problem with admin_*.php code and selecting usernames

PHP coding talk.

Moderator: Moderators

problem with admin_*.php code and selecting usernames

Postby webnoobie on Mon Jan 08, 2007 9:39 am

hello,

alright. im having some difficulties for some reason. when i execute the approval mode, i keep receiving the following error:

2. Could not retrieve all necessary data for validation checking

DEBUG MODE

SQL Error : 1054 Unknown column 'test' in 'where clause'

SELECT * FROM phpbb_users WHERE username = test

Line : 73
File : admin_client_pending.php



What could cause this code? The username does not seem like it is being selected properly when used in the where clause of the sql. What is causing this? My Code is below.

Admin Code:
Code: Select all
<?php

if( !empty($setmodules) )
{
   $file = basename(__FILE__);
   $module['Clients']['Pending_Requests'] = $file;
   return;
}

define('IN_PHPBB', 1);

// Let's set the root dir for phpBB
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('./pagestart.' . $phpEx);

//
// Lets set our modes ..
//
if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
   $mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
   $mode = htmlspecialchars($mode);
}

if( $mode != "" )
{
   if( $mode == "approve" || $mode == "deny" )
   {
      if( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) )
      {
         $project_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
         $project_id = intval($project_id);
      }
      else
      {
         $project_id = 0;
      }
   
      if( $mode == "approve" )
      {      
         // Alright, lets do all of our Project Approval here ...            
         if( $project_id )
         {
            $sql = "SELECT *
               FROM " . CLIENT_TABLE . "
                  WHERE client_id <> " . NONCLIENT;
            if( !($result = $db->sql_query($sql)) )
            {
               message_die(GENERAL_ERROR, '1. Could not retrieve all necessary data for validation checking', '', __LINE__, __FILE__, $sql);
            }            
            
            while( $row = $db->sql_fetchrow($result) )
            {
               $ctbl_client_id = $row['client_id'];
               $client_username = $row['client_username'];
               $client_email = $row['client_email'];
               
               $sql = "SELECT *
                  FROM " . USERS_TABLE . "
                  WHERE username = $client_username";
               if( !($result = $db->sql_query($sql)) )
               {
                  message_die(GENERAL_ERROR, '2. Could not retrieve all necessary data for validation checking', '', __LINE__, __FILE__, $sql);
               }
               
               while( $urow = $db->sql_fetchrow($result) )
               {
                  $utbl_username = $urow['username'];
                  
                  if( $client_username == $utbl_username )
                  {
                     $sql = "UPDATE " . USERS_TABLE . "
                        SET user_client = 1
                        WHERE username = " . $row['client_username'];
                     if( !($result = $db->sql_query($sql)) )
                     {
                        message_die(GENERAL_ERROR, 'Could not update user table and set user_client = 1', '', __LINE__, __FILE__, $sql);
                     }
                     
                     $sql = "UPDATE " . CLIENT_PROJECT_TABLE . "
                        SET project_approved = 1
                        WHERE project_id = $project_id
                           AND client_id = $ctbl_client_id";
                     if( !($result = $db->sql_query($sql)) )
                     {
                        message_die(GENERAL_ERROR, 'Could not update project table and set project_approved = 1', '', __LINE__, __FILE__, $sql);
                     }
                     
                     $message = $lang['Client_Project_Approved'] . "<br /><br />" . sprintf($lang['Click_return_client_pending'], "<a href=\"" . append_sid("admin_client_pending.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
                     
                     message_die(GENERAL_MESSAGE, $message);
                  }
                  else
                  {
                     message_die(GENERAL_MESSAGE, 'The user that has a forum username and the client username do not match!');
                  }
               }
            }
         }
         else
         {
            message_die(GENERAL_MESSAGE, 'No project has been selected. Please select a project to approve!');
         }
      }
      if( $mode == "deny" )
      {
         // Deny those applications ...
      }
   }
}
else
{
   // First lets see how many pending projects we have.
   // We will use the $total_pending_projects variable later down the road
   // for retrieving only the pending projects ...
   $sql = "SELECT MAX(project_id) AS total
      FROM " . CLIENT_PROJECT_TABLE . "
      WHERE project_approved = 2";
   if( !($result = $db->sql_query($sql)) )
   {
      message_die(GENERAL_ERROR, 'Could not obtain the amount of pending projects', '', __LINE__, __FILE__, $sql);
   }
   if( !($row = $db->sql_fetchrow($result)) )
   {
      message_die(GENERAL_ERROR, 'Could not obtain the amount of pending projects', '', __LINE__, __FILE__, $sql);
   }
   $total_pending_projects = $row['total'];
   
   if( $total_pending_projects == 0 )
   {
      $template->assign_block_vars('switch_no_pending', array(
         'NO_PROJECTS' => $lang['No_Client_Pending_Projects'])
      );
   }
   
   // Alright, Now, after seeing how many total pending projects we have, lets retreive only the pending projects ...
   $sql = "SELECT *
      FROM " . CLIENT_PROJECT_TABLE . "
      WHERE project_approved = 2";
   if( !($result = $db->sql_query($sql)) )
   {
      message_die(GENERAL_ERROR, 'Could not retrieve project information', '', __LINE__, __FILE__, $sql);
   }
   
   for( $i = 0; $i < $total_pending_projects; $i++ )
   {   
      while( $row = $db->sql_fetchrow($result) )
      {
         $project_id = $row[$i]['project_id'];

         $sql_client = "SELECT *
            FROM " . CLIENT_TABLE . "
            WHERE client_id = " . $row['client_id'];
         if( !($result_client = $db->sql_query($sql_client)) )
         {
            message_die(GENERAL_ERROR, 'Could not retrieve client information', '', __LINE__, __FILE__, $sql_client);
         }
         if( !($row_client = $db->sql_fetchrow($result_client)) )
         {
            message_die(GENERAL_ERROR, 'Could not retrieve client information', '', __LINE__, __FILE__, $sql_client);
         }         
         $client_fname = $row_client['client_fname'];
         $client_lname = $row_client['client_lname'];
         $client_username = $row_client['client_username'];
         $client_email = $row_client['client_email'];
         $client_personal_phone = $row_client['client_personal_phone'];
         
         $template->assign_block_vars('pending_projects', array(         
            'CLIENT_FNAME' => $client_fname,
            'CLIENT_LNAME' => $client_lname,
            'CLIENT_USERNAME' => $client_username,
            'CLIENT_EMAIL' => $client_email,
            'CLIENT_PERSONAL_PHONE' => $client_personal_phone,
            
            'PROJECT_NAME' => $row['project_name'],
            'PROJECT_DESC' => $row['project_desc'],
            'PROJECT_BUDGET' => $row['project_budget'],
                        
            'U_APPROVE_PROJECT' => append_sid("admin_client_pending.$phpEx?mode=approve&amp;id=$project_id"))
         );
      }
   }

   $template->set_filenames(array(
      "body" => "admin/client_pending_body.tpl")
   );
      
   $template->assign_vars(array(
      'L_PENDING_TITLE' => $lang['Client_Pending_Title'],
      'L_PENDING_DESC' => $lang['Client_Pending_Desc'],
   
      'S_PENDING_ACTION' => append_sid("admin_client_pending.$phpEx"),
      'S_HIDDEN_FIELDS' => '')
   );
}

$template->pparse("body");
include('./page_footer_admin.'.$phpEx);
?>


Thank-you in Advanced Guys! This is most appreciated!
Best Regards:
webnoobie
webnoobie
Registered User
Registered User
 
Posts: 366
Joined: Wed Jun 08, 2005 10:38 pm
Location: My Computer

Postby baz-x on Mon Jan 08, 2007 11:54 am

Line 61 should be [code start="61"]WHERE username = [highlight]'[/highlight]$client_username[highlight]'[/highlight]";[/code]
And Line 75 should be [code start="75"]WHERE username = [highlight]'[/highlight]" . $row['client_username'] [highlight]. "'"[/highlight];[/code]
Regards
baz-x [blog] [website]
current projects:
» [span style="color: darkgreen"]Mex[/span] [span style="color: darkred"][ 75% ][/span]
» Nickpage Mod 2.0.0 ME [span style="color: red"][ paused ][/span]
» Style Demo Mod 1.2.2 ME [span style="color: red"][ paused ][/span]
User avatar
baz-x
Moderator
Moderator
 
Posts: 706
Joined: Sun Aug 15, 2004 9:12 pm
Location: Cache Management of Mex

Postby eviL3 on Mon Jan 08, 2007 4:44 pm

For the second this is also possible:
[code start="75"]WHERE username = '{$row['client_username']}'";[/code]
User avatar
eviL3
Registered User
Registered User
 
Posts: 155
Joined: Thu Feb 02, 2006 6:59 pm

Postby webnoobie on Tue Jan 09, 2007 10:20 pm

hi,

thanks for the replies guys. but both of your guys's code is not working for some reason. does anyone know what could be wrong with the sql update statements that could cause it not to update the user table and the project table?
Best Regards:
webnoobie
webnoobie
Registered User
Registered User
 
Posts: 366
Joined: Wed Jun 08, 2005 10:38 pm
Location: My Computer


Return to PHP Programming

Who is online

Users browsing this forum: No registered users and 3 guests

cron