need help asap on php mysql problem

bryanmc1988 · March 16, 2012

well i am having a new problem i didnt relize this till now and my website has gone live and i need a fix asap before my user's leave and never return ='(

well when i set up a auction there is a image upload where you can upload your image... when trying to upload the image it change page and gave me this error

A Mysql error has occurred while running the script:

    The query you are trying to run is invalid
    Mysql Error Output: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND page_handle='auction'' at line 2
    SQL Query: SELECT box_id, box_value FROM custom_fields_data WHERE owner_id= AND page_handle='auction'

it was working before then i change some things around and dont remember what i change and found that this came up when setting up the image.... please help really need the help asap. i dont know what to do =(

Ptsface12 · March 16, 2012

Hello,

Basically - there's an error in your syntax, as stated in the error. Now where you have your sql query:

$sqlQuery = mysql_query("SELECT box_id, box_value FROM custom_fields_data WHERE owner_id= [b]<-- No Quotes or anything searching for there, therefore the bit from there onwards becomes a null. For you to fix it you'd need to add quotes around it (e.g owner_id='VALUE'[/b] AND page_handle='auction'");

Hope I helped

PFMaBiSmAd · March 16, 2012

Your code does not have a value for the owner id. You would need to determine why. You should also be validating all the external data being put into a query statement so that you don't execute the query if all the expected data is not present.

bryanmc1988 · March 16, 2012

Hello,

Basically - there's an error in your syntax, as stated in the error. Now where you have your sql query:

$sqlQuery = mysql_query("SELECT box_id, box_value FROM custom_fields_data WHERE owner_id= [b]<-- No Quotes or anything searching for there, therefore the bit from there onwards becomes a null. For you to fix it you'd need to add quotes around it (e.g owner_id='VALUE'[/b] AND page_handle='auction'");

Hope I helped

i'm not sure what you mean, sorry lol well i tryed to find out where this syntax is at and couldnt find it...

what i did find was this

searched for

AND page_handle='auction'

and this is what it came up with

if (!$sql_delete_auction)
		{
			$this->query("DELETE FROM " . DB_PREFIX . "auctions WHERE auction_id IN (" . $delete_array . ")");
			$this->query("DELETE FROM " . DB_PREFIX . "auction_offers WHERE auction_id IN (" . $delete_array . ")");
			$this->query("DELETE FROM " . DB_PREFIX . "auction_watch WHERE auction_id IN (" . $delete_array . ")");
			$this->query("DELETE FROM " . DB_PREFIX . "auction_rollbacks WHERE auction_id IN (" . $delete_array . ")");
			$this->query("DELETE FROM " . DB_PREFIX . "bids WHERE auction_id IN (" . $delete_array . ")");
			$this->query("DELETE FROM " . DB_PREFIX . "custom_fields_data WHERE owner_id IN (" . $delete_array . ") AND page_handle='auction'");
			$this->query("DELETE FROM " . DB_PREFIX . "proxybid WHERE auction_id IN (" . $delete_array . ")");
			$this->query("DELETE FROM " . DB_PREFIX . "messaging WHERE auction_id IN (" . $delete_array . ")");
		}
	}
	else ## only mark as deleted
	{
		$min_time = $this->min_hours * 60 * 60;

		$this->query("UPDATE " . DB_PREFIX . "auctions SET deleted=1 WHERE
			auction_id IN (" . $delete_array . ") " . $addl_query);
	}

help? lol

out of the search this is the 4 php files i found close to or related to this

auction_search.php

<?

session_start();

define ('IN_SITE', 1);

include_once ('includes/global.php');

include_once ('global_header.php');

$header_browse_auctions = header5(MSG_AUCTION_SEARCH);
/**
* below we have the variables that need to be declared in each separate browse page
*/
$page_url = 'auction_search';## PHP Pro Bid v6.00 we will now build the addl_query variable depending on the search type requested
(array) $query = null;
(string) $where_query = null;


if ($_REQUEST['option'] == 'basic_search')## PHP Pro Bid v6.00 quick search - header form
{
$query[] = "a.closed=0";

if (!empty($_REQUEST['basic_search'])) 
{
	$basic_search = $db->rem_special_chars($_REQUEST['basic_search']);
	$query[] = "(MATCH (a.name, a.description) AGAINST ('" . $basic_search . "*' IN BOOLEAN MODE))";
	/**
	 * or the old and SLOW search using LIKE - disabled by default, just added the line in case 
	 * anyone might want to use this instead
	 */## PHP Pro Bid v6.00 $query[] = "(a.name LIKE '%" . $basic_search . "%' OR a.description LIKE '%" . $basic_search . "%')";
}
}
else if ($_REQUEST['option'] == 'auction_search')## PHP Pro Bid v6.00 auction search - advanced form
{
if (!empty($_REQUEST['keywords_search']))
{
	$keywords_search = $db->rem_special_chars($_REQUEST['keywords_search']);
	$query[] = "MATCH (a.name, a.description) AGAINST ('" . $keywords_search . "*' IN BOOLEAN MODE)";		
	/**
	 * or the old and SLOW search using LIKE - disabled by default, just added the line in case 
	 * anyone might want to use this instead
	 */## PHP Pro Bid v6.00 $query[] = "(a.name LIKE '%" . $keywords_search . "%' OR a.description LIKE '%" . $keywords_search . "%')";
}
if ($_REQUEST['buyout_price'] == 1)
{
	$query[] = "a.buyout_price>0";
}
if ($_REQUEST['reserve_price'] == 1)
{
	$query[] = "a.reserve_price>0";
}
if ($_REQUEST['quantity'] == 1)
{
	$query[] = "a.quantity>1";
}
if ($_REQUEST['enable_swap'] == 1)
{
	$query[] = "a.enable_swap=1";
}
if (!empty($_REQUEST['list_in']))
{
	$list_in = $db->rem_special_chars($_REQUEST['list_in']);
	$query[] = "a.list_in='" . $list_in . "'";
}
if (!empty($_REQUEST['country']))
{
	$query[] = "a.country='" . intval($_REQUEST['country']) . "'";
}
if (!empty($_REQUEST['zip_code']))
{
	$zip_code = $db->rem_special_chars($_REQUEST['zip_code']);
	$query[] = "MATCH (a.zip_code) AGAINST ('" . $zip_code . "*' IN BOOLEAN MODE)";
	/**
	 * or the old and SLOW search using LIKE - disabled by default, just added the line in case 
	 * anyone might want to use this instead
	 */## PHP Pro Bid v6.00 $query[] = "(a.zip_code LIKE '%" . $zip_code . "%')";
}## PHP Pro Bid v6.00 now add the custom fields search feature
$sql_select_custom_boxes = $db->query("SELECT b.*, t.box_type AS box_type_name FROM " . DB_PREFIX . "custom_fields_boxes b, 
" . DB_PREFIX . "custom_fields f, " . DB_PREFIX . "custom_fields_types t WHERE 
	f.active=1 AND f.page_handle='auction' AND f.field_id=b.field_id AND b.box_searchable=1 AND b.box_type=t.type_id");

