After running the following code:
Code: Select all
if (isset($HTTP_GET_VARS['status']))
{
echo ("Got a status from GET<br />");
$user_itc_status = 1;
$invitee = intval($HTTP_GET_VARS['user']);
if (is_int($invitee))
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_itc_status = 1
WHERE user_id = $invitee";
echo ("going to execute $sql<br />");
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not invite user to chat', '', __LINE__, __FILE__, $sql);
}
else
{
echo ("Executed $sql, affected " . $db->sql_numrows($result));
}
}
}
I get the following output:
Got a status from GET
going to execute UPDATE phpbb_users SET user_itc_status = 1 WHERE user_id = 6
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/.tech/stajftp/stajinaria.net/forum/db/mysql4.php on line 167
Executed UPDATE phpbb_users SET user_itc_status = 1 WHERE user_id = 6, affected
But it did in fact work, as verified by checking the tables in phpMyAdmin.
I'm going to read up on that link about securing mods, and will probably be modifying the code later.
FYI, user_itc_status in the table is a tinyint.