Current time: 07-23-2014, 07:48 AM Hello There, Guest! (LoginRegister)


Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
mysql_real_escape_string not working
04-10-2012, 12:25 PM
Post: #1
mysql_real_escape_string not working
Hi everyone,

I'm using MyBB to help me grab some data from a custom table i put in the same database. Now this goes all fine and dandy until i want to grab data based on some user input.

I'm currently using this:
PHP Code:
$select sprintf("SELECT * FROM my_table WHERE user_input= %s"mysql_real_escape_string($user_input)); 

But i keep getting the message:
Quote:MyBB has experienced an internal SQL error and cannot continue.

SQL Error:
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Query:
SELECT * FROM my_table WHERE user_input=

I'm completely stuck here and the only way I seem to get this to work is to remove the mysql_real_escape_string, but that kinda defeats the whole purpose of me using sprintf here.

Any thoughts on what could be causing this would be greatly appriciated.
Thanks in advance,

Karin
Find all posts by this user
Quote this message in a reply
04-10-2012, 12:30 PM (This post was last modified: 04-10-2012 12:34 PM by Euan T.)
Post: #2
RE: mysql_real_escape_string not working
If you're using MyBB, I highly advise using MyBB's database handler. For more information, see here: http://wiki.mybb.com/index.php/Database_Methods

All you need to do is include global.php and define IN_MYBB if you're using an external PHP file then you can do the following:

PHP Code:
$data $db->simple_select('my_table''*'"userinput = '".$db->escape_string($mybb->input['user_input'])."'");
while (
$row $db->fetch_array($data))
{
//do something


Visit this user's website Find all posts by this user
Quote this message in a reply
04-10-2012, 12:39 PM (This post was last modified: 04-10-2012 12:39 PM by Juniper.)
Post: #3
RE: mysql_real_escape_string not working
Thank you for your reply euantor.

I was in the understanding that I still need to write my own query while using those. This is simply constructing the query so i can pass them on to a method like $db->write_query.
Or am i going about this all wrong?
Find all posts by this user
Quote this message in a reply
04-10-2012, 12:40 PM (This post was last modified: 04-10-2012 12:40 PM by Charlie Hadden.)
Post: #4
RE: mysql_real_escape_string not working
You forgot quotes.

PHP Code:
$select sprintf("SELECT * FROM my_table WHERE user_input='%s'"mysql_real_escape_string($user_input)); 

Sculpture CMS
I'm just another unicorn.
Find all posts by this user
Quote this message in a reply
04-10-2012, 12:49 PM
Post: #5
RE: mysql_real_escape_string not working
I will look into that euantor, thanks for taking time to explain this to me.

Charlie thank you so much, I feel so silly now.
Credited you both with a +1 rep <3
Find all posts by this user
Quote this message in a reply
04-10-2012, 12:54 PM (This post was last modified: 04-10-2012 12:54 PM by Euan T.)
Post: #6
RE: mysql_real_escape_string not working
You don't need to pass it onto anything like write_query. The simple_select method is used for running simple single table queries. If, however, you want to use joins and the like, you have to use the write_query method (or just query, though write_query is now preferred in plugins).

Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | MyBB | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication