I was able to get stamps.com integration to work with 1.5.5e with this version where I made a few edits to the file to account for the Mysql depreciated functions and replaced them with MySqli equivalents. I am quite sure there are more elegant ways to get this fixed but for now I would like some comments from the other programmers if this compromises security doing it this way.
I modified the original function:
Code:
// Returns the zen country id for the given named country
function GetCountryID($country_name)
{
global $db;
$qry = sprintf("select countries_id from ". TABLE_COUNTRIES. " where countries_name = '%s'",
mysql_real_escape_string($country_name));
$countryQuery = $db->Execute($qry);
if ($countryQuery->RecordCount() == 0)
{
return $country_name;
}
else
{
return $countryQuery->fields['countries_id'];
}
}
and changed it to look like this since the mysqli_real_escape_string() requires a connection string as the first parameter:
Code:
// Returns the zen country id for the given named country
function GetCountryID($country_name)
{
global $db;
$mysqli = new mysqli('DB_SERVER' , 'DB_SERVER_USERNAME' , 'DB_SERVER_PASSWORD' , 'DB_DATABASE' );
$qry = sprintf("select countries_id from ". TABLE_COUNTRIES. " where countries_name = '%s'",
mysqli_real_escape_string($mysqli, $country_name));
$countryQuery = $db->Execute($qry);
if ($countryQuery->RecordCount() == 0)
{
return $country_name;
}
else
{
return $countryQuery->fields['countries_id'];
}
}
I did the same for three other functions that were using similar code see the attached updated stamps module if you wish to see the all the changes.
Bookmarks