Xenforo options in Model

Nudaii

Well-known member
howdy i am trying to figure out how to use xenfor0 options in a model query, i know how to use them in a query thats in a controller, but i cant seem to figure out how to get the get the data to the model/query

any help would be appreciated.
 
Code:
<?php
class Nudaii_XFCHAT_Model_XFCHAT extends XenForo_Model
{

    //Pull Data
    public function getXFCHATById($XFCHATID)
    {
        return $this->_getDb()->fetchRow('
            SELECT * FROM xf_XFCHAT WHERE XFCHAT_id = ?', $XFCHATID);
    }

    // Get all the rows of our table.
    public function getAllXFCHAT()
    {
            $XFCHATLimit = XenForo_Application::getOptions()->XFCHATLimit;
            return $this->fetchAllKeyed('SELECT * FROM xf_XFCHAT ORDER BY XFCHAT_date DESC LIMIT $XFCHATLimit', 'XFCHAT_id');
    }

}
?>
is what i have , but give sthis error, any idea what i did wrong?

Code:
Zend_Db_Statement_Mysqli_Exception: Mysqli prepare error: Undeclared variable: $XFCHATLimit - library/Zend/Db/Statement/Mysqli.php:77
Generated By: Nudaii, 3 minutes ago
Stack Trace

#0 /library/Zend/Db/Statement.php(115): Zend_Db_Statement_Mysqli->_prepare('SELECT * FROM x...')
#1 /library/Zend/Db/Adapter/Mysqli.php(381): Zend_Db_Statement->__construct(Object(Zend_Db_Adapter_Mysqli), 'SELECT * FROM x...')
#2 /library/Zend/Db/Adapter/Abstract.php(478): Zend_Db_Adapter_Mysqli->prepare('SELECT * FROM x...')
#3 /library/XenForo/Model.php(219): Zend_Db_Adapter_Abstract->query('SELECT * FROM x...', Array, 2)
#4 /library/Nudaii/XFCHAT/Model/XFCHAT.php(16): XenForo_Model->fetchAllKeyed('SELECT * FROM x...', 'XFCHAT_id')
#5 /library/Nudaii/XFCHAT/ControllerPublic/XFCHAT.php(10): Nudaii_XFCHAT_Model_XFCHAT->getAllXFCHAT()
#6 /library/XenForo/FrontController.php(351): Nudaii_XFCHAT_ControllerPublic_XFCHAT->actionIndex()
#7 /library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#8 /index.php(13): XenForo_FrontController->run()
#9 {main}
 
That's related to you using single quotes for that getAllXFCHAT query so the variable isn't interpolated (it's passed to MySQL).
 
It's also worth noting, that you should be taking a similar approach here to your getXFCHATById query.

You should never pass a variable directly into a MySQL query as this could be a SQL injection attack vector. This is somewhat mitigated assuming that $XFCHATLimit is only an integer, but it's still really bad practice.

You should always use prepared statements for your queries, so it should look something like this. The limitQueryResults bit is a helper that helps apply a limit and an optional offset to the query results. It should make the limit variable safe before injecting it into the query.

PHP:
return $this->fetchAllKeyed($this->limitQueryResults('SELECT * FROM xf_XFCHAT ORDER BY XFCHAT_date DESC', $XFCHATLimit), 'XFCHAT_id');
 
Last edited:
Back
Top Bottom