The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Is it safe to add new columns to vbulletin users table?
I have a script that isn't related to vbulletin at all, it adds information in a seperate database.
Today I was thinking what if I add some of the information I submit to this database to the vbulletin users_table to keep track of things? Basically this is what I'm doing Someone uses the paypal IPN I've setup, information is submitted to a DB name "payments", one of the columns is "price" so I was thinking if I can do this $totalpayed += $price; and add $totalpayed to the vbulletin DB so I can display it in say Usercp later on, or add it to the vbulletin user array for other manipulations. Can this be done or is it too risky? |
#2
|
||||
|
||||
you'd have no issues adding a column and writing the values, however when you get the values via a query you have to make sure that any queries are cleaned or escaped as needed.
|
#3
|
|||
|
|||
Is there a specific way Vbulletin runs its queries to make them safer? if so do you by chance know the syntax?
|
#4
|
||||
|
||||
Im no whizz at database queries at all, however i do know that when you get a string in a query you have to escape that at the end of the query.
If you are to write from another program to vbulletin i believe you have to clean the input variable. Here's an example of where a variable is cleaned: PHP Code:
PHP Code:
|
#5
|
|||
|
|||
Quote:
I was asking and wondering if vbulletin set up custom functions for there queries looks like they did but yeah I'd still like more input from KH99 thank you by the way |
#6
|
||||
|
||||
if you're decent with mysql queries you should have no problem, you'll know how to prevent things being left open to sql injection (which is what the CLEAN and $db_escape_string does (i believe)
|
#7
|
||||
|
||||
$vbulletin->input->clean_gpc will force an integer for TYPE_INT but it doesn't truly clean a string for TYPE_STR, it just makes sure it is a string.
All strings must be escaped before being saved to the database. Code:
$vbulletin->db->query_write("QUERY HERE"); |
Благодарность от: | ||
tbworld |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|