Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+2 votes
2.3k views
in Q2A Core by
Hi,

Thanks again for the pointers.

I have reinstated the mysql_real_escape_string in all functions except qa_get_logged_in_user, where I am assuming I don't need to use it because of the way my function is set up.

Per your suggestion, in the function qa_get_public_from_userids, I added the line:

        if (!$results) echo mysql_error($qa_db_connection);

just before the line:

        while ($result=mysql_fetch_assoc($results))            $useridtopublic[$result['ID_MEMBER']]=$result['memberName'];

and the error printed on the screen is:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') ' near Line 1

I did a Google search on this error, and saw a suggestion to check if $escapeduserids is not null, so I added a if ($escapeduserids) statement and changed the function as follows:

    function qa_get_public_from_userids($qa_db_connection, $userids)
    {

        $escapeduserids=array();
        foreach ($userids as $userid)
            $escapeduserids[]="'".mysql_real_escape_string($userid, $qa_db_connection)."'";
       
        if ($escapeduserids) {

        $results=mysql_query(
            'SELECT memberName, ID_MEMBER FROM smf_members WHERE ID_MEMBER IN ('.implode(',', $escapeduserids).')',
            $qa_db_connection
        );

        $useridtopublic=array();
       
        if (!$results) echo mysql_error($qa_db_connection);

        while ($result=mysql_fetch_assoc($results))
            $useridtopublic[$result['ID_MEMBER']]=$result['memberName'];
       
        return $useridtopublic;

        };

        return null;

    }

When I do this, I no longer get the error. But my concern is that since $escapeduserids is returning false, something else is wrong somewhere? It seems that since the if statement is returning false, this function is just returning null now for me. Is it okay the way I have it, or am I just bypassing the error when really something else is not right?

Thanks again.

1 Answer

0 votes
by
 
Best answer
I think this is happening because the function was passed an empty array in $userids, and the example code won't work with that.

So - the example code was wrong. The empty array is a legitimate value for $usersids and it needs to deal with that properly. I'll fix it in beta 3.

In the meantime, your qa_get_public_from_userids() function should return the empty array rather than null in the final line in the function.

Thanks for spotting this!
...