Plugin Backend

[Dave]

There are a few things wrong:
- You are using $_REQUEST, please stick to $_POST or $_GET. Depending on which one you use.
- You don't wrap your variables in single quotes, will not work without that.
- You don't escape your variables, SQL injection will be possible.
- Your INSERT query contained "INSERT INTO TABLE", that's not valid.

In case you use $_POST, you can do something like:

PHP Code:

/////////////////////// add
if ( $_POST['do'] == 'add' ) {
    if ( empty($_POST['game']) OR empty($_POST['abbrev']) OR empty($_POST['acctname']) OR empty($_POST['proffield']) OR empty($_POST['status'])) { rpm_print_stop_back('Please be sure every field is filled out before submitting.'); }
    
    $sql = "INSERT INTO " . TABLE_PREFIX . "gamelist (gamename, abbreviation, ingamename, profilefield, status)
           VALUES ('" . $db->escape_string($_POST['game']) . "', '" . $db->escape_string($_POST['abbrev']) . "', '" . $db->escape_string($_POST['acctname']) . "', '" . $db->escape_string($_POST['proffield']) . "', '" . $db->escape_string($_POST['status']) . "')";
    $db->query_write($sql);
    
    if ($db->affected_rows() != 0) {echo "Game Added!";} else { $db->error();}
} 


In case of $_GET:

PHP Code:

<?php
/////////////////////// add
if ( $_GET['do'] == 'add' ) {
    if ( empty($_GET['game']) OR empty($_GET['abbrev']) OR empty($_GET['acctname']) OR empty($_GET['proffield']) OR empty($_GET['status'])) { rpm_print_stop_back('Please be sure every field is filled out before submitting.'); }
    
    $sql = "INSERT INTO " . TABLE_PREFIX . "gamelist (gamename, abbreviation, ingamename, profilefield, status)
           VALUES ('" . $db->escape_string($_GET['game']) . "', '" . $db->escape_string($_GET['abbrev']) . "', '" . $db->escape_string($_GET['acctname']) . "', '" . $db->escape_string($_GET['proffield']) . "', '" . $db->escape_string($_GET['status']) . "')";
    $db->query_write($sql);
    
    if ($db->affected_rows() != 0) {echo "Game Added!";} else { $db->error();}
}

[KGodel]

Hey Dave! I made your changes and the SQL write still isn't working. I get a blank screen when I click submit and nothing changes in the table. No error is sent to my email inbox either.

[Dave]

Add the following above the query_write execution:

PHP Code:

echo $sql; 


Then just try to add another game again and copy the SQL query that's being displayed on the page, then manually execute it in something like PHPMyAdmin, see if this works and if it's showing an error.

[KGodel]

It isn't even showing an SQL query.

[Lynne]

If it isn't even showing the query, then try adding something like this above the second if statement:

echo $_GET['game'];

(actually, try echoing all three of your $_GET variables)

[KGodel]

I actually had both parts working (adding and removing). The adding part worked after I manually added the first row to the database. I tried the remove function and removed the first row, and now it won't add it again. Does the first key always have to be 1? Do I have to update keys?

Edit: Seemed to be an error with the insert query. All fixed! Now could someone tell me how to add it to the menu in the ACP and create an admin permission for it?

Edit: Figured that out too. Now I will link it to the main result. Thank you to the few people who helped me in this thread with genuine advice!

PHP Code:

<?php
// Rosters
// by DrMath
// ######################## SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);

// #################### PRE-CACHE TEMPLATES AND DATA ######################
$phrasegroups = array('style');
$specialtemplates = array('products');

// ########################## REQUIRE BACK-END ############################
require_once('./global.php');
require_once(DIR . '/includes/adminfunctions_template.php');

$this_script = 'rosters';

$rpm_ver = 1.0;

$rpm_mouseover_fontcolor = '#D04850';

// ######################## CHECK ADMIN PERMISSIONS #######################
if (!can_administer('canadminusers'))
{
    print_cp_no_permission();
}

print_cp_header();
echo "<div class='pagetitle'>Edit Clan Rosters</div>";

// Get Profile Fields //
$sql = "SELECT profilefieldid FROM " . TABLE_PREFIX . "profilefield";
$result = $db->query_read_slave($sql);
$fields = array();
$fields[] = "";
while( $a = mysql_fetch_array($result) ) {
    $fields[] = "field" . $a[0];
}

// Get Main Games //
$sql = "SELECT profilefieldid, data FROM " . TABLE_PREFIX . "profilefield WHERE profilefieldid = 5";
$result = $db->query_read_slave($sql);
$gamesbase = mysql_fetch_array($result);
$gamesbase = unserialize($gamesbase[1]);
$games = array();
$games[] = "";
foreach ($gamesbase as $game) {
        $games[] = $game;
}

// Game Status //
$gamestatuses = array("","Divisions", "Guilds", "Divisions in Development", "Miscellaneous");

/////////////////////// front page
if ( empty($_POST['do']) ) {
    print_form_header($this_script, 'add');
    print_table_header('Add Game');
    print_select_row('Main Game', 'game', $games);
    print_input_row('Abbreviation', 'abbrev');
    print_input_row('Account Name', 'acctname');
    print_select_row('Account Profile Field', 'proffield', $fields);
    print_select_row('Game Status', 'status', $gamestatuses);
    print_submit_row('Add Game');
    
    ////////////////////// get current games
    $sql = "SELECT * FROM " . TABLE_PREFIX . "gamelist ORDER BY gamename ASC";
    $result = $db->query_read_slave($sql);
    print_form_header($this_script, 'remove');
    print_table_header('Current Games in Roster',6);
    echo "<tr><th>Game</th><th>Abbreviation</th><th>In-Game Name</th><th>Profile Field</th><th>Status</th><th>Delete?</th></tr>";
    $i = 0;
    while ($game = mysql_fetch_array($result)) {
            if ($i & 1) {$added = "class='alt1' style='text-align:center;'";} else {$added = "class='alt2' style='text-align:center;'";}
            echo "<tr>
                            <td $added>$game[1]</td>
                            <td $added>$game[2]</td>
                            <td $added>$game[3]</td>
                            <td $added>$game[4]</td>
                            <td $added>$game[5]</td>
                            <td $added><input type='checkbox' name='delete[]' value='$game[0]'></td>
                      </tr>";
            $i ++;
    }
    print_submit_row('Remove Selected',"Reset",6);
}

/////////////////////// add
if ( $_POST['do'] == 'add' ) {
   
    if ( empty($_POST['game']) OR empty($_POST['abbrev']) OR empty($_POST['status']) ) { rpm_print_stop_back('Please be sure every required field is filled out before submitting.'); }
   
    $vbulletin->input->clean_array_gpc('p', array(
        'game'      => TYPE_UNIT,
        'abbrev'    => TYPE_STR,
        'acctname'  => TYPE_STR,
        'proffield' => TYPE_UNIT,
        'status'    => TYPE_UNIT
        ));
    
    $pgame = $db->escape_string($games[$vbulletin->GPC['game']]);
    $pabr = $db->escape_string($vbulletin->GPC['abbrev']);
    $pacctname = $db->escape_string($vbulletin->GPC['acctname']);
    $pfield = $db->escape_string($fields[$vbulletin->GPC['proffield']]);
    $pstatus = $db->escape_string($gamestatuses[$vbulletin->GPC['status']]);
    
    $sql = "INSERT INTO " . TABLE_PREFIX . "gamelist (gamename, abbreviation, ingamename, profilefield, status) VALUES ('$pgame', '$pabr', '$pacctname', '$pfield', '$pstatus')";
    $db->query_write($sql);
   
    define('CP_REDIRECT', 'rosters.php');
    print_stop_message('roster_game_added');
}  

/////////////////////// remove
if ( $_POST['do'] == 'remove' ) {
    
    $vbulletin->input->clean_array_gpc('p', array(
        'delete'    => TYPE_ARRAY));
    
    foreach ($vbulletin->GPC['delete'] as $deleted) {
        if(isset($deleted)){
            $removed[] = (int)$deleted; 
        }
    }
    
    foreach ($removed as $delete) {
        $sql = "DELETE FROM " . TABLE_PREFIX . "gamelist WHERE gameid = $delete";
        $db->query_write($sql);
    }
    
    define('CP_REDIRECT', 'rosters.php');
    print_stop_message('roster_game_removed');
}

print_cp_footer();
?>

--------------- Added [DATE]1403741863[/DATE] at [TIME]1403741863[/TIME] ---------------

Correction, it is letting me add SOME games, but not others. I do not know why.

--------------- Added [DATE]1403743899[/DATE] at [TIME]1403743899[/TIME] ---------------

The error occurs whenever I do not change one of the drop down menus. It seems like it isn't being sent as if its selected, so it is causing an error.

EDIT: To fix I simply added a blank option at the start of each menu. Worked like a charm.

Edit: Added an image to see it working. ^^

[TheLastSuperman]

Awesome KGodel!!!! I received your pm and came to check - glad to see you kept on tinkering until you figured it out with the help of a few others of course so props to them as well but I'm thrilled for you .

Now what's next? Remember that sometimes banging your head against a brick walls helps you remember the issue and resolution afterwards and also prepares you for the next step on your forum (typically) so find something else you want done and have at it!

[KGodel]

Well, instead of using a page-plugin, I like to move the roster to is own page and maybe even release this as a mod to the community (eventually). This was the biggest thing we wanted to do so I don't know what else I'll do now, I'm just enjoy this (I have it open in a tab just to look at it, lol).