Query problem with username

[kh99]

You would just insert it where you use $username in the query. For example in the code nhawk posted it would be:

Code:

$tmpname = $vbulletin->db->query_first("SELECT email 
FROM " . TABLE_PREFIX . "user 
WHERE username = '" . $vbulletin->db->escape_string($username) . "'");

$useremail = $tmpname['email'];

[smirkley]

I have attempted and tried every which way to make any of you all's suggestions, to my dismay unsuccessfully.

It seems something in the query string that is outputting a syntax error and it will not perform the query.

"Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING"

Now, I know that there can be some sql differences in revision, I am currently running on "mySQL rev: 5.0.96-community-log".

I know on another site I had to make some changes after performing an sql upgrade in rev, but I cant see here where my problem might be here.

[kh99]

Looks like a typo or mismatched quotes or something like that. You'd have to post your exact code.

[smirkley]

Quote:

Originally Posted by kh99

You would just insert it where you use $username in the query. For example in the code nhawk posted it would be:

Code:

$tmpname = $vbulletin->db->query_first("SELECT email 
FROM " . TABLE_PREFIX . "user 
WHERE username = '" . $vbulletin->db->escape_string($username) . "'");

$useremail = $tmpname['email'];

Well, the code you suggested.
I know I have to add a preceeding backslash to all points of $, and that doesnt change execution but on my setup adding the backslash removes the initial error.

But now it hangs on :

$tmpname = $vbulletin->db->query_first("SELECT email
FROM " . TABLE_PREFIX . "user
WHERE username = '" . $vbulletin->db->escape_string($username) . "'");

[kh99]

Hmm, well, it's true that I haven't tried any of that code, but it looks OK. You shouldn't have to add any backslashes to it if you have the quotes right, because the $vbulletin->db->escape_string($username) part isn't inside the quotes.

Maybe someone else will see something I missed.

[DaveNGU]

Did you say this is in a custom file? If it is, there's no need to use $vbulletin->db->query_first - just use PHP.

But, assuming its not (in all honesty I haven't read all of this), try this..

Code:

$tmpname = $vbulletin->db->query_first("
SELECT email 
FROM " . TABLE_PREFIX . "user 
WHERE username = '" . $vbulletin->db->escape_string($username) . "'
");

$tmpnamer = $tmpname->row_array(); 

$usermail = $tmpnamer['email'];

echo $usermail;

[tbworld]

Reading this I believe you need to post your code. Are you querying for the current username, a selected username or creating a list for their email.

If I am reading in between the lines correctly, I think you have been trying to embed the query inside the escaped html string <-- you are calling an embedded template.

What we need to do is restructure what you have so you can see your way clear.

[smirkley]

Quote:

Originally Posted by tbworld

Reading this I believe you need to post your code. Are you querying for the current username, a selected username or creating a list for their email.

If I am reading in between the lines correctly, I think you have been trying to embed the query inside the escaped html string <-- you are calling an embedded template.

What we need to do is restructure what you have so you can see your way clear.

I think I will have to post a portion of the code. I dont know that I have rights to post it completely though, as it is propietary.

IE:

I run a third party product on my vb that uses a php based template, albiet that it is mixed with php and template html.

And it works, and by generating a page consisting of a header/body/footer.

In this template are variables like $username and a few others. $username is populated in the php file that calles this "template".php. And $username can and is used in the html part of the file.

I have a need now to create a way of making $useremail work the same way.



But the snag, or I would have it by now myself, the file that fills $username is encoded so that file can not be changed.

My only option is to find a way to make it work by way of a query, in the template file as it isnt encoded.

Otherwise I am SOL.

[tbworld]

Quote:

But the snag, or I would have it by now myself, the file that fills $username is encoded so that file can not be changed.

Is this a vbulletin page calling a vbulletin template or an external page calling their own type of mixed php/html template?

Is the outputting of the template encoded? (Not the template)
Can you parse the output $username in php to extract the data you need for your query?

Trying to understand a little further. Not all the questions I asked above will make sense
under your code condition, but it will let me fill in the gaps of information.

[smirkley]

It is not a vb page nor template, the php files although running as a vb product modification, run independantly from vb short of the attachment to the database and other misc variables.

The page generated does not contain vb elements such as vb header or footer, and the body is independant and stand-alone.

The output is not encoded, just the original process in the php files are. As a anote, I can unencode the calling file, but only to view its contents, I cannot run it outside of being encoded.

Yes the $username can and is parsed in the outputting of the html generated page reletive to the user that the page is generated for.