$is_searchable_boxes = $db->num_rows($sql_select_custom_boxes);

if ($is_searchable_boxes)
{
	(string) $custom_addl_vars = null;
	while ($custom_box = $db->fetch_array($sql_select_custom_boxes))
	{			
		if (!empty($_REQUEST['custom_box_' . $custom_box['box_id']]))
		{
			$box_id = $custom_box['box_id'];
			$where_query .= "LEFT JOIN " . DB_PREFIX . "custom_fields_data cfd_" . $box_id . " ON cfd_" . $box_id . ".owner_id=a.auction_id AND cfd_" . $box_id . ".page_handle='auction' ";
			$custom_box_value = $db->rem_special_chars($_REQUEST['custom_box_' . $custom_box['box_id']]);
			$custom_addl_vars .= '&custom_box_' . $custom_box['box_id'] . '=' . $custom_box_value;

			if (in_array($custom_box['box_type_name'], array('list', 'radio')))
			{
				$query[] = "cfd_" . $box_id . ".box_value = '" . $custom_box_value . "'";					
			}
			else if (in_array($custom_box['box_type_name'], array('checkbox')))
			{
				(array) $checkbox_query = null;
				foreach ($_REQUEST['custom_box_' . $custom_box['box_id']] as $value)
				{
					$checkbox_query[] = "MATCH (cfd_" . $box_id . ".box_value) AGAINST ('" . $value . "*' IN BOOLEAN MODE)";
				}

				if (count($checkbox_query) > 0) 
				{
					$query[] = "(" . $db->implode_array($checkbox_query, ' OR ') . ")";
				}
			}
			else 
			{
				$query[] = "MATCH (cfd_" . $box_id . ".box_value) AGAINST ('" . $custom_box_value . "*' IN BOOLEAN MODE)";

				/**
				 * or the old and SLOW search using LIKE - disabled by default, just added the line in case 
				 * anyone might want to use this instead
				 */## PHP Pro Bid v6.00 $query[] = "(cfd.box_value LIKE '%" . $custom_box_value . "%')";
			}
		}
	}
}
}
else if ($_REQUEST['option'] == 'seller_search')## PHP Pro Bid v6.00 search auctions posted by the seller requested
{
if (!empty($_REQUEST['username']))
{
	$username = $db->rem_special_chars($_REQUEST['username']);
	$where_query = "LEFT JOIN " . DB_PREFIX . "users u ON u.user_id=a.owner_id ";
	$query[] = "MATCH u.username AGAINST ('" . $username . "*' IN BOOLEAN MODE) AND u.active=1";
	/**
	 * or the old and SLOW search using LIKE - disabled by default, just added the line in case 
	 * anyone might want to use this instead
	 */## PHP Pro Bid v6.00 $query[] = "(u.username LIKE '%" . $username . "%')";
}
}
else if ($_REQUEST['option'] == 'buyer_search')## PHP Pro Bid v6.00 search auctions on which the buyer requested has placed bids
{
if (!empty($_REQUEST['username']))
{
	$username = $db->rem_special_chars($_REQUEST['username']);
	$where_query = "LEFT JOIN " . DB_PREFIX . "bids b ON b.auction_id=a.auction_id
		LEFT JOIN " . DB_PREFIX . "users u ON u.user_id=b.bidder_id ";
	$query[] = "MATCH u.username AGAINST ('" . $username . "*' IN BOOLEAN MODE) AND u.active=1";
	/**
	 * or the old and SLOW search using LIKE - disabled by default, just added the line in case 
	 * anyone might want to use this instead
	 */## PHP Pro Bid v6.00 $query[] = "(u.username LIKE '%" . $username . "%')";
}	
}

if ($_REQUEST['option'] != 'basic_search') 
{
if (!empty($_REQUEST['results_view']))
{
	switch ($_REQUEST['results_view'])## PHP Pro Bid v6.00 all value means we add no variables to the query
	{
		case 'open':
			$query[] = "a.closed=0";
			break;
		case 'closed':
			$query[] = "a.closed=1";
			break;
	}
}
}	

if (count($query))
{
$addl_query = " AND " . $db->implode_array($query, ' AND ');
}

$where_query .= "WHERE a.active=1 AND a.approved=1 AND a.deleted=0 AND a.creation_in_progress=0 " . $addl_query;

$order_field = (in_array($_REQUEST['order_field'], $auction_ordering)) ? $_REQUEST['order_field'] : 'a.end_time'; 
$order_type = (in_array($_REQUEST['order_type'], $order_types)) ? $_REQUEST['order_type'] : 'ASC';

## if we are on the page for the first time, we will override the ordering variables
if (!empty($_REQUEST['ordering']))
{
switch ($_REQUEST['ordering'])
{
	case 'end_time_asc':
		$order_field = 'a.end_time';
		$order_type = 'ASC';
		break;
	case 'end_time_desc':
		$order_field = 'a.end_time';
		$order_type = 'DESC';
		break;
	case 'start_price_asc':
		$order_field = 'a.start_price';
		$order_type = 'ASC';
		break;
}
}

$additional_vars = '&option=' . $_REQUEST['option'] . '&keywords_search=' . $_REQUEST['keywords_search'] .
'&buyout_price=' . $_REQUEST['buyout_price'] . '&reserve_price=' . $_REQUEST['reserve_price'] . 
'&quantity=' . $_REQUEST['quantity'] . '&enable_swap=' . $_REQUEST['enable_swap'] . 
'&list_in=' . $_REQUEST['list_in'] . '&results_view=' . $_REQUEST['results_view'] . 
'&country=' . $_REQUEST['country'] . '&zip_code=' . $_REQUEST['zip_code'] . '&username=' . $_REQUEST['username'] . 
'&basic_search=' . $_REQUEST['basic_search'] . $custom_addl_vars;

include_once('includes/page_browse_auctions.php');

include_once ('global_footer.php');

echo $template_output;

?>

PFMaBiSmAd · March 16, 2012

The query in question is a SELECT query. The 'auction' part of the query might come from a variable, so don't search too specifically.

bryanmc1988 · March 16, 2012

class_custom_field.php

<?

