Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 12-16-2006, 01:01 PM
aragorn_reborn aragorn_reborn is offline
 
Join Date: Nov 2006
Posts: 18
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default vbulletin input clean classes

Hi,

I am trying to make a vbulletin powered custom page which is a html form.
The user fills the form and the data is entered into the database.

I use the database classes of vBulletin to connect to the database and insert values. My problem is that i use a insert statement as

$var1 = $_REQUEST["var1"];
INSERT INTO TABLE VALUES (1, '$var1');

Now, if $var1 already contains a single quotes, i get an database error on submitting the form. Is there some class of vBulletin that i can use to insert the data into the database so that the database stores ' as well.

Also, is there a easy way to prevent SQL injection?

Thanks
Reply With Quote
  #2  
Old 12-19-2006, 04:49 AM
aragorn_reborn aragorn_reborn is offline
 
Join Date: Nov 2006
Posts: 18
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I figured how to escape the single quotes error. I used the following code

Code:
$vbulletin->input->clean_array_gpc('p', array(
		'name'		=> TYPE_STR,
 		'category'      => TYPE_NOCLEAN,
 		'contact'    => TYPE_STR,
));

$db->query_write("INSERT INTO table (id,name,category,contact) values ('','". $db->escape_string($vbulletin->GPC['name']) ."', '". $db->escape_string($vbulletin->GPC['category']) ."','". $db->escape_string($vbulletin->GPC['contact']) ."')");      

eval('print_output("' . fetch_template('testtemplate') . '");');
But i have a problem with the blank lines. For example, contact is actually a textarea where the user can enter blank lines. I need the database to store the <br> as well. When i retrieve the information from the database and print it on html, i want the text to have the same formatting as it had when the user submitted the form.

I hope my question is clear.

Please help me
Reply With Quote
  #3  
Old 12-20-2006, 02:02 PM
aragorn_reborn aragorn_reborn is offline
 
Join Date: Nov 2006
Posts: 18
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Pls help!!
Reply With Quote
  #4  
Old 12-20-2006, 09:17 PM
Guest190829
Guest
 
Posts: n/a
Default

Use the function

nl2br() after it is retrieved from the database.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:16 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04437 seconds
  • Memory Usage 2,182KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (4)post_thanks_box
  • (4)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit_info
  • (4)postbit
  • (3)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete