[Come2Daddy]

well, I'm not concerned about any injections threats right now, so let us concentrate on the simple inserting process only
I wonder how can I bring the form template into my custom page without print_output() function

of course the inserting is going to be after hitting the submit button, but the submit button & its form won't be shown without fetching its template by calling the print_output() function

--------------- Added [DATE]1252135692[/DATE] at [TIME]1252135692[/TIME] ---------------

I managed to change this fragment:

PHP Code:

$navbits = array();
$navbits[$parent] = 'Test Page';

$navbits = construct_navbits($navbits);
eval('$navbar = "' . fetch_template('navbar') . '";');
eval('print_output("' . fetch_template('TEST') . '");');

$testtable = "testtable";
$testform = $_POST['testform'];
if ($_REQUEST['do'] == "save")
{
$db->query_write("INSERT INTO " . TABLE_PREFIX . "" . $testtable . "(testcolumn) VALUES (" . $testform . ")");
} 


by this fragment:

PHP Code:

$navbits = array();
$navbits[$parent] = 'Test Page';

$navbits = construct_navbits($navbits);
eval('$navbar = "' . fetch_template('navbar') . '";');

$testtable = "testtable";
$testform = $_POST['testform'];
if ($_REQUEST['do'] == "add")
{
eval('print_output("' . fetch_template('TEST') . '");');
}

elseif ($_REQUEST['do'] == "save")
{
          $vbulletin->input->clean_array_gpc('p', array(
                'testform'    => TYPE_STR
      ));
    
$db->query_write("INSERT INTO " . TABLE_PREFIX . "" . $testtable . "(testcolumn) VALUES (" . $vbulletin->GPC['testform'] . ")");

} 


so when I take my browser into test.php it doesn't show the template, however when I go to test.php?do=add it shows me the form

and of course the action of the form is test.php?do=save should not show any template but every time I try to insert data it gives me sql syntax error if you have any idea about how to come over it