2

I integrated phpbb into my website and I need to change something. I'm trying to UPDATE an entry to my database from another database through a "submit" button. In my databse I have 2 tables. First table called "users"

id name         server  
1  Alexander      2 
2  Robert         1
3  Jack           3

Second one called "server" where I have these:

id   name
1    USA
2    EUROPE
3    GLOBAL

Now because I changed to phpbb ( I used to have a normal php system login ), I have to change this:

if (isset($_POST['joinglobal'])) {

      /*
    * -------------------------------------------------------------------------------
    *   Securing against Header Injection
    * -------------------------------------------------------------------------------
    */

    foreach($_POST as $key => $value){

        $_POST[$key] = _cleaninjections(trim($value));
    }

    require '../../assets/setup/db.inc.php';
     /*
        * -------------------------------------------------------------------------------
        *   User Joins
        * -------------------------------------------------------------------------------
        */
        $sql = "UPDATE phpbb5u_users AS u CROSS JOIN server AS s SET u.server = s.id WHERE u.user_id = ? AND s.name = 'GLOBAL'";
        $stmt = mysqli_stmt_init($conn);
        if (!mysqli_stmt_prepare($stmt, $sql)) {

            $_SESSION['ERRORS']['scripterror'] = 'SQL ERROR';
            header("Location: ../");
            exit();
        } 
        else {
            mysqli_stmt_bind_param($stmt, "i", $_SESSION['user_id']); }
            mysqli_stmt_execute($stmt);
            mysqli_stmt_store_result($stmt);
       
        $_SESSION['STATUS']['joinstatus'] = 'Joined to GLOBAL';
            header("Location: ../");
            exit();
        mysqli_stmt_close($stmt);
        mysqli_close($conn);
}
    
    else {

    header("Location: ../");
    exit();
}

Already have this in my header:

<?php
define('IN_PHPBB', true);
$phpbb_root_path = 'forum/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
?>

but how I update the database using submit button from this page:

<button class="btn btn-primary btn-lg" type="submit" value="joineurope" name='joineurope'>Join NOW!</button>

already have the form with action="europe.inc.php" and method="post".

EDIT:

$submit = request_var('submit', '');
if($submit)
{
    
        $serverid = $user->data['server'];
        $sql_ary = array (
            "server"   => 3 );
        
        $sql = 'UPDATE ' . phpbb5u_users . '
        SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
        WHERE user_id = ' . (int) $user_id;
        $db->sql_query($sql);
}
  • Integrate your user table with phpbb user table with same table name and same column names. –  Dec 21 '20 at 05:51
  • I have this. What I have above it's just an example. In phpbb_users I also have the server column, but I have another table called "server" and there I have 3 column. And when a player click on submit button, I want to update his "server" column with id (1/2/3) from "server" table. I have 3 pages with each server. 1 for "europe", 1 for "global" and 1 for "usa". –  Dec 21 '20 at 06:43
  • 1
    Note: The [object-oriented interface to `mysqli`](https://www.php.net/manual/en/mysqli.quickstart.connections.php) is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface where missing a single `i` can cause trouble. Use this style: `$db = new mysqli(…)` and `$db->prepare("…")` The procedural interface is an artifact from the PHP 4 era and should not be used in new code. Additionally the procedural interface has less rigorous error checking and reporting, frustrating debugging efforts. – tadman Dec 21 '20 at 11:19
  • 1
    Also: This "Securing against Header Injection" code is probably trash. In 99 out of 100 cases that's just waving a wand over your values and calling it "safe", but doing nothing useful. – tadman Dec 21 '20 at 11:21
  • 1
    It's unusual to see `CROSS JOIN`. Normally you see `LEFT JOIN` or `RIGHT JOIN` or on extremely rare occasions `OUTER JOIN`, but `CROSS JOIN` is a rarer thing still. This looks like a straight-forward case for `LEFT JOIN` or `RIGHT JOIN` if you want to reject invalid server names before even bothering to update. – tadman Dec 21 '20 at 11:24
  • 1
    Tip: A lot of problems can be detected and resolved by [enabling exceptions in `mysqli`](https://stackoverflow.com/questions/14578243/turning-query-errors-to-exceptions-in-mysqli) so errors resulting from simple mistakes made aren’t easily ignored. Without exceptions you must pay close attention to return values, many of these indicate problems you must resolve or report to the user. Exceptions allow for more sophisticated flow control as they can “bubble up” to other parts of your code where it’s more convenient to handle them. – tadman Dec 21 '20 at 11:26
  • 1
    Solving this would be a lot easier if you had a placeholder value for the server's name, as well as consistency in the input value, like `EUROPE` in the database and `value="EUROPE"` on the form. Is that an option? if so, just bind that column to that value. – tadman Dec 21 '20 at 11:27
  • I'm back with a problem @tadman . If I press on the submit button, it redirects me to `home.php` but in my database nothing happen. I edited the main post with my new code. –  Dec 23 '20 at 13:01

0 Answers0