Hi,
Thanks again for the pointers.
I have reinstated the mysql_real_escape_string in all functions except qa_get_logged_in_user, where I am assuming I don't need to use it because of the way my function is set up.
Per your suggestion, in the function qa_get_public_from_userids, I added the line:
if (!$results) echo mysql_error($qa_db_connection);
just before the line:
while ($result=mysql_fetch_assoc($results)) $useridtopublic[$result['ID_MEMBER']]=$result['memberName'];
and the error printed on the screen is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') ' near Line 1
I did a Google search on this error, and saw a suggestion to check if $escapeduserids is not null, so I added a if ($escapeduserids) statement and changed the function as follows:
function qa_get_public_from_userids($qa_db_connection, $userids)
{
$escapeduserids=array();
foreach ($userids as $userid)
$escapeduserids[]="'".mysql_real_escape_string($userid, $qa_db_connection)."'";
if ($escapeduserids) {
$results=mysql_query(
'SELECT memberName, ID_MEMBER FROM smf_members WHERE ID_MEMBER IN ('.implode(',', $escapeduserids).')',
$qa_db_connection
);
$useridtopublic=array();
if (!$results) echo mysql_error($qa_db_connection);
while ($result=mysql_fetch_assoc($results))
$useridtopublic[$result['ID_MEMBER']]=$result['memberName'];
return $useridtopublic;
};
return null;
}
When I do this, I no longer get the error. But my concern is that since $escapeduserids is returning false, something else is wrong somewhere? It seems that since the if statement is returning false, this function is just returning null now for me. Is it okay the way I have it, or am I just bypassing the error when really something else is not right?
Thanks again.