class custom_field extends formchecker
{
var $vars = array();
var $show_only = false;
var $data_owner_id = 0;
var $new_table = true;
var $field_colspan = 1;
var $box_search = 0;

function save_vars($input)
{
	foreach ($input as $key => $value)
	{
		if (is_array($value))
		{
			$value = $this->implode_array($value, '|'); /* in case of checkbox fields which accept multiple selections */
		}
		$this->vars[$key] = $value;
	}
}

function save_edit_vars($owner_id, $page_handle)
{
	$sql_query_result = $this->query("SELECT box_id, box_value FROM " . DB_PREFIX . "custom_fields_data WHERE
		owner_id=" . $owner_id . " AND page_handle='" . $page_handle . "'");

	while ($query_details = $this->fetch_array($sql_query_result))
	{
		$this->vars['custom_box_' . $query_details['box_id']] = $query_details['box_value'];
	}
}

function insert_data ($box_id, $owner_id, $box_value, $page_handle)
{
	$insert_data = $this->query("INSERT INTO " . DB_PREFIX . "custom_fields_data
		(box_id, owner_id, box_value, page_handle) VALUES
		(" . $box_id . ", " . $owner_id . ", '" . $this->rem_special_chars($box_value) . "' , '" . $page_handle . "')");

	return $this->insert_id();
}

function update_data ($box_id, $owner_id, $box_value, $page_handle)
{
	/* if row doesnt exist then use the >>insert_data<< function */
	$is_row = $this->count_rows('custom_fields_data', "WHERE box_id=" . $box_id . " AND
	owner_id=" . $owner_id . " AND page_handle='" . $page_handle . "'");

	if ($is_row)
	{
		$update_data = $this->query("UPDATE " . DB_PREFIX . "custom_fields_data SET
			box_value='" . $this->rem_special_chars($box_value) . "' WHERE
			box_id=" . $box_id . " AND owner_id=" . $owner_id . " AND page_handle='" . $page_handle . "'");
	}
	else
	{
		$this->insert_data($box_id, $owner_id, $box_value, $page_handle);
	}
}

function delete_data ($owner_id, $page_handle)
{
	$delete_data = $this->query("DELETE FROM " . DB_PREFIX . "custom_fields_data WHERE
	owner_id=" . $owner_id . " AND page_handle='" . $page_handle . "'");
}

## this function displays a box when it requires input
function display_box($box_id, $box_name, $box_type, $box_value, $selected_value = NULL)
{
	(string) $display_output = NULL;

	if (!empty($this->vars['custom_box_' . $box_id]))
	{
		$selected_value = $this->vars['custom_box_' . $box_id];
	}
	else if (!empty($selected_value))
	{
		$selected_value = $selected_value;
	}

	$display_output = $box_name.' ';
	switch ($box_type)
	{
		case 'text':
			$display_output .= '<input type="text" name="custom_box_' . $box_id . '" value="' . $selected_value . '" /> ';
			break;
		case 'textarea':
			$display_output .= '<textarea name="custom_box_' . $box_id . '" style="width: 350px; height=180px;">' . $selected_value . '</textarea> ';
			break;
		case 'password':
			$display_output .= '<input type="password" name="custom_box_' . $box_id . '" value="' . $selected_value . '" /> ';
			break;
		case 'list':
			$display_output .= '<select name="custom_box_' . $box_id . '">';

			$box_array = explode('[]', $box_value);

			if ($this->box_search)
			{
				$display_output .= '<option value="" selected>- ' . GMSG_ALL . ' -</option>';					
			}

			foreach ($box_array as $value)
			{
				$display_output .= '<option value="' . $value . '" ' . (($value == $selected_value) ? 'selected' : '') . '>' . $value . '</option>';
			}

			$display_output .= '</select>';
			break;
		case 'checkbox':
			$box_array = explode('[]', $box_value);
			$selected_value = explode('|', $selected_value);

			foreach ($box_array as $value)
			{
				$display_output .= '<input type="checkbox" name="custom_box_' . $box_id . '[]" value="' . $value . '" ' . ((in_array($value, $selected_value)) ? 'checked' : '') . ' />' . $value . ' ';
			}

			break;
		case 'radio':
			$box_array = explode('[]', $box_value);

			foreach ($box_array as $value)
			{
				$display_output .= '<input type="radio" name="custom_box_' . $box_id . '" value="' . $value . '" ' . (($value == $selected_value) ? 'checked' : '') . ' />' . $value . ' ';
			}
			break;
	}

	return $display_output;
}

function process_table_code($table_row, &$table_fields, $table_code)
{
	(string) $display_output = NULL;

	$display_output = $table_code;

	foreach ($table_fields as $value)
	{
		$formatted_field = '{' . $value . '}';

		$display_output = str_replace($formatted_field, $table_row[$value], $display_output);

	}

	return $display_output;
}

## this function displays a special box when it requires input
function display_special_box($box_id, $box_name, $special_box_type, $selected_value = NULL)
{
	(string) $display_output = NULL;

	if (!empty($this->vars['custom_box_' . $box_id]))
	{
		$selected_value = $this->vars['custom_box_' . $box_id];
	}

	$type_details = $this->get_sql_row("SELECT t.box_type, s.table_name_raw, s.box_value_code FROM
		" . DB_PREFIX . "custom_fields_types t, " . DB_PREFIX . "custom_fields_special s WHERE
		t.type_id=s.box_type AND s.type_id=" . $special_box_type);

	$display_output = $box_name . ' ';

	$sql_select_table = $this->query("SELECT * FROM " . $type_details['table_name_raw']);

	$table_fields = $this->table_fields($type_details['table_name_raw']);

	switch ($type_details['box_type'])
	{
		case 'list':
			$display_output .= '<select name="custom_box_' . $box_id . '">';

			while ($table_details = $this->fetch_array($sql_select_table))
			{
				$msg = $this->process_table_code($table_details, $table_fields, $type_details['box_value_code']);

				$display_output .= '<option value="' . $table_details['id'] . '" ' . (($table_details['id'] == $selected_value) ? 'selected' : '') . '>' . $msg . '</option> ';
			}

			$display_output .= '</select>';
			break;
		case 'checkbox':
			while ($table_details = $this->fetch_array($sql_select_table))
			{
				$msg = $this->process_table_code($table_details, $table_fields, $type_details['box_value_code']);

				$display_array[] = '<input type="checkbox" name="custom_box_' . $box_id . '[]" value="' . $table_details['id'] . '" ' . ((@in_array($table_details['id'], $selected_value)) ? 'checked' : '') . ' />' . $msg . ' ';
			}

			$display_output = implode('<br>', $display_array);
			break;
		case 'radio':
			while ($table_details = $this->fetch_array($sql_select_table))
			{
				$msg = $this->process_table_code($table_details, $table_fields, $type_details['box_value_code']);

				$display_array[] = '<input type="radio" name="custom_box_' . $box_id . '" value="' . $table_details['id'] . '" ' . (($table_details['id'] == $selected_value) ? 'checked' : '') . ' />' . $msg . ' ';
			}

			$display_output = implode('<br>', $display_array);
			break;
	}

	return $display_output;
}

## front end related custom sections functions - create all custom sections that belong to a page
function display_section($page_handle, $section_name = '', $section_id = 0, $order_id = 0, $category_id = 0)
{
	(string) $display_output = NULL;

	$fields_details = $this->display_fields($section_id, $page_handle, $category_id);

	if (!empty($fields_details))
	{
		if ($this->new_table)
		{
			$display_output = '<br><table width="100%" border="0" cellpadding="3" cellspacing="2" class="border"> ';
		}

   	if (!empty($section_name))
   	{
   		$colspan = ($this->field_colspan == 1) ? 2 : $this->field_colspan + 1;

   		$display_output .= '<tr> '.
         	'	<td colspan="' . $colspan . '" class="c3">' . $section_name . '</td> '.
      		'</tr>';
   	}

   	$display_output .= '<tr class="c5"> '.
         '	<td><img src="themes/' . DEFAULT_THEME . '/img/pixel.gif" width="150" height="1"></td> '.
         '	<td colspan="' . $this->field_colspan . '" width="100%"><img src="themes/' . DEFAULT_THEME . '/img/pixel.gif" width="1" height="1"></td> '.
      	'</tr> ';

		$display_output .= $fields_details;

		if ($this->new_table)
		{
			$display_output .= '</table> ';
		}
	}

	return $display_output;

}

## front end related custom fields functions - create all custom fields that belong to a section
function display_fields($section_id, $page_handle, $category_id = 0)
{
	(string) $display_output = NULL;

	## only display a field if the category corresponds
	$addl_query = ($category_id) ? " AND category_id IN (0, " . $category_id . ")" : '';

	$sql_select_fields = $this->query("SELECT field_id, field_name, field_order, active, category_id, field_description FROM
		" . DB_PREFIX . "custom_fields WHERE
		section_id=" . $section_id . " AND page_handle='" . $page_handle . "' AND active='1' " . $addl_query . " ORDER BY field_order ASC");

	while ($field_details = $this->fetch_array($sql_select_fields))
	{
		$background = ($counter++%2) ? 'c1' : 'c2';

		$box_details = $this->display_boxes($field_details['field_id'], $page_handle);

		if (!empty($box_details))
		{
			$display_output .= '<tr class="' . $background . '"> ' .
				'	<td width="150" align="right"> ' . $field_details['field_name'] . '</td>' .
				'	<td colspan="' . $this->field_colspan . '">' . $box_details . '</td>' .
				'</tr>';

			if (!empty($field_details['field_description']) && !$this->show_only && !$this->box_search)
			{
				$display_output .= '<tr class="reguser"> '.
         		'	<td> </td> '.
         		'	<td colspan="' . $this->field_colspan . '"> ' . $field_details['field_description'] . ' </td> '.
      			'</tr>';
			}
		}
	}

	return $display_output;

}

function show_box ($box_name, $box_id, $owner_id, $page_handle)
{
	(string) $display_output = NULL;

	$box_data = $this->get_sql_field("SELECT box_value FROM " . DB_PREFIX . "custom_fields_data WHERE
		box_id=" . $box_id . " AND owner_id=" . $owner_id . " AND page_handle='" . $page_handle . "'", 'box_value');

	$display_output = (($box_name) ? '<b>' . $box_name . '</b>: ' : '') . field_display(str_replace('|', ', ', $box_data)) . '   ';

	return $display_output;
}

function show_special_box ($box_name, $box_id, $special_box_id, $owner_id, $page_handle)
{
	(string) $display_output = NULL;


	$box_data = $this->get_sql_row("SELECT box_value FROM " . DB_PREFIX . "custom_fields_data WHERE
		box_id=" . $box_id . " AND owner_id=" . $owner_id . " AND page_handle='" . $page_handle . "'", 'box_value');

	$special_box_details = $this->get_sql_row("SELECT table_name_raw, box_value_code FROM
		" . DB_PREFIX . "custom_fields_special WHERE type_id=" . $special_box_id);

	$table_fields = $this->table_fields($special_box_details['table_name_raw']);

	$box_value = str_replace('|', ', ', $box_data['box_value']);

	$sql_select_values = $this->query("SELECT * FROM " . $special_box_details['table_name_raw'] . " WHERE
		id IN (" . $box_value . ")");

	while ($values_details = $this->fetch_array($sql_select_values))
	{
		$values_array[] = $this->process_table_code($values_details, $table_fields, $special_box_details['box_value_code']);
	}

	$formatted_output = $this->implode_array($values_array);

	$display_output = (($box_name) ? '<b>' . $box_name . '</b>: ' : '') . field_display($formatted_output) . '   ';


	//$display_output = 'UNCOMPLETED';

	return $display_output;
}


function display_boxes ($field_id, $page_handle)
{
	(string) $display_output = NULL;

	## get all boxes corresponding to the field id requested. (default types)
	$sql_select_boxes = $this->query("SELECT b.box_id, b.box_name, b.box_value, b.box_order, t.box_type, b.mandatory FROM
		" . DB_PREFIX . "custom_fields_boxes b, " . DB_PREFIX . "custom_fields_types t WHERE
		b.field_id=" . $field_id . " AND b.box_type=t.type_id " . (($this->box_search) ? 'AND b.box_searchable=1' : '') . " ORDER BY b.box_order ASC");

	$is_boxes = $this->num_rows($sql_select_boxes);

	while ($box_details = $this->fetch_array($sql_select_boxes))
	{
		if ($this->show_only)
		{
			$display_output .= $this->show_box($box_details['box_name'], $box_details['box_id'], $this->data_owner_id, $page_handle);
		}
		else
		{
			$display_output .= $this->display_box($box_details['box_id'], $box_details['box_name'], $box_details['box_type'], $box_details['box_value']);
		}
	}

