Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
mysql_real_escape_string not working
Hi everyone,

I'm using MyBB to help me grab some data from a custom table i put in the same database. Now this goes all fine and dandy until i want to grab data based on some user input.

I'm currently using this:
PHP Code:
$select sprintf("SELECT * FROM my_table WHERE user_input= %s"mysql_real_escape_string($user_input)); 

But i keep getting the message:
Quote:MyBB has experienced an internal SQL error and cannot continue.

SQL Error:
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
SELECT * FROM my_table WHERE user_input=

I'm completely stuck here and the only way I seem to get this to work is to remove the mysql_real_escape_string, but that kinda defeats the whole purpose of me using sprintf here.

Any thoughts on what could be causing this would be greatly appriciated.
Thanks in advance,

If you're using MyBB, I highly advise using MyBB's database handler. For more information, see here:

All you need to do is include global.php and define IN_MYBB if you're using an external PHP file then you can do the following:

PHP Code:
$data $db->simple_select('my_table''*'"userinput = '".$db->escape_string($mybb->input['user_input'])."'");
while (
$row $db->fetch_array($data))
//do something

Thank you for your reply euantor.

I was in the understanding that I still need to write my own query while using those. This is simply constructing the query so i can pass them on to a method like $db->write_query.
Or am i going about this all wrong?
You forgot quotes.

PHP Code:
$select sprintf("SELECT * FROM my_table WHERE user_input='%s'"mysql_real_escape_string($user_input)); 
Sculpture CMS
I'm just another unicorn.
I will look into that euantor, thanks for taking time to explain this to me.

Charlie thank you so much, I feel so silly now.
Credited you both with a +1 rep <3
You don't need to pass it onto anything like write_query. The simple_select method is used for running simple single table queries. If, however, you want to use joins and the like, you have to use the write_query method (or just query, though write_query is now preferred in plugins).

Forum Jump:

Users browsing this thread: 1 Guest(s)