Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 06-19-2006, 03:24 PM
kobescoresagain kobescoresagain is offline
 
Join Date: Feb 2005
Posts: 327
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default How do I loop inside of varibale names?

I have some posts variables that would be like this
$_POST[name1]
$_POST[name2]
$_POST[name3]
$_POST[name4]
$_POST[name5]
$_POST[name6]
$_POST[name7]
$_POST[name8]
$_POST[name9]

I want to loop through them. I will alays know how many there will be. I was trying to do something like
$_POST[name$i]
then increment through. But that won't work. What do I need to do?
Reply With Quote
  #2  
Old 06-19-2006, 03:35 PM
MarkPW MarkPW is offline
 
Join Date: Apr 2006
Posts: 65
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

$_POST[name$i] won't work.. try this way: $_POST['name'.$i]
Reply With Quote
  #3  
Old 06-19-2006, 03:44 PM
kobescoresagain kobescoresagain is offline
 
Join Date: Feb 2005
Posts: 327
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

$sql = "UPDATE user SET username = \"$_POST['username'.$i]\", access = \"$_POST['access'.$i]\", owner= \"$_POST['owner'.$i]\" WHERE id= \"$_POST['userid'.$i]\"";

I tried that and got this error Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING the error is on that line for sure
Reply With Quote
  #4  
Old 06-19-2006, 04:07 PM
MarkPW MarkPW is offline
 
Join Date: Apr 2006
Posts: 65
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Change to:

PHP Code:
$sql "UPDATE user SET username = \"".$_POST['username'.$i]."\", access = \"".$_POST['access'.$i]."\", owner= \"".$_POST['owner'.$i]."\" WHERE id= \"".$_POST['userid'.$i]."\""
Reply With Quote
  #5  
Old 06-19-2006, 04:12 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You need to escape the input first to avoid SQL injections.
Reply With Quote
  #6  
Old 06-19-2006, 04:17 PM
The Geek's Avatar
The Geek The Geek is offline
 
Join Date: Sep 2003
Location: Behind you
Posts: 2,779
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

on a side note... at the very LEAST you should be running them through addslahes() if not $db->escape_string() (which is better).

Otherwise you have a gargantuan security hole there.

Your best bet is something like this (assuming its vb integrated)

PHP Code:
    $vbulletin->input_clean_array_gpc('p', array(
        
'name1'    => TYPE_STR,
        
'name2'    => TYPE_STR,
        
'name3' => TYPE_STR,
        
'name4' => TYPE_STR,
        
'name5' => TYPE_STR,
        
'name6' => TYPE_STR,
        
'name7' => TYPE_STR,
        
'name8' => TYPE_STR,
        
'name9' => TYPE_STR,
    );

    
$name1 $db->escape_string($vbulletin->GPC['name1']);
    ...
etc...

    
$sql "UPDATE " TABLE_PREFIX "mytable SET name1='$name1' WHERE id=1"
However if I understand what youre trying to do, I would suggest posting the variables like this:

Code:
<input type="text" name="name[1]" value="" />
Then do this to catch and cleanse:

PHP Code:
    $vbulletin->input_clean_array_gpc('p', array(
        
'name'    => TYPE_ARRAY_STR,
    );

    
$prepped_name = array();

    if (
is_array($vbulletin->GPC['name']))
    {
        foreach(
$vbulletin->GPC['name'] as $key => $value)
        {
            
$prepped_name[$key] = $db->escape_string($value);
        }
    } 
Thats just off the cuff, so dont quote me on that... just trying to help
Reply With Quote
  #7  
Old 06-19-2006, 04:21 PM
kobescoresagain kobescoresagain is offline
 
Join Date: Feb 2005
Posts: 327
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ya, Iw ould have done this differently if I was doing it from the beginning. But I am finishing something someone else started. I figured it out withyour guys help. Thanks
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:51 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04980 seconds
  • Memory Usage 2,230KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (3)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete