Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #11  
Old 06-25-2014, 09:43 AM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There are a few things wrong:
- You are using $_REQUEST, please stick to $_POST or $_GET. Depending on which one you use.
- You don't wrap your variables in single quotes, will not work without that.
- You don't escape your variables, SQL injection will be possible.
- Your INSERT query contained "INSERT INTO TABLE", that's not valid.

In case you use $_POST, you can do something like:
PHP Code:
/////////////////////// add
if ( $_POST['do'] == 'add' ) {
    if ( empty(
$_POST['game']) OR empty($_POST['abbrev']) OR empty($_POST['acctname']) OR empty($_POST['proffield']) OR empty($_POST['status'])) { rpm_print_stop_back('Please be sure every field is filled out before submitting.'); }
    
    
$sql "INSERT INTO " TABLE_PREFIX "gamelist (gamename, abbreviation, ingamename, profilefield, status)
           VALUES ('" 
$db->escape_string($_POST['game']) . "', '" $db->escape_string($_POST['abbrev']) . "', '" $db->escape_string($_POST['acctname']) . "', '" $db->escape_string($_POST['proffield']) . "', '" $db->escape_string($_POST['status']) . "')";
    
$db->query_write($sql);
    
    if (
$db->affected_rows() != 0) {echo "Game Added!";} else { $db->error();}

In case of $_GET:
PHP Code:
<?php
/////////////////////// add
if ( $_GET['do'] == 'add' ) {
    if ( empty(
$_GET['game']) OR empty($_GET['abbrev']) OR empty($_GET['acctname']) OR empty($_GET['proffield']) OR empty($_GET['status'])) { rpm_print_stop_back('Please be sure every field is filled out before submitting.'); }
    
    
$sql "INSERT INTO " TABLE_PREFIX "gamelist (gamename, abbreviation, ingamename, profilefield, status)
           VALUES ('" 
$db->escape_string($_GET['game']) . "', '" $db->escape_string($_GET['abbrev']) . "', '" $db->escape_string($_GET['acctname']) . "', '" $db->escape_string($_GET['proffield']) . "', '" $db->escape_string($_GET['status']) . "')";
    
$db->query_write($sql);
    
    if (
$db->affected_rows() != 0) {echo "Game Added!";} else { $db->error();}
}
Reply With Quote
Благодарность от:
KGodel
 


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:53 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05569 seconds
  • Memory Usage 3,038KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (6)bbcode_php
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (18)post_thanks_box
  • (5)post_thanks_box_bit
  • (18)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit
  • (18)post_thanks_postbit_info
  • (18)postbit
  • (18)postbit_onlinestatus
  • (18)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete