Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions

Reply
 
Thread Tools Display Modes
  #11  
Old 06-25-2014, 09:43 AM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There are a few things wrong:
- You are using $_REQUEST, please stick to $_POST or $_GET. Depending on which one you use.
- You don't wrap your variables in single quotes, will not work without that.
- You don't escape your variables, SQL injection will be possible.
- Your INSERT query contained "INSERT INTO TABLE", that's not valid.

In case you use $_POST, you can do something like:
PHP Code:
/////////////////////// add
if ( $_POST['do'] == 'add' ) {
    if ( empty(
$_POST['game']) OR empty($_POST['abbrev']) OR empty($_POST['acctname']) OR empty($_POST['proffield']) OR empty($_POST['status'])) { rpm_print_stop_back('Please be sure every field is filled out before submitting.'); }
    
    
$sql "INSERT INTO " TABLE_PREFIX "gamelist (gamename, abbreviation, ingamename, profilefield, status)
           VALUES ('" 
$db->escape_string($_POST['game']) . "', '" $db->escape_string($_POST['abbrev']) . "', '" $db->escape_string($_POST['acctname']) . "', '" $db->escape_string($_POST['proffield']) . "', '" $db->escape_string($_POST['status']) . "')";
    
$db->query_write($sql);
    
    if (
$db->affected_rows() != 0) {echo "Game Added!";} else { $db->error();}

In case of $_GET:
PHP Code:
<?php
/////////////////////// add
if ( $_GET['do'] == 'add' ) {
    if ( empty(
$_GET['game']) OR empty($_GET['abbrev']) OR empty($_GET['acctname']) OR empty($_GET['proffield']) OR empty($_GET['status'])) { rpm_print_stop_back('Please be sure every field is filled out before submitting.'); }
    
    
$sql "INSERT INTO " TABLE_PREFIX "gamelist (gamename, abbreviation, ingamename, profilefield, status)
           VALUES ('" 
$db->escape_string($_GET['game']) . "', '" $db->escape_string($_GET['abbrev']) . "', '" $db->escape_string($_GET['acctname']) . "', '" $db->escape_string($_GET['proffield']) . "', '" $db->escape_string($_GET['status']) . "')";
    
$db->query_write($sql);
    
    if (
$db->affected_rows() != 0) {echo "Game Added!";} else { $db->error();}
}
Reply With Quote
Благодарность от:
KGodel
  #12  
Old 06-25-2014, 06:16 PM
KGodel's Avatar
KGodel KGodel is offline
 
Join Date: May 2011
Location: Indiana
Posts: 332
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hey Dave! I made your changes and the SQL write still isn't working. I get a blank screen when I click submit and nothing changes in the table. No error is sent to my email inbox either.
Reply With Quote
  #13  
Old 06-25-2014, 07:31 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Add the following above the query_write execution:

PHP Code:
echo $sql
Then just try to add another game again and copy the SQL query that's being displayed on the page, then manually execute it in something like PHPMyAdmin, see if this works and if it's showing an error.
Reply With Quote
  #14  
Old 06-25-2014, 08:00 PM
KGodel's Avatar
KGodel KGodel is offline
 
Join Date: May 2011
Location: Indiana
Posts: 332
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It isn't even showing an SQL query.
Reply With Quote
  #15  
Old 06-25-2014, 09:34 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If it isn't even showing the query, then try adding something like this above the second if statement:

echo $_GET['game'];

(actually, try echoing all three of your $_GET variables)
Reply With Quote
Благодарность от:
KGodel
  #16  
Old 06-25-2014, 10:12 PM
KGodel's Avatar
KGodel KGodel is offline
 
Join Date: May 2011
Location: Indiana
Posts: 332
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I actually had both parts working (adding and removing). The adding part worked after I manually added the first row to the database. I tried the remove function and removed the first row, and now it won't add it again. Does the first key always have to be 1? Do I have to update keys?

Edit: Seemed to be an error with the insert query. All fixed! Now could someone tell me how to add it to the menu in the ACP and create an admin permission for it?

Edit: Figured that out too. Now I will link it to the main result. Thank you to the few people who helped me in this thread with genuine advice!

PHP Code:
<?php
// Rosters
// by DrMath
// ######################## SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);

// #################### PRE-CACHE TEMPLATES AND DATA ######################
$phrasegroups = array('style');
$specialtemplates = array('products');

// ########################## REQUIRE BACK-END ############################
require_once('./global.php');
require_once(
DIR '/includes/adminfunctions_template.php');

$this_script 'rosters';

$rpm_ver 1.0;

$rpm_mouseover_fontcolor '#D04850';

// ######################## CHECK ADMIN PERMISSIONS #######################
if (!can_administer('canadminusers'))
{
    
print_cp_no_permission();
}

print_cp_header();
echo 
"<div class='pagetitle'>Edit Clan Rosters</div>";

// Get Profile Fields //
$sql "SELECT profilefieldid FROM " TABLE_PREFIX "profilefield";
$result $db->query_read_slave($sql);
$fields = array();
$fields[] = "";
while( 
$a mysql_fetch_array($result) ) {
    
$fields[] = "field" $a[0];
}

// Get Main Games //
$sql "SELECT profilefieldid, data FROM " TABLE_PREFIX "profilefield WHERE profilefieldid = 5";
$result $db->query_read_slave($sql);
$gamesbase mysql_fetch_array($result);
$gamesbase unserialize($gamesbase[1]);
$games = array();
$games[] = "";
foreach (
$gamesbase as $game) {
        
$games[] = $game;
}

// Game Status //
$gamestatuses = array("","Divisions""Guilds""Divisions in Development""Miscellaneous");

/////////////////////// front page
if ( empty($_POST['do']) ) {
    
print_form_header($this_script'add');
    
print_table_header('Add Game');
    
print_select_row('Main Game''game'$games);
    
print_input_row('Abbreviation''abbrev');
    
print_input_row('Account Name''acctname');
    
print_select_row('Account Profile Field''proffield'$fields);
    
print_select_row('Game Status''status'$gamestatuses);
    
print_submit_row('Add Game');
    
    
////////////////////// get current games
    
$sql "SELECT * FROM " TABLE_PREFIX "gamelist ORDER BY gamename ASC";
    
$result $db->query_read_slave($sql);
    
print_form_header($this_script'remove');
    
print_table_header('Current Games in Roster',6);
    echo 
"<tr><th>Game</th><th>Abbreviation</th><th>In-Game Name</th><th>Profile Field</th><th>Status</th><th>Delete?</th></tr>";
    
$i 0;
    while (
$game mysql_fetch_array($result)) {
            if (
$i 1) {$added "class='alt1' style='text-align:center;'";} else {$added "class='alt2' style='text-align:center;'";}
            echo 
"<tr>
                            <td 
$added>$game[1]</td>
                            <td 
$added>$game[2]</td>
                            <td 
$added>$game[3]</td>
                            <td 
$added>$game[4]</td>
                            <td 
$added>$game[5]</td>
                            <td 
$added><input type='checkbox' name='delete[]' value='$game[0]'></td>
                      </tr>"
;
            
$i ++;
    }
    
print_submit_row('Remove Selected',"Reset",6);
}

/////////////////////// add
if ( $_POST['do'] == 'add' ) {
   
    if ( empty(
$_POST['game']) OR empty($_POST['abbrev']) OR empty($_POST['status']) ) { rpm_print_stop_back('Please be sure every required field is filled out before submitting.'); }
   
    
$vbulletin->input->clean_array_gpc('p', array(
        
'game'      => TYPE_UNIT,
        
'abbrev'    => TYPE_STR,
        
'acctname'  => TYPE_STR,
        
'proffield' => TYPE_UNIT,
        
'status'    => TYPE_UNIT
        
));
    
    
$pgame $db->escape_string($games[$vbulletin->GPC['game']]);
    
$pabr $db->escape_string($vbulletin->GPC['abbrev']);
    
$pacctname $db->escape_string($vbulletin->GPC['acctname']);
    
$pfield $db->escape_string($fields[$vbulletin->GPC['proffield']]);
    
$pstatus $db->escape_string($gamestatuses[$vbulletin->GPC['status']]);
    
    
$sql "INSERT INTO " TABLE_PREFIX "gamelist (gamename, abbreviation, ingamename, profilefield, status) VALUES ('$pgame', '$pabr', '$pacctname', '$pfield', '$pstatus')";
    
$db->query_write($sql);
   
    
define('CP_REDIRECT''rosters.php');
    
print_stop_message('roster_game_added');
}  

/////////////////////// remove
if ( $_POST['do'] == 'remove' ) {
    
    
$vbulletin->input->clean_array_gpc('p', array(
        
'delete'    => TYPE_ARRAY));
    
    foreach (
$vbulletin->GPC['delete'] as $deleted) {
        if(isset(
$deleted)){
            
$removed[] = (int)$deleted
        }
    }
    
    foreach (
$removed as $delete) {
        
$sql "DELETE FROM " TABLE_PREFIX "gamelist WHERE gameid = $delete";
        
$db->query_write($sql);
    }
    
    
define('CP_REDIRECT''rosters.php');
    
print_stop_message('roster_game_removed');
}

print_cp_footer();
?>
--------------- Added [DATE]1403741863[/DATE] at [TIME]1403741863[/TIME] ---------------

Correction, it is letting me add SOME games, but not others. I do not know why.

--------------- Added [DATE]1403743899[/DATE] at [TIME]1403743899[/TIME] ---------------

The error occurs whenever I do not change one of the drop down menus. It seems like it isn't being sent as if its selected, so it is causing an error.

EDIT: To fix I simply added a blank option at the start of each menu. Worked like a charm.

Edit: Added an image to see it working. ^^

Reply With Quote
Благодарность от:
Lynne
  #17  
Old 06-26-2014, 07:30 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Awesome KGodel!!!! I received your pm and came to check - glad to see you kept on tinkering until you figured it out with the help of a few others of course so props to them as well but I'm thrilled for you .

Now what's next? Remember that sometimes banging your head against a brick walls helps you remember the issue and resolution afterwards and also prepares you for the next step on your forum (typically) so find something else you want done and have at it!

Reply With Quote
  #18  
Old 06-26-2014, 07:33 PM
KGodel's Avatar
KGodel KGodel is offline
 
Join Date: May 2011
Location: Indiana
Posts: 332
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well, instead of using a page-plugin, I like to move the roster to is own page and maybe even release this as a mod to the community (eventually). This was the biggest thing we wanted to do so I don't know what else I'll do now, I'm just enjoy this (I have it open in a tab just to look at it, lol).
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:32 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04209 seconds
  • Memory Usage 2,315KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (8)post_thanks_box
  • (3)post_thanks_box_bit
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete