Stamps.com getting error while importing

[lat9]

I've reported this issue to stamps.com (and included the suggested correction). There are 3 areas to be changed:
Line 776:

Code:

                $comments = /*mysql_escape_string($_REQUEST['comments'])*/ $db->prepare_input ($_REQUEST['comments']);  //-20150917-lat9  *** 1 of 3 ***

Line 828

Code:

                                /*mysql_real_escape_string($country_name)*/ $db->prepare_input ($country_name));  //-20150917-lat9  *** 2 of 3 ***

Lines 854-856

Code:

                $qry = sprintf("select zone_code from ". TABLE_ZONES. " where zone_country_id = '%s' and zone_name = '%s'",
                                /*mysql_real_escape_string($country_id)*/ $db->prepare_input ($country_id),
                                /*mysql_real_escape_string($state_name)*/ $db->prepare_input ($state_name));  //-20150917-lat9  *** 3 of 3 ***

[vanhorn_s]

Thank you, that fixed it.

[lat9]

Excellent! According to the customer-care email that I received from stamps.com, they should have those changes incorporated real-soon-now.

[vanhorn_s]

You mean, two years from now, right?

[lat9]

You mean, two years from now, right?

We'll see; they were quite responsive to the email query that I sent in. Since they've got the fix, "all" they need to do is re-validate and release!

[vanhorn_s]

The last time I emailed them a fix, they told me they would implement it, but they never did.

[RixStix]

And people ask why we switched from the Stamps.com interface to

ShipStation.com interface with is owned by Stamps.com but easier to implement, more functionality and includes a better rate discount for PriorityMail through an ExpressONE account running parallel to Stamps.com account.

I did receive a notice a few months ago that a priority issue/trouble ticket generated 18 months ago was finally patched.

[vanhorn_s]

I tried shipstation last time there was a serious issue, and It works great, but I didn't want to pay the extra amount.
I figured out what the problem was, and that was the one they never fixed, after I emailed it to them.
https://www.zen-cart.com/showthread....th-1-5-3/page2

[tonyreynolds]

OK, So I got 1 hit when I searched both on the Admin/Catalog, but zero hits when I searched Catalog only. The stamps.php file is in the catalog root directory. I take the search to mean that the function is not available from the catalog root directory.
I will research to insure the stamps.php file is in the correct location.


TR

The stamps.php file was in the wrong place. It should be in the admin folder and updated to the correct path in the stamps.com software.
Thanks everybody for their help. I learned a new Zen tool as well!

TR

[tflmike]

I was able to get stamps.com integration to work with 1.5.5e with this version where I made a few edits to the file to account for the Mysql depreciated functions and replaced them with MySqli equivalents. I am quite sure there are more elegant ways to get this fixed but for now I would like some comments from the other programmers if this compromises security doing it this way.

I modified the original function:

Code:

// Returns the zen country id for the given named country
        function GetCountryID($country_name)
        {
                global $db;
                $qry = sprintf("select countries_id from ". TABLE_COUNTRIES. " where countries_name = '%s'",
                                mysql_real_escape_string($country_name));

                $countryQuery = $db->Execute($qry);
                if ($countryQuery->RecordCount() == 0)
                {
                        return $country_name;
                }
                else
                {
                        return $countryQuery->fields['countries_id'];
                }
        }

and changed it to look like this since the mysqli_real_escape_string() requires a connection string as the first parameter:

Code:

 // Returns the zen country id for the given named country
        function GetCountryID($country_name)
        {
                global $db;
				$mysqli = new mysqli('DB_SERVER' , 'DB_SERVER_USERNAME' , 'DB_SERVER_PASSWORD' , 'DB_DATABASE' );
                $qry = sprintf("select countries_id from ". TABLE_COUNTRIES. " where countries_name = '%s'",
                                mysqli_real_escape_string($mysqli, $country_name));
								

                $countryQuery = $db->Execute($qry);
                if ($countryQuery->RecordCount() == 0)
                {
                        return $country_name;
                }
                else
                {
                        return $countryQuery->fields['countries_id'];
                }
        }

I did the same for three other functions that were using similar code see the attached updated stamps module if you wish to see the all the changes.