Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
mysql_real_escape_string not working
#1
Hi everyone,

I'm using MyBB to help me grab some data from a custom table i put in the same database. Now this goes all fine and dandy until i want to grab data based on some user input.

I'm currently using this:
PHP Code:
$select sprintf("SELECT * FROM my_table WHERE user_input= %s"mysql_real_escape_string($user_input)); 

But i keep getting the message:
Quote:MyBB has experienced an internal SQL error and cannot continue.

SQL Error:
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Query:
SELECT * FROM my_table WHERE user_input=

I'm completely stuck here and the only way I seem to get this to work is to remove the mysql_real_escape_string, but that kinda defeats the whole purpose of me using sprintf here.

Any thoughts on what could be causing this would be greatly appriciated.
Thanks in advance,

Karin
Reply
#2
If you're using MyBB, I highly advise using MyBB's database handler. For more information, see here: http://wiki.mybb.com/index.php/Database_Methods

All you need to do is include global.php and define IN_MYBB if you're using an external PHP file then you can do the following:

PHP Code:
$data $db->simple_select('my_table''*'"userinput = '".$db->escape_string($mybb->input['user_input'])."'");
while (
$row $db->fetch_array($data))
{
//do something

Reply
#3
Thank you for your reply euantor.

I was in the understanding that I still need to write my own query while using those. This is simply constructing the query so i can pass them on to a method like $db->write_query.
Or am i going about this all wrong?
Reply
#4
You forgot quotes.

PHP Code:
$select sprintf("SELECT * FROM my_table WHERE user_input='%s'"mysql_real_escape_string($user_input)); 
Sculpture CMS
I'm just another unicorn.
Reply
#5
I will look into that euantor, thanks for taking time to explain this to me.

Charlie thank you so much, I feel so silly now.
Credited you both with a +1 rep <3
Reply
#6
You don't need to pass it onto anything like write_query. The simple_select method is used for running simple single table queries. If, however, you want to use joins and the like, you have to use the write_query method (or just query, though write_query is now preferred in plugins).
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)