I'm new to Xenforo after moving away from phpBB and love it!
However, I am just transferring over my customized pages across and struggling to find an answer to this question. I have searched everywhere high and low for an example but to no avail cant find a solution which I hope one of you will help. (This may sound like a dumb question as it's probably something easy to do)
The question is:
How to insert POST data into MySQL via Form through Xenforo with SQL Injection Prevention
For example, I have created a seperate table for the user data (e.g xf_mytablename) and have created a form on Xenforo, once a user hits the submit button, it gets posted to the next page. On the next page I have the users data, and insert it like this:
$usersdata = $_POST["usersdata"]; $db = XenForo_Application::get('db'); $db->query("INSERT INTO xf_mytablename (user_id,userdata) VALUES ('$userid','$usersdata');");
This works but is susceptible to SQL injection attacks..etc
I've been pondering for hours trying numerous prepared statements, mysqli real escapes and it just refuses to work.