weird problem w/ query

[harmor19]

Here is a small portion of the form. As you can see "planid" has a value.

HTML Code:

<form action="hosting.php?do=do_request" method="post">
<input type="hidden" name="userid" value="1" />
<input type="hidden" name="planid" value="6" />

For some reason the query isn't picking up the value.

PHP Code:

if($_REQUEST['do'] == "do_request")
{

$vbulletin->input->clean_array_gpc('p', array(
    'userid' => TYPE_INT,
    'planid' => TYPE_UINT,
    'subdomain' => TYPE_STR,
    'susername' => TYPE_STR,
    'ignore' => TYPE_INT,
    ));

$getplans = $db->query_first("SELECT posts,title FROM " . TABLE_PREFIX . "hosting_plans WHERE planid='".$db->escape_string($vbulletin->GPC['planid'])."'");
    $hp = $db->fetch_array($getplans);
    
    echo "Plan: ".$hp['title']."<br />Posts: ".$hp['posts'];

} 


When I echo the values it doesn't show the values.

[calorie]

Try this echo using $getplans instead:

Code:

echo "Plan: ".$getplans['title']."<br />Posts: ".$getplans['posts'];

No need for $hp when query_first is used.

[harmor19]

Thank you for the quick reply. It works now.

[Adrian Schneider]

There is no need to escape (or quote) integers in your query... you can clean it up quite a bit like this:

PHP Code:

$hp = $db->query_first("
    SELECT posts, title 
    FROM " . TABLE_PREFIX . "hosting_plans 
    WHERE planid = " . $vbulletin->GPC['planid']
); 


Also, not sure if you figured this out from calorie's post, but using fetch_array() on the data returned by query_first() won't work, because query_first is the equivalent of calling query_read() then fetch_array().

[harmor19]

I didn't know if I should or shouldn't use $db->escape_string($vbulletin->GPC['planid'])
Thanks for the tip.

[Adrian Schneider]

The reason is that you are cleaning it with TYPE_UINT which casts it as an (above zero) integer. Integers can't contain anything that will need escaping.