	## get all boxes corresponding to the field id requested. (special types)
	$sql_select_special_boxes = $this->query("SELECT b.box_id, b.box_name, b.box_value, b.box_order, b.box_type_special, b.mandatory FROM
		" . DB_PREFIX . "custom_fields_boxes b, " . DB_PREFIX . "custom_fields_special s WHERE
		b.field_id=" . $field_id . " AND b.box_type_special=s.type_id ORDER BY b.box_order ASC");

	while ($special_box_details = $this->fetch_array($sql_select_special_boxes))
	{
		if ($this->show_only)
		{
			$display_output .= $this->show_special_box($special_box_details['box_name'], $special_box_details['box_id'], $special_box_details['box_type_special'], $this->data_owner_id, $page_handle);
		}
		else
		{
			$display_output .= $this->display_special_box($special_box_details['box_id'], $special_box_details['box_name'], $special_box_details['box_type_special'], $special_box_details['box_value']);
		}
	}

	return $display_output;
}

function insert_page_data ($user_id, $page_handle, $value_array)
{
	foreach ($value_array as $key => $value)
	{
		if (eregi('custom_box_', $key))
		{
			$custom_box_id = intval(str_replace('custom_box_', '', $key));
			$custom_box_id = intval(str_replace('[]', '', $custom_box_id));

			if (is_array($value))
			{
				$value = implode('|', $value);
			}

			$this->insert_data($custom_box_id, $user_id, $value, $page_handle);

		}

		$custom_box_ids = @implode(',', $custom_box_array);
	}
}

/* TO DO: if a single checkbox, it always selects it */
function update_page_data ($user_id, $page_handle, $value_array)
{
	foreach ($value_array as $key => $value)
	{
		if (eregi('custom_box_', $key))
		{
			$custom_box_id = intval(str_replace('custom_box_', '', $key));
			$custom_box_id = intval(str_replace('[]', '', $custom_box_id));

			if (is_array($value))
			{
				$value = implode('|', $value);
			}

			$this->update_data($custom_box_id, $user_id, $value, $page_handle);

		}

		$custom_box_ids = @implode(',', $custom_box_array);
	}
}

function display_sections($user_details, $page_handle, $show_only = false, $owner_id = 0, $category_id = 0)
{
	(string) $display_output = null;

	$this->show_only = $show_only;
	$this->data_owner_id = $owner_id;

	$sql_select_sections = $this->query("SELECT section_id, section_name, order_id FROM
		" . DB_PREFIX . "custom_fields_sections WHERE
		page_handle='" . $page_handle . "' ORDER BY order_id ASC");

	## now create the fields with no section (here all fields and all boxes in those fields with section_id=0 will be created
	$is_fields_no_section = $this->count_rows('custom_fields', "WHERE
		section_id=0 AND active=1 AND page_handle='" . $page_handle . "'");

	if ($is_fields_no_section)
	{
		$display_output = $this->display_section($page_handle, '', 0, 0, $category_id);
	}

	while ($section_details = $this->fetch_array($sql_select_sections))
	{
		$display_output .= $this->display_section($page_handle, $section_details['section_name'], $section_details['section_id'], $section_details['order_id'], $category_id);
	}

	return $display_output;
}

function output_hidden_form_fields()
{
	(string) $display_output = null;

	foreach ($this->vars as $key => $value)
	{
		if (eregi('custom_box_', $key))
		{
			$display_output .= '<input type="hidden" name="' . $key . '" value="' . $this->rem_special_chars($value) . '" /> ';
		}
	}

	return $display_output;
}
}

?>

class_custom_field_admin.php

<?
class custom_field_admin extends custom_field
{

function create_section($section_name, $page_handle)
{
	$this->query("INSERT INTO " . DB_PREFIX . "custom_fields_sections
		(section_name, page_handle) VALUES
		('" . $this->rem_special_chars($section_name) . "', '" . $page_handle . "')");

	return $this->insert_id();
}

function edit_section($section_id, $section_name)
{
	$this->query("UPDATE " . DB_PREFIX . "custom_fields_sections SET
		section_name='" . $this->rem_special_chars($section_name) . "' WHERE section_id=" . $section_id);
}

function delete_section($section_id)
{
	$this->query("UPDATE " . DB_PREFIX . "custom_fields SET
		section_id=0 WHERE section_id=" . $section_id);
	$this->query("DELETE FROM " . DB_PREFIX . "custom_fields_sections WHERE section_id=" .$section_id);
}

function create_field($field_name, $field_description, $page_handle, $section_id = 0, $category_id = 0, $field_order = 0, $active = 1)
{
	$create_field = $this->query("INSERT INTO " . DB_PREFIX . "custom_fields
		(field_name, field_order, active, page_handle, section_id, category_id, field_description) VALUES
		('" . $this->rem_special_chars($field_name) . "', " . $field_order . ", '" . $active . "', '" . $page_handle . "',
		" . $section_id . ", '" . $category_id . "', '" . $this->rem_special_chars($field_description) . "')");

	return $this->insert_id();
}

function edit_field($field_id, $field_name, $field_description, $section_id = 0, $category_id = 0)
{
	$edit_field = $this->query("UPDATE " . DB_PREFIX . "custom_fields SET
		field_name='" . $this->rem_special_chars($field_name) . "', section_id=" . $section_id . ", category_id='" . $category_id . "',
		field_description='" . $this->rem_special_chars($field_description) . "' WHERE field_id=" . $field_id);
}

function delete_field($field_id)
{

	$delete_field = $this->query("DELETE f, b, d FROM " . DB_PREFIX . "custom_fields AS f LEFT JOIN
		" . DB_PREFIX . "custom_fields_boxes AS b ON b.field_id=f.field_id LEFT JOIN
		" . DB_PREFIX . "custom_fields_data AS d ON d.box_id=b.box_id WHERE f.field_id=" .$field_id);

}

function create_box ($box_name, $box_type_raw, $box_value_raw, $field_id, $formchecker_array, $mandatory = 0, $box_order = 0, $box_searchable = 0)
{
	list($type_handle, $type_value) = explode('_', $box_type_raw);


	(int) $box_type = 0;
	(int) $box_type_special = 0;

	$formchecker_functions = (!empty($formchecker_array)) ? @implode('|', $formchecker_array) : '';

	if ($type_handle == 'D')
	{
		$box_type = $type_value;
	}
	else if ($type_handle == 'S')
	{
		$box_type_special = $type_value;
	}

	if (isset($box_value_raw))
	{
		(int) $cnt = 0;

		$count_box_value_raw = count($box_value_raw);

		for($i=0; $i<$count_box_value_raw; $i++)
		{
			if (!empty($box_value_raw[$i]))
			{
				$box_value_array[$cnt++] = @str_replace('[]', '', $box_value_raw[$i]);
			}
		}

		$box_value = @implode('[]', $box_value_array);
	}
	else
	{
		$box_value = @str_replace('[]', '', $box_value_raw);
	}

