How do I make a menu item make a database query?

17 years 8 months ago #16740 by eisnerj
Ok, so I have been hacking at Community Builder to customize it for my needs. I have edited the menu plugin code and am trying to make a menu item make a database query when it is clicked. The problem is that menu items only take a link to redirect to and there is no way to make a database call.

Basically, how do I make it so that an UPDATE database query is called when a menu item is clicked? I would greatly appreciate any help or suggestions you can provide.

Thanks,
Jared

Please Log in to join the conversation.

17 years 8 months ago #16815 by eisnerj
I found a solution so never mind. Thanks anyway.

Please Log in to join the conversation.

17 years 8 months ago #16852 by pateta12
Can you post the solution so other people can learn from you?

Please Log in to join the conversation.

17 years 8 months ago #16856 by eisnerj
Sure, why not? It is more of a work around than a solution though. It may not be the most efficient or ingenius way but here is how I did it.

In comprofiler.php, look for the main switch statement at the beginning of the file. It will start off with something like [code:1]
switch( $task ) {

case "userDetails":
case "userdetails":
userEdit( $option, $my->id, _UE_UPDATE );
break;
[/code:1]

All you need to do is a add case statement. Name it whatever you want. For this example let's call it 'updateQuery' so you would add a case statement that will call a function you will soon write.
[code:1]
case "updateQuery":
updateQuery($my->id);
break;
[/code:1]

Now write the function. Notice how I am able to pass a parameter in the url:
[code:1]
function updateQuery($uid) {
global $database;

$params = urldecode(mosGetParam($_GET, "params"«»));

$database->setQuery("UPDATE #__comprofiler_tabs SET enabled='0' WHERE userid=".$uid." AND params='".$params."'"«»);
$database->query();
}
[/code:1]

That's it. If you now call the link www.domain.com/index.php?option=com_comprofiler&task=updateQuery¶ms=parameters, your updateQuery function will be called. If you haven't realized it yet, you can set this link to any menu item thereby calling a database update.

I hope that's clear, let me know if you are confused.

Post edited by: eisnerj, at: 2006/07/10 22:26

Please Log in to join the conversation.

17 years 8 months ago #17032 by mikko
I recommend not using this hack, since it seems vulnerable to sql injection attack.

Try google with "sql injection php" to learn more

mikko

Please Log in to join the conversation.

17 years 8 months ago #17046 by eisnerj
I don't know enough to tell you you're wrong. But the link only affects the currently logged in user since the user id is passed in the backend instead of in the url. This is how community builder does it so if what you're saying is true then it is already true for community builder anyway and I'm open for sql injections no matter what I do. Therefore, the reason I did it this way is that I believed users could only hurt themselves through such attacks as sql injections. If users are not logged in, then nothing will happen when the link is called. Let me know if this is incorrect so I can find another solution.

Please Log in to join the conversation.

Moderators: beatnantkrileon
Time to create page: 0.226 seconds

Facebook Twitter LinkedIn