it maybe you have mixed up the order and the message isn't being inserted into the right column and so it appears as though it hasn't been entered.

(Like dismounted said if you are using the vBulletin backend use the vB database class here is an article about using it: https://vborg.vbsupport.ru/showthread.php?t=119350)

Knippschild 09-03-2007 03:26 PM
It's not a col problem or a variable not evaluation problem.. because I have it PM me the value of the query string and the ban reason IS there. I even run it through PHPmyAdmin and it executes properly, it's jut wierd because I make no changes to it before having it PM me the value. I'll try switching over to the $db-> class

I think I got the problem figured out. I had the plugin switch the user's usergroup to a "is banned usergroup".. apparently moving them to a banned usergroup adds a ban for them too, so it was trying to insert when something already was there.

I made it ban the user before changing usergroup and seems to work now.


All times are GMT. The time now is 12:59 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00975 seconds
  • Memory Usage 1,726KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete