MyBB Community Forums

Hey there, I'm working on a blog system for a forum. The forum uses MyBB so I thought, why not use MyBB to manage accounts, so I did. I've got it all connected, but I'd like to know how to do safe queries to prevent SQLi, I tried my own functions but they don't seem to be working whilst I'm using the MyBB integration.

Here's how the code is being used...

define("IN_MYBB", 1);
require '../global.php';
// Check start :: Is user logged in? --
if($mybb->user['uid'] > 0)
{
  // Includes
  include ("_control/functions.php");
  /****************/
  // Get current (logged) account UID (User ID)
 
  // EXAMPLE VARIABLE
  $i_want_cleaned = $_GET['variable'];
  $uid = $mybb->user['uid'];

How would I clean the $i_want_cleaned variable? As I said, my own function doesn't seem to be working when using on this page.

It depends on what $_GET['variable'] actually is. E.g. a string, integer, etc..

The following two should suit your needs.

$i_want_cleaned = intval($mybb->input['variable']);
//or
$i_want_cleaned = $db->escape_string($mybb->input['variable']);

(2012-02-24, 12:09 AM)Nathan Malcolm Wrote: [ -> ]It depends on what $_GET['variable'] actually is. E.g. a string, integer, etc..

The following two should suit your needs.

$i_want_cleaned = intval($mybb->input['variable']);
//or
$i_want_cleaned = $db->escape_string($mybb->input['variable']);

Perfect! Thanks for your response and help!