1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MySQL Escaping Query

Discussion in 'XenForo Development Discussions' started by silence, Jul 16, 2013.

  1. silence

    silence Well-Known Member

    So I'm having a predicament, and I'm pulling my hair out because of it.
    See this snippit uhhh-here

    PHP:
            $query $db->fetchAll('SELECT * FROM `xf_teamspeak`');

            foreach (
    $query as $user)
            {
                
    $id = array($user['auth_id']);
                if (
    $this->isJson($id))
                {
                    
    $auth_id json_encode($id);
                }
                else
                {
                    
    $auth_id reset($id);
                }
                
    $db->query('UPDATE `xf_teamspeak` SET `auth_id` = ' $db->quote($auth_id) . ' WHERE `user_id` = "' $user['user_id'] . '"');
                
    $db->query('INSERT INTO `xf_teamspeak_log` (`user_id`, `auth_id`) VALUES("' $user['user_id'] . '","' $user['auth_id'] . '")');
            }
    I'm trying to query a json_encoded string to the db, however it spits out this error:
    PHP:
    Mysqli prepare errorYou have an error in your SQL syntaxcheck the manual that corresponds to your MariaDB server version for the right syntax to use near 'mvr5e2Xia3JXqy+rTMAAQM9RLZA=","sadfsa3241321d21","fdsafdsafdsa"]")' at line 1
    Now, I've tried using single quotes, double quotes, querying using parameters at the end (C style), and I simply cannot figure out why it won't let me do this query. I'm able to do it manually when querying directly in the MySQL database, so I would be invigorated if someone could help me out!

    Thanks!
     
  2. Jeremy

    Jeremy XenForo Moderator Staff Member

    The error exists in your values. You have:
    VALUES("USERID", "AUTH_ID").

    Its evaluating to:
    VALUES("mvr5e2Xia3JXqy+rTMAAQM9RLZA=","sadfsa3241321d21","fdsafdsafdsa"]")

    Your auth_id needs properly escaped.
     
  3. silence

    silence Well-Known Member

    I thought the $db->quote() did that. Also it's cutting off the string for some reason. The full string is:
    ["mvr5e2Xia3JXqy+rTMAAQM9RLZA=","sadfsa3241321d21","fdsafdsafdsa"]
     
  4. Jeremy

    Jeremy XenForo Moderator Staff Member

    You aren't using $db->quote() in your second query.
     
  5. silence

    silence Well-Known Member

    :| why wasn't it giving me errors there....
    Fixed it though :D
     
  6. Jeremy

    Jeremy XenForo Moderator Staff Member

    It was giving you the errors about that query.
     
  7. silence

    silence Well-Known Member

    Hmmm then I don't think its doing what I thought it was D:
     

Share This Page