trying to pass a variable from one function to another in same payment class instance

[torvista]

After a great deal of time and trial and error I am stumped with this basic php variable handling and I would be grateful for some help.

To cut a long story short I am playing with the cod module (although I want to implement the hacks in another module that I can only test live).

I have declared the new variable ($Qb_order_no) I want to use:

PHP Code:

  class cod {
    var $code, $title, $description, $enabled, $Qb_order_no; 


and have set it here:

PHP Code:

    function process_button() {
    global $order, $db;
    $gv_query= "insert into qb_zhenit (pedido) values ('".urlencode(serialize($order))."')";//creates new record for this order in table qb_zhenit
    $gv = $db->Execute($gv_query);
    $this->Qb_order_no = $db->Insert_ID();
    echo 'fn Process Button: $this->Qb_order_no='.$this->Qb_order_no.'<br />';
//    return false;
    } 


I see the $this->Qb_order_no as being set correctly (an integer) at the bottom of the order confirmation page.

Then I want to use this variable again here:

PHP Code:

function after_process() {
        global $order, $db, $insert_id;
        echo 'fn After Process: $this->Qb_order_no='.$this->Qb_order_no.'<br />';
        $query_add_order_id = "UPDATE qb_zhenit SET orders_id=$insert_id WHERE id = $this->Qb_order_no";  
        echo '$query_add_order_id ='.$query_add_order_id.'<br />';  
        $db->Execute($query_add_order_id);
      //return false;
    } 


Here $this->Qb_order_no is empty.

If I set
$this->Qb_order_no ='999'; in the constructor,

then I find that:

in process_button it has the correct value,
but in after_process it has '999'

which looks like after_process is evaluated before process_button.

No doubt this is trivial, but I am stuck...

[torvista]

Bump!

I only come here as a last resort, surely someone is qualified to say this should work/will never work?

This is the last bit of fixing up a flaky payment module which will be a contribution.

[DrByte]

->process_button() is executed when preparing the "confirm" button on the checkout_confirmation screen.

And then the customer is redirected to the next page, whether an offsite service, or the store's own checkout_process screen.

And then the ->before_process() and ->after_process() methods are triggered, but the classes are re-instantiated afresh, with no knowledge of prior instantiations.
If you want information to survive between process_button and after_process, you'll need to rethink how you do it. One way, although not necessarily the only or best way, might be to create a session variable to hold the information, along with checks and balances to ensure the value is good before accepting it for use.

[torvista]

great, thanks. I would not have expected the class to be re-instantiated.

[DrByte]

You might also pass another variable in your process_button output, and then read that value in your after_process processing. Again, some validation needs to be done to ensure it's not been tampered with.

[torvista]

that's enough for me to go on, thanks again

[torvista]

It turns out the variable (a transaction number) was there all the time and being returned back by the gateway.

It is stored by this method which is called by the page the gateway returns to.

function save_result(){//steve added orders_id to query
global $db, $insert_id;
$this->trace("Desde: ".$_SERVER['REMOTE_ADDR']." pide:".$_SERVER['REQUEST_URI'].":\n" .
$_REQUEST['result'] . "\n" .
$_REQUEST['pszPurchorderNum'] . "\n" .
$_REQUEST['pszTxnId'] . "\n" .
$_REQUEST['pszTxnDate'] . "\n" .
$_REQUEST['tipotrans'] . "\n" .
$_REQUEST['store'] . "\n" .
$_REQUEST['coderror'] . "\n" .
$_REQUEST['deserror']);
$sql = "update qb_zhenit set
orders_id = $insert_id,
resultado = '".$_REQUEST['result']."',
pszTxnID='".$_REQUEST['pszTxnDate']."',
deserror='".$_REQUEST['deserror']."' where id='".$_REQUEST['pszPurchorderNum']."'";
echo '$sql='.$sql;
$db->Execute($sql);
}

My first question is regarding posting these $_REQUEST variables directly into the database "as is".
Should there not be some sort of sanitizing going on?
If so, where can I find an example.

Secondly I have added the global $insert_id, I assume its available at this point as its available to function after_process()?