Watchlist (item_watch.php) bug

Discussion in 'General Support' started by Randall, Sep 25, 2016.

  1. Randall

    Randall New Member

    Joined:
    Jun 23, 2016
    Messages:
    8
    Likes Received:
    4
    There is a bug in the item_watch.php file that does not correctly determine if an item should be added to the watchlist. The original code uses string functions and simply works incorrectly. For example, if you have 15 items with id values of 1-15, the old code would not let you add item 1 if you had already added item(s) 10-15 because it was only searching to find the partial string "1" and of course finds it 6 times! I have rewritten that portion of the code using array functions and it now works as it should. Here is the old code (lines 25-44):
    PHP:
    // Auction id is present, now update table
    if (isset($_GET['add']) && !empty($_GET['add']))
    {
        
    $add_id intval($_GET['add']);
        
    // Check if this item is not already added
        
    $items trim($user->user_data['item_watch']);
        
    $match strstr($itemsstrval($add_id));

        if (!
    $match)
        {
            
    $item_watch trim($items ' ' $add_id);
            
    $item_watch_new trim($item_watch);
            
    $query "UPDATE " $DBPrefix "users SET item_watch = :item_watch_new WHERE id = :user_id";
            
    $params = array();
            
    $params[] = array(':item_watch_new'$system->cleanvars($item_watch_new), 'str');
            
    $params[] = array(':user_id'$user->user_data['id'], 'int');
            
    $db->query($query$params);
            
    $user->user_data['item_watch'] = $item_watch_new;
        }
    }
    Here is the fixed code:
    PHP:
    // Auction id is present, now update table
    if (isset($_GET['add']) && !empty($_GET['add']))
    {
        
    $match false;
        
    $add_id = (int)$_GET['add'];

        
    // Check if this item is not already added
        
    $items trim($user->user_data['item_watch']);
        
    $arr_items explode(' ',$items);
        
    $key array_search($add_id,$arr_items);
        if(
    $key!==false){
            
    $match true;
        }

        if (!
    $match)
        {
            
    $item_watch_new $items ' ' $add_id;
            
    trim($item_watch_new);
            
    $query "UPDATE " $DBPrefix "users SET item_watch = :item_watch_new WHERE id = :user_id";
            
    $params = array();
            
    $params[] = array(':item_watch_new'$system->cleanvars($item_watch_new), 'str');
            
    $params[] = array(':user_id'$user->user_data['id'], 'int');
            
    $db->query($query$params);
            
    $user->user_data['item_watch'] = $item_watch_new;
        }
    }
     
    renlok likes this.
  2. Randall

    Randall New Member

    Joined:
    Jun 23, 2016
    Messages:
    8
    Likes Received:
    4
    Sorry, a slight oversight in the above fixed code. Here is the correct fixed code:
    PHP:
    // Auction id is present, now update table
    if (isset($_GET['add']) && !empty($_GET['add']))
    {
        
    $match false;
        
    $add_id = (int)$_GET['add'];

        
    // Check if this item is not already added
        
    $items trim($user->user_data['item_watch']);
        
    $arr_items explode(' ',$items);
        
    $key array_search($add_id,$arr_items);
        if(
    $key!==false){
            
    $match true;
        }

        if (!
    $match)
        {
            
    $item_watch_new trim($items ' ' $add_id);
            
    $query "UPDATE " $DBPrefix "users SET item_watch = :item_watch_new WHERE id = :user_id";
            
    $params = array();
            
    $params[] = array(':item_watch_new'$system->cleanvars($item_watch_new), 'str');
            
    $params[] = array(':user_id'$user->user_data['id'], 'int');
            
    $db->query($query$params);
            
    $user->user_data['item_watch'] = $item_watch_new;
        }
    }
     
    hhavatar and nay27uk like this.
  3. hhavatar

    hhavatar Donor Donor

    Joined:
    Jul 28, 2014
    Messages:
    747
    Likes Received:
    74
    Nice code however I;m getting an error
    Fatal error: Call to a member function query() on a non-object in /home/xxxxx/public_html/item_watch.php on line 47
    which is
    PHP:
          $db->query($query$params);
    Running the last sql version if that makes any difference. 1.1.2p2
     
  4. renlok

    renlok Administrator Staff Member

    Joined:
    Oct 20, 2008
    Messages:
    2,858
    Likes Received:
    330
    1.1.2 still uses the old system of running queries you just need to edit the lines
    Code:
    $query = "UPDATE " . $DBPrefix . "users SET item_watch = :item_watch_new WHERE id = :user_id";
            $params = array();
            $params[] = array(':item_watch_new', $system->cleanvars($item_watch_new), 'str');
            $params[] = array(':user_id', $user->user_data['id'], 'int');
            $db->query($query, $params);
     
  5. Randall

    Randall New Member

    Joined:
    Jun 23, 2016
    Messages:
    8
    Likes Received:
    4
    You need to be sure to run this script as part of the whole program. The error you are getting seems to indicate that you are not instantiating the MySQL PDO class. $db is defined in common.php. If you are running the script locally and not on your server it may not be working correctly.
     
  6. Randall

    Randall New Member

    Joined:
    Jun 23, 2016
    Messages:
    8
    Likes Received:
    4
    Sorry, renlok answered your question while I was still writing mine. I am using one of the latest versions of the script...
    His latest github version is even more elegant. I have removed the unnecessary overuse of the trim function however. The first use of it in the if statement will remove the space before the entry in those cases where the item being added is the very first one being added to the database.
    My code now:
    PHP:
    // Auction id is present, now update table
    if (isset($_GET['add']) && !empty($_GET['add']))
    {
        
    $add_id = (int)$_GET['add'];

        
    // Check if this item is not already added
        
    $items trim($user->user_data['item_watch']);
        
    $arr_items explode(' ',$items);
        if (!
    in_array($add_id$arr_items))
        {
            
    $item_watch_new trim($items ' ' $add_id);
            
    $query "UPDATE " $DBPrefix "users SET item_watch = :item_watch_new WHERE id = :user_id";
     
    Last edited: Sep 25, 2016

Share This Page