MyBB

Juniper · 04-10-2012, 12:25 PM

Hi everyone,

I'm using MyBB to help me grab some data from a custom table i put in the same database. Now this goes all fine and dandy until i want to grab data based on some user input.

I'm currently using this:

PHP Code:

$select = sprintf("SELECT * FROM my_table WHERE user_input= %s", mysql_real_escape_string($user_input)); 

But i keep getting the message:

Quote:MyBB has experienced an internal SQL error and cannot continue.

SQL Error:
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Query:
SELECT * FROM my_table WHERE user_input=

I'm completely stuck here and the only way I seem to get this to work is to remove the mysql_real_escape_string, but that kinda defeats the whole purpose of me using sprintf here.

Any thoughts on what could be causing this would be greatly appriciated.
Thanks in advance,

Karin

**Euan T** · (This post was last modified: 04-10-2012 12:34 PM by Euan T.)

If you're using MyBB, I highly advise using MyBB's database handler. For more information, see here: http://wiki.mybb.com/index.php/Database_Methods

All you need to do is include global.php and define IN_MYBB if you're using an external PHP file then you can do the following:

PHP Code:

$data = $db->simple_select('my_table', '*', "userinput = '".$db->escape_string($mybb->input['user_input'])."'");
while ($row = $db->fetch_array($data))
{
//do something
} 

Juniper · (This post was last modified: 04-10-2012 12:39 PM by Juniper.)

Thank you for your reply euantor.

I was in the understanding that I still need to write my own query while using those. This is simply constructing the query so i can pass them on to a method like $db->write_query.
Or am i going about this all wrong?

Charlie Hadden · (This post was last modified: 04-10-2012 12:40 PM by Charlie Hadden.)

You forgot quotes.

PHP Code:

$select = sprintf("SELECT * FROM my_table WHERE user_input='%s'", mysql_real_escape_string($user_input)); 

Juniper · 04-10-2012, 12:49 PM

I will look into that euantor, thanks for taking time to explain this to me.

Charlie thank you so much, I feel so silly now.
Credited you both with a +1 rep <3

**Euan T** · (This post was last modified: 04-10-2012 12:54 PM by Euan T.)

You don't need to pass it onto anything like write_query. The simple_select method is used for running simple single table queries. If, however, you want to use joins and the like, you have to use the write_query method (or just query, though write_query is now preferred in plugins).