	$create_box = $this->query("INSERT INTO " . DB_PREFIX . "custom_fields_boxes
		(field_id, box_name, box_value, box_order, box_type, mandatory, box_type_special, formchecker_functions, box_searchable) VALUES
		(" . $field_id . ", '" . $this->rem_special_chars($box_name) . "', '" . $this->rem_special_chars($box_value) . "',
		" . $box_order . ", '" . $box_type . "', '" . $mandatory . "', '" . $box_type_special . "',
		'" . $formchecker_functions . "', '" . $box_searchable . "')");

	return $this->insert_id();
}

function edit_box ($box_id, $box_name, $box_type_raw, $box_value_raw, $field_id, $formchecker_array, $mandatory = 0, $box_order = 0, $box_searchable = 0)
{
	list($type_handle, $type_value) = explode('_', $box_type_raw);

	(int) $box_type = 0;
	(int) $box_type_special = 0;

	$formchecker_functions = (!empty($formchecker_array)) ? @implode('|', $formchecker_array) : '';

	if ($type_handle == 'D')
	{
		$box_type = $type_value;
	}
	else if ($type_handle == 'S')
	{
		$box_type_special = $type_value;
	}

	if (is_array($box_value_raw))
	{
		(int) $cnt = 0;

		$count_box_value_raw = count($box_value_raw);

		for($i=0; $i<$count_box_value_raw; $i++)
		{
			if (!empty($box_value_raw[$i]))
			{
				$box_value_array[$cnt++] = @str_replace('[]', '', $box_value_raw[$i]);
			}
		}

		$box_value = @implode('[]', $box_value_array);
	}
	else
	{
		$box_value = @str_replace('[]', '', $box_value_raw);
	}

	$edit_box = $this->query("UPDATE " . DB_PREFIX . "custom_fields_boxes SET
		field_id=" . $field_id . ", box_name='" . $this->rem_special_chars($box_name) . "',
		box_value='" . $this->rem_special_chars($box_value) . "', box_order=" . $box_order . ",
		box_type='" . $box_type . "', mandatory='" . $mandatory . "',
		box_type_special='" . $box_type_special . "',
		formchecker_functions='" . $formchecker_functions . "', 
		box_searchable='" . $box_searchable . "' WHERE box_id=" . $box_id);

}

function delete_box($box_id)
{

	$delete_field = $this->query("DELETE b, d FROM " . DB_PREFIX . "custom_fields_boxes AS b LEFT JOIN
		" . DB_PREFIX . "custom_fields_data AS d ON d.box_id=b.box_id WHERE b.box_id=" .$box_id);

}


## admin related custom fields functions - for custom field management purposes only
function admin_display_section($page_handle, $section_name = AMSG_NO_SECTION, $section_id = 0, $order_id = 0)
{
	(string) $display_output = NULL;

	$display_output = '<tr><td class="c4"> '.
		'<table cellpadding="0" cellspacing="2" border="0" class="contentfont"> '.
		'<tr><td width="100%" class="c4"><strong>' . $section_name . '</strong></td> ';

	if ($section_id)
	{
		$display_output .= '<td nowrap class="c4"><strong>' . AMSG_ORDER_ID . '</strong>: '.
			'<input type="hidden" name="section_id[]" value="' . $section_id . '" size="6">'.
			'<input type="text" name="section_order_id[]" value="' . $order_id . '" size="6"></td>'.
			'<td nowrap class="c4">  [ <a href="custom_fields.php?page=' . $page_handle . '&do=edit_section&section_id=' . $section_id . '"'.
			'>' . AMSG_EDIT . '</a> ]</td> '.
			'<td nowrap class="c4"> [ <a href="custom_fields.php?page=' . $page_handle . '&do=delete_section&section_id=' . $section_id . '"'.
			' onclick="return confirm(\'' . AMSG_DELETE_CONFIRM . '\');">' . AMSG_DELETE . '</a> ]</td> ';
	}
	else
	{
		$display_output .= '<td nowrap class="c4">[ <a href="custom_fields.php?page=' . $page_handle . '&do=add_section">' . AMSG_ADD_SECTION . '</a> ]</td> ';
	}

	$display_output .= '</tr></table></td></tr><tr><td class="c9"><img src="admin/images/pixel.gif" width="1" height="1"></td></tr>';

	return $display_output;

}

## admin related custom fields functions - create all custom fields that belong to a section
function admin_display_fields($section_id, $page_handle)
{
	(string) $display_output = NULL;

	## the add field message first
	$display_output = '<tr><td> '.
		'[ <b><a href="custom_fields.php?page=' . $page_handle . '&do=add_field&section_id=' . $section_id . '">' . AMSG_ADD_FIELD . '</a></b> ] '.
		'</td></tr> ';

	## get all fields corresponding to the section id requested.
	$sql_select_fields = $this->query("SELECT field_id, field_name, field_order, active, category_id, field_description FROM
		" . DB_PREFIX . "custom_fields WHERE
		section_id=" . $section_id . " AND page_handle='" . $page_handle . "' ORDER BY active DESC, field_order ASC");

	while ($field_details = $this->fetch_array($sql_select_fields))
	{
		$background = ($field_details['active']) ? (($counter++%2) ? 'c1' : 'c2') : 'grey';

		$display_output .= '<tr><td class="border"> '.
			'<table cellpadding="0" cellspacing="2" border="0" class="contentfont c3" width="100%">'.
			'<tr><td class="c3" width="100%"> <b>' . $field_details['field_name'] . '</b> ( ' . $field_details['field_description'] . ' ) </td>'.
			'<td class="c3" align="right"><strong>' . AMSG_ACTIVE . '</strong>:</td>'.
			'<td class="c3"><input type="checkbox" name="field_active[' . $field_details['field_id'] . ']" value="1" ' . (($field_details['active']) ? 'checked' : ''). ' /></td>'.

			'<td class="c3" nowrap><strong>' . AMSG_ORDER_ID . '</strong>:</td> '.
			'<td><input type="hidden" name="field_id[]" value="' . $field_details['field_id'] . '" size="6">'.
			'<input type="text" name="field_order_id[]" value="' . $field_details['field_order'] . '" size="6"></td>'.

			'<td align="center" nowrap>[ <a href="custom_fields.php?page=' . $page_handle . '&do=edit_field&section_id=' . $section_id .
			'&field_id=' . $field_details['field_id'] . '">' . AMSG_EDIT . '</a> ]</td> '.
			'<td align="center" nowrap>[ <a href="custom_fields.php?page=' . $page_handle . '&do=delete_field&field_id=' . $field_details['field_id'] .
			'"'.
			' onclick="return confirm(\'' . AMSG_DELETE_CONFIRM . '\');">' . AMSG_DELETE . '</a> ] </td></tr></table> '.
			'<div style="padding: 5px;">[ <b><a href="custom_fields.php?page=' . $page_handle . '&do=add_box&field_id=' . $field_details['field_id'] . '">' . AMSG_ADD_BOX . '</a></b> ]</div>'.

			'<table cellpadding="2" cellspacing="2" border="0" class="contentfont border" width="100%"> '.
			'<tr>'.
			'<td>' . $this->admin_display_boxes($field_details['field_id'], $page_handle) . '</td>';

		$display_output .= '</tr></table></td></tr> ';
	}

	return $display_output;

}

function admin_display_boxes ($field_id, $page_handle)
{
	(string) $display_output = NULL;

	$display_output = '<table cellpadding="3" cellspacing="2" border="0" class="contentfont border">';

	## get all boxes corresponding to the field id requested. (default types)
	$sql_select_boxes = $this->query("SELECT b.box_id, b.box_name, b.box_value, b.box_order, t.box_type, b.mandatory, b.box_searchable FROM
		" . DB_PREFIX . "custom_fields_boxes b, " . DB_PREFIX . "custom_fields_types t WHERE
		b.field_id=" . $field_id . " AND b.box_type=t.type_id ORDER BY b.box_order ASC");

	while ($box_details = $this->fetch_array($sql_select_boxes))
	{
		$display_box = $this->display_box($box_details['box_id'], $box_details['box_name'], $box_details['box_type'], $box_details['box_value']);

		$display_output .= '<tr valign="top" class="c2"><td>' . $display_box . (($box_details['box_searchable']) ? '<b>*</b>' : '') . 
			'</td><td nowrap>[ <a href="custom_fields.php?page=' . $page_handle . '&do=edit_box&field_id=' . $field_id .
			'&box_id=' . $box_details['box_id'] . '">' . AMSG_EDIT . '</a> ] [ <a href="custom_fields.php?page=' . $page_handle . '&do=delete_box&box_id=' . $box_details['box_id'] . '"'.
			' onclick="return confirm(\'' . AMSG_DELETE_CONFIRM . '\');">' . AMSG_DELETE . '</a> ]</td></tr>';
	}

	## get all boxes corresponding to the field id requested. (special types)
	$sql_select_special_boxes = $this->query("SELECT b.box_id, b.box_name, b.box_value, b.box_order, b.box_type_special, b.mandatory FROM
		" . DB_PREFIX . "custom_fields_boxes b, " . DB_PREFIX . "custom_fields_special s WHERE
		b.field_id=" . $field_id . " AND b.box_type_special=s.type_id ORDER BY b.box_order ASC");

	while ($special_box_details = $this->fetch_array($sql_select_special_boxes))
	{
		$display_box = $this->display_special_box($special_box_details['box_id'], $special_box_details['box_name'], $special_box_details['box_type_special'], $special_box_details['box_value']);

		$display_output .= '<tr class="c2" valign="top"><td>' . $display_box .
			'</td><td nowrap>[ <a href="custom_fields.php?page=' . $page_handle . '&do=edit_box&field_id=' . $field_id .
			'&box_id=' . $special_box_details['box_id'] . '">' . AMSG_EDIT . '</a> ] [ <a href="custom_fields.php?page=' . $page_handle . '&do=delete_box&box_id=' . $special_box_details['box_id'] . '"'.
			' onclick="return confirm(\'' . AMSG_DELETE_CONFIRM . '\');">' . AMSG_DELETE . '</a> ]</td></tr>';
	}

	$display_output .='</table>';

	return $display_output;
}

function sections_list_menu ($selected_section_id, $page_handle)
{
	(string) $display_output = NULL;

	$display_output = '<select name="section_id"> '.
		'<option value="0" selected>' . AMSG_NO_SECTION . '</option> ';

	$sql_select_sections = $this->query("SELECT section_id, section_name FROM
		" . DB_PREFIX . "custom_fields_sections WHERE
		page_handle='" . $page_handle . "' ORDER BY order_id ASC");

	while ($section_details = $this->fetch_array($sql_select_sections))
	{
		$display_output .= '<option value="' . $section_details['section_id']. '" ' . (($selected_section_id == $section_details['section_id']) ? 'selected' : '') . '>' . $section_details['section_name'] . '</option>';
	}

	$display_output .= '</select> ';

	return $display_output;
}

function fields_list_menu ($selected_field_id, $page_handle)
{
	(string) $display_output = NULL;

	$display_output = '<select name="field_id"> ';

	$sql_select_fields = $this->query("SELECT field_id, field_name FROM
		" . DB_PREFIX . "custom_fields WHERE
		page_handle='" . $page_handle . "' ORDER BY section_id ASC, field_order ASC");

	while ($field_details = $this->fetch_array($sql_select_fields))
	{
		$display_output .= '<option value="' . $field_details['field_id']. '" ' . (($selected_field_id == $field_details['field_id']) ? 'selected' : '') . '>' . $field_details['field_name'] . '</option>';
	}

	$display_output .= '</select> ';

	return $display_output;
}

function box_types_list_menu ($selected_type_id = 0, $special_field = FALSE)
{
	(string) $display_output = NULL;

	$display_output = '<select name="box_type" onChange="submit_form(form_custom_box);"> '.

	$additional_query = ($special_field) ? 'WHERE maxfields>1' : '';

	$sql_select_box_types = $this->query("SELECT type_id, box_type, maxfields FROM
		" . DB_PREFIX . "custom_fields_types " . $additional_query);

	while ($box_type_details = $this->fetch_array($sql_select_box_types))
	{
		$display_output .= '<option value="D_' . $box_type_details['type_id']. '" ' . (($selected_type_id && $selected_type_id == 'D_' . $box_type_details['type_id']) ? 'selected' : '') . '>' . $box_type_details['box_type'] . '</option>';
	}

	if (!$special_field)
	{
		## now also select any special box types
		$sql_select_special_types = $this->query("SELECT type_id, box_name FROM
			" . DB_PREFIX . "custom_fields_special");

		while ($special_type_details = $this->fetch_array($sql_select_special_types))
		{
			$display_output .= '<option value="S_' . $special_type_details['type_id']. '" ' . (($selected_type_id && $selected_type_id == 'S_' . $special_type_details['type_id']) ? 'selected' : '') . '>' . $special_type_details['box_name'] . '</option>';
		}
	}

	$display_output .= '</select> ';

	return $display_output;
}

function admin_box_type_display($type_id_raw, $box_value=NULL)
{
	(string) $display_output = NULL;

	list($type_handle, $type_id) = explode('_', $type_id_raw);

	$type_id = (!$type_id) ? 0 : $type_id;

	if ($type_handle == 'S')
	{
		$display_output = $this->display_special_box($box_id, $box_name, $type_id, $box_value);
	}
	else
	{
		$box_details = $this->get_sql_row("SELECT box_type, maxfields FROM
			" . DB_PREFIX . "custom_fields_types WHERE type_id=" . $type_id);

		$box_fields = explode('[]', $box_value);

		if (in_array($box_details['box_type'], array('list', 'checkbox', 'radio')))
		{
			for ($i=0; $i<$box_details['maxfields']; $i++)
			{
				$display_output .= '<input type="text" name="box_value[]" size="25" value="' . $box_fields[$i] . '" /><br />';

			}
		}
		else
		{
			$display_output = '<input type="text" name="box_value" size="40" value="' . $box_value . '" />';
		}
	}

	return $display_output;
}

function linkable_tables_list_menu ($linkable_tables, $selected_table_name = NULL)
{
	(string) $display_output = NULL;

	$display_output = '<select name="table_name_raw" onChange="submit_form(form_custom_box);"> ';

	foreach ($linkable_tables as $value)
	{
		$table_name = DB_PREFIX . $value;
		$display_output .= '<option value="' . $table_name. '" ' . (($selected_table_name == $table_name) ? 'selected' : '') . '>' . $table_name . '</option>';
	}

	$display_output .= '</select> ';

	return $display_output;
}

function create_special_field ($box_name, $box_type_raw, $table_name_raw, $box_value_code)
{
	list($type_handle, $box_type) = explode('_', $box_type_raw);

	$create_box = $this->query("INSERT INTO " . DB_PREFIX . "custom_fields_special
		(box_name, box_type, table_name_raw, box_value_code) VALUES
		('" . $this->rem_special_chars($box_name) . "', '" . $box_type . "',
		'" . $table_name_raw . "', '" . $box_value_code . "')");

	return $this->insert_id();
}

function edit_special_field ($type_id, $box_name, $box_type_raw, $table_name_raw, $box_value_code)
{
	list($type_handle, $box_type) = explode('_', $box_type_raw);

	$create_box = $this->query("UPDATE " . DB_PREFIX . "custom_fields_special SET
		box_name='" . $this->rem_special_chars($box_name) . "', box_type='" . $box_type . "',
		table_name_raw='" . $table_name_raw . "', box_value_code='" . $box_value_code . "' WHERE type_id=" . $type_id);
}

function delete_special_field($type_id)
{

	$delete_special_field_related = $this->query("DELETE s, b, d FROM " . DB_PREFIX . "custom_fields_special AS s LEFT JOIN
		" . DB_PREFIX . "custom_fields_boxes AS b ON b.box_type_special=s.type_id LEFT JOIN
		" . DB_PREFIX . "custom_fields_data AS d ON d.box_id=b.box_id WHERE s.type_id=" .$type_id);


}

function formcheck_functions_display($selected_values = NULL)
{
	(string) $display_output = NULL;

	$selected = explode('|', $selected_values);

	foreach ($this->methods as $value)
	{
		$display_output .= '<input type="checkbox" name="formchecker_functions[]" value="' . $value . '" ' . ((in_array($value, $selected)) ? 'checked' : '') . '>' . $value. ' ';
	}

	return $display_output;
}

}

?>

class_item.php

## now we remove all the rows from all the related tables.
		$sql_delete_auction = $this->query_silent("DELETE a, ao, b, aw, cfd, p, m FROM " . DB_PREFIX . "auctions AS a
			LEFT JOIN " . DB_PREFIX . "auction_offers AS ao ON ao.auction_id = a.auction_id
			LEFT JOIN " . DB_PREFIX . "auction_watch AS aw ON aw.auction_id = a.auction_id
			LEFT JOIN " . DB_PREFIX . "auction_rollbacks AS ar ON ar.auction_id = a.auction_id
			LEFT JOIN " . DB_PREFIX . "bids AS b ON b.auction_id = a.auction_id
			LEFT JOIN " . DB_PREFIX . "custom_fields_data AS cfd ON cfd.owner_id = a.auction_id AND cfd.page_handle='auction'
			LEFT JOIN " . DB_PREFIX . "proxybid AS p ON p.auction_id = a.auction_id
			LEFT JOIN " . DB_PREFIX . "messaging AS m ON m.auction_id = a.auction_id WHERE
			a.auction_id IN (" . $delete_array . ")");

		if (!$sql_delete_auction)
		{
			$this->query("DELETE FROM " . DB_PREFIX . "auctions WHERE auction_id IN (" . $delete_array . ")");
			$this->query("DELETE FROM " . DB_PREFIX . "auction_offers WHERE auction_id IN (" . $delete_array . ")");
			$this->query("DELETE FROM " . DB_PREFIX . "auction_watch WHERE auction_id IN (" . $delete_array . ")");
			$this->query("DELETE FROM " . DB_PREFIX . "auction_rollbacks WHERE auction_id IN (" . $delete_array . ")");
			$this->query("DELETE FROM " . DB_PREFIX . "bids WHERE auction_id IN (" . $delete_array . ")");
			$this->query("DELETE FROM " . DB_PREFIX . "custom_fields_data WHERE owner_id IN (" . $delete_array . ") AND page_handle='auction'");
			$this->query("DELETE FROM " . DB_PREFIX . "proxybid WHERE auction_id IN (" . $delete_array . ")");
			$this->query("DELETE FROM " . DB_PREFIX . "messaging WHERE auction_id IN (" . $delete_array . ")");
		}
	}
	else ## only mark as deleted
	{
		$min_time = $this->min_hours * 60 * 60;

		$this->query("UPDATE " . DB_PREFIX . "auctions SET deleted=1 WHERE
			auction_id IN (" . $delete_array . ") " . $addl_query);
	}
}

bryanmc1988 · March 16, 2012

The query in question is a SELECT query. The 'auction' part of the query might come from a variable, so don't search too specifically.

if thats the case i search for "auction" and got over 1500-2000+ hits... no way to look at all that... is there any way to narrow it down? or look at the php i posted above. i think one of that has to be it

PFMaBiSmAd · March 16, 2012

It's likely the select query that is in the save_edit_vars method.

You can use debug_backtrace or debug_print_backtrace inside the code of that method to find out from where it is being called. I would use some conditional logic to only output or log the backtrace information when the $owner_id is empty. Once you know where the main code is that is calling that method, you can debug why the $owner_id parameter is empty (it's either a coding error or that value is coming from a login script that isn't working correctly...)

Sign In

need help asap on php mysql problem

Recommended Posts

bryanmc1988

Link to comment

Share on other sites

Ptsface12

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

bryanmc1988

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

bryanmc1988

Link to comment

Share on other sites

bryanmc1988

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information