[HELP][WIP] Plugin: User Comments

Теги: Usercomments Plugin

GHengeveld	#18158 25.10.2009 05:58
Team Поблагодарили: 52 раза	You need to import the $ui variable from GET, otherwise your query won't work. Also it's better to cast or check any variables used in an SQL query. Integers should be cast using (int)$variable and strings need to be prepped using sed_sql_prep(). Another minor detail is that you shouldn't put quotes around an integer, since that would require it to be converted from string to integer. Try this: $ui = sed_import('ui', 'G', 'INT'); $sql2 = sed_sql_query("SELECT * FROM $db_com WHERE com_authorid=".(int)$ui); For the rest of it, it's looking good, keep it up. Glad to see my guide gets used too
Отредактировано: Koradhil (25.10.2009 06:06, 15 лет назад)

GHengeveld

#18158 25.10.2009 05:58

You need to import the $ui variable from GET, otherwise your query won't work. Also it's better to cast or check any variables used in an SQL query. Integers should be cast using (int)$variable and strings need to be prepped using sed_sql_prep(). Another minor detail is that you shouldn't put quotes around an integer, since that would require it to be converted from string to integer.
Try this:

$ui = sed_import('ui', 'G', 'INT');
$sql2 = sed_sql_query("SELECT * FROM $db_com WHERE com_authorid=".(int)$ui);

For the rest of it, it's looking good, keep it up. Glad to see my guide gets used too

Отредактировано: Koradhil (25.10.2009 06:06, 15 лет назад)