MyBB Community Forums

Hello

I have a small problem with $db->update_query(); 
It looks like it doesn't work...

I want to be able to banish people by typing a command in the shoutbox (plugin: MyShoutbox 1.7)
/ban Nitrome
for exemple


Here is the piece of code that interests us

	// verify if my message begin by "/ban" (the message is in $postData)
	if ($mybb->usergroup['cancp'] == 1 && substr($postData, 0, 4) == '/ban') {
		
		// i load the username in $pseudo[1]
		preg_match('/\/ban\s{1,}([A-Za-z0-9]+)($)/i', $postData, $pseudo);
		
		if (!empty($pseudo[1])) {

			// the problem is here, when i update the usergroup
			$db->update_query("users", array('usergroup' => 7), "username = '".$pseudo[1]."'");
			
			// just a test to see if my preg_match work, it works well, the usernam is in $pseudo[1]
			/* $db->insert_query('mysb_shouts', array('uid' => 29703, 'shout_msg' => 'pseudo[0]:'.$pseudo[0].' || pseudo[1]:'.$pseudo[1].' || pseudo[2]:'.$pseudo[2], 'shout_date' => time(), 'shout_ip' => get_ip())); */
			
		}
		die("deleted");
	}

The problem is in the $db->update_query (and i'm shure of that), nothing happen, but I don't manage to correct it...

Thank you

test Like this :

			$updated_group=array('usergroup' => 7);
            $db->update_query("users",$updated_group, "username = '".$pseudo[1]."'");

Yes, the update should be an array. Also note you should escape the username using $db->escape_string or else you're open to SQL injections.

I already have the array no?
$db->update_query("users", array('usergroup' => 7), "username = '".$pseudo[1]."'");
But yes, i will test and i tell you if it works



And for sql injections, yes, i Will secure this code if it works, thanks

---

Yeaah, it works with what you said

            $updated_group=array('usergroup' => 7);
            $db->update_query("users",$updated_group, "username = '".$pseudo[1]."'");

Thanks a lot, I will secure that