News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Is this a way I can edit MySQL table value?

Started by General Xbox Gaming, September 30, 2014, 02:08:05 PM

Previous topic - Next topic

General Xbox Gaming

Will this work? And where do I need to add it if this happens when the user looks at there own Profile page?

$smcFunc['db_query']('''
	
	
	
SELECT id_member
	
	
	
FROM {db_prefix}members
	
	
	
WHERE id_member IN ({new_value})
	
	
	

	
	
	
$user_profile[$memID]['
new_value'], ['value'],
	
	
);

General Xbox Gaming


General Xbox Gaming

Help me please guys! I don't want to do something wrong here.

margarett

Well, you don't want to select id when you are filtering with id :P
Let me get to the computer ;)
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

General Xbox Gaming

So is it more like this:
$smcFunc['db_query']('''
	
SELECT new_value
	
FROM {db_prefix}members
	
WHERE id_member == [$memID]
	
	
	

	
$user_profile[$memID]['
new_value'], ['value'],
	
);

margarett

Ha! Of course I forgot this :(

No, more like this:
$request = $smcFunc['db_query']('', '
SELECT new_value
FROM {db_prefix}members
WHERE id_member ={int:id}',
array(
'id_' => $user_profile[$memID],
)
);
list ($user_profile[$memID]['new_value']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);


Untested code so use with caution :P
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

General Xbox Gaming

where is it changing the value though? Is that 'new_value' and can use $value from a function to get the new_value as it will return a string?

margarett

No, that's a SELECT. A SELECT just reads the data, doesn't change it...
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

General Xbox Gaming

Quote from: margarett on October 03, 2014, 11:45:33 AM
No, that's a SELECT. A SELECT just reads the data, doesn't change it...

I meant the one in:
list ($user_profile[$memID]['new_value']) = $smcFunc['db_fetch_row']($request);

I need to edit it's value with a new $value I give it.

margarett

But you want to edit it in the database or just to change it before changing it?
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

Kindred

Margarett, this is the same guy who refused to use the custom profile fields....   He insisted that he absolutely must have a separate column in the members table (for not good reason that he ever gave)

So, he figured out how to read the column and display it in the profile... Now he's trying to recreate the wheel again and make that same field editable by admins...  Again, instead of using the existing, written, hardened and tested functionality in the default code base.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

margarett

Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

General Xbox Gaming

Quote from: Kindred on October 04, 2014, 05:02:22 PM
Margarett, this is the same guy who refused to use the custom profile fields....   He insisted that he absolutely must have a separate column in the members table (for not good reason that he ever gave)

So, he figured out how to read the column and display it in the profile... Now he's trying to recreate the wheel again and make that same field editable by admins...  Again, instead of using the existing, written, hardened and tested functionality in the default code base.
Yes it is me!
I managed to do it myself in the end:


I now need to generate a Key if the user is in a Group I have specified and generate the key if there isn't already one in that users row under the product_key so I need to edit it if it's null.

margarett

Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

General Xbox Gaming

Quote from: margarett on October 05, 2014, 05:27:54 AM
Is that key only viewable in profile?
Yes, only viewable on the users profile page by owner & admin.

General Xbox Gaming

Can I ask why you guys say my code is unsafe but don't actually help me with the right way to do things? I'm not referring to Margarett post here as he was trying to help. Show me the right way to do it and then I won't have security issues down the road. I get that my way before of connecting to the database was insecure but no reason was given. I have asked another programmer why it's not secure and they took the time to explain. It's unsecure because it is vunrable to injection where tables could get dropped with a injection command in the url I was using to pass the variables for username and password.

Can someone please help me with this because I'm having a lot of bad luck at the moment and something needs to change this bad luck I have by doing something helpful.

P.s. my bank has just taken my overdraft away without telling me first and now I'm overdrawn and have no money to feed my kids. That's the bad luck I'm having at the moment in a nutshell.

margarett

Hummm it seems I missed that. Probably one of my several "Mark all messages as read" accidental clicks on the phone. I could swear there is a MOD to prevent that :P

Anyway, back to your issue. Picking up my previous code:

$request = $smcFunc['db_query']('', '
SELECT new_value
FROM {db_prefix}members
WHERE id_member ={int:id}',
array(
'id_' => $user_profile[$memID],
)
);
list ($user_profile[$memID]['new_value']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);

You can add after:

if (empty($user_profile[$memID]['new_value']))
{
$new_value = your_function_to_generate_a_new_key();

$smcFunc['db_query']('', '
UPDATE {db_prefix}members
SET new_value = {string:new_value}
WHERE id_member = {int:id}',
array(
'id_' => $user_profile[$memID],
'new_value' => $new_value,
)
);

}


Again, untested :P
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

General Xbox Gaming

Thank you Margarett I will test this later and let you know if it worked. Can you tell me what this should be in, Load.php or Profile.php as Load.php is only sending what is in the database and Profile.php talks the value and displays it but I can implement this easier in that file.

margarett

Most likely Profile-View.php

Although the correct way to do this (apart from using the built-in custom fields :P ) would be to expand loadMemberData/loadMemberContext to include this new field but that would require a properly built MOD and I honestly have no time...
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

General Xbox Gaming

Quote from: margarett on October 07, 2014, 09:31:00 PM
Most likely Profile-View.php

Although the correct way to do this (apart from using the built-in custom fields :P ) would be to expand loadMemberData/loadMemberContext to include this new field but that would require a properly built MOD and I honestly have no time...
I see custom fields have there own table now! Wonder who thought of that in 2.0.9 Update. Might actually make it easier to achieve now but I still need to generate a key that can't be edited but the owner so it still no good to me. I'm trying to work out how I can get the key to generate on ower profile load as I was trying to do it for a member that wasn't registered via the forum but in the Admin panel and it didn't add them to the members table.

Advertisement: