Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
Reload this Page Having problems with clean_gpc function
FAQ Members List Calendar Search Today's Posts Mark Forums Read
  #1  
Old 02-14-2009, 12:48 AM
Jaxel Jaxel is offline
 
Join Date: Sep 2005
Posts: 1,160
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Having problems with clean_gpc function
I am using the following code...

Code:
function update_event($event)
{
	global $vbulletin, $db;

	$venue	= htmlspecialchars($vbulletin->input->clean_gpc('p', 'venue', TYPE_STR));
	$name		= htmlspecialchars($vbulletin->input->clean_gpc('p', 'name', TYPE_STR));
	$split	= htmlspecialchars($vbulletin->input->clean_gpc('p', 'split', TYPE_UINT));
	$game		= htmlspecialchars($vbulletin->input->clean_gpc('p', 'game', TYPE_UINT));
	$category	= htmlspecialchars($vbulletin->input->clean_gpc('p', 'category', TYPE_UINT));

	$day		= htmlspecialchars($vbulletin->input->clean_gpc('p', 'day', TYPE_UINT));
	$month	= htmlspecialchars($vbulletin->input->clean_gpc('p', 'month', TYPE_STR));
	$year		= htmlspecialchars($vbulletin->input->clean_gpc('p', 'year', TYPE_UINT));
	$time		= htmlspecialchars($vbulletin->input->clean_gpc('p', 'time', TYPE_STR));
	$timestamp = $day." ".$month." ".$year." ".$time." ".date('T');

	$db->query_write("UPDATE rank_events SET gameID='".$game."' WHERE eventID='".$event['eventID']."'");
	$db->query_write("UPDATE rank_events SET categoryID='".$category."' WHERE eventID='".$event['eventID']."'");
	$db->query_write("UPDATE rank_events SET eDate='".strtotime($timestamp)."' WHERE eventID='".$event['eventID']."'");
	$db->query_write("UPDATE rank_events SET eVenue='".$venue."' WHERE eventID='".$event['eventID']."'");
	$db->query_write("UPDATE rank_events SET eName='".$name."' WHERE eventID='".$event['eventID']."'");
	$db->query_write("UPDATE rank_events SET eSplit='".$split."' WHERE eventID='".$event['eventID']."'");
}

I thought this code would "sanitize" my inputs so that I wouldn't have any poisoning going on... but I still get the following error when I try to input something with a ' in it...

Code:
Database error in vBulletin 3.8.1:

Invalid SQL:
UPDATE rank_events SET eVenue='Gamer's Edge' WHERE eventID='4';

MySQL Error   : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Edge' WHERE eventID='4'' at line 1
Error Number  : 1064

How do I fix this?
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 05:48 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.12575 seconds
  • Memory Usage 2,189KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete