What a gem lat9 !
I'm getting
[02-Feb-2016 17:05:01 America/Chicago] Request URI: /tst154/index.php?main_page=checkout_success, IP address: xx.xx.xx.xx
#1 mysqli_real_escape_string() called at [/includes/classes/db/mysql/query_factory.php:115]
#2 queryFactory->prepare_input() called at [/includes/classes/db/mysql/query_factory.php:496]
#3 queryFactory->prepareInput() called at [/includes/functions/functions_general.php:904]
#4 zen_db_input() called at [/includes/classes/supertracker.php:183]
#5 supertracker->update() called at [/includes/templates/MYTEMPLATE/jscript/jscript_supertracker.php:15]
#6 require(/includes/templates/piccolo2/jscript/jscript_supertracker.php) called at [/includes/templates/template_default/common/html_header.php:129]
#7 require(/includes/templates/template_default/common/html_header.php) called at [/index.php:43]
[02-Feb-2016 17:05:01 America/Chicago] PHP Warning: mysqli_real_escape_string() expects parameter 2 to be string, array given in /includes/classes/db/mysql/query_factory.php on line 115
So my understanding is that I have to upgrade Supertracker, the problem is I already have the latest Supertracker 1.1, which says it is only compatible with 1.5.0 and not 1.5.4.
So I'm tracking.
Base ZC functions like prepare_input() or mysqli_real_escape_string(), can't be involved so, lines 1 to 3 can be forgotten.
Line 4, hmmm..., super tracker line 183, let's see,
Code:
$db->Execute("UPDATE " . TABLE_SUPERTRACKER . "
SET last_click = NOW(),
exit_page='" . zen_db_input(zen_db_prepare_input(urldecode($_SERVER['REQUEST_URI']))) . "',
exit_page_name='" . $page_title . "',
num_clicks=num_clicks+1,
added_cart='" . zen_db_input($tracking_data->fields['added_cart']) . "',
categories_viewed='" . zen_db_input($categories_viewed) . "',
products_viewed='" . zen_db_input($tracking_data->fields['products_viewed']) . "',
customer_id='" . (int)$customer_id . "',
completed_purchase='" . zen_db_input($completed_purchase) . "',
cart_contents='" . zen_db_input($cart_contents) . "',
cart_total = '" . zen_db_input($cart_total) . "',
order_id = '" . (int)$order_id . "'
WHERE tracking_id='" . (int)$tracking_data->fields['tracking_id'] . "'");
// SQL Injection Security Fix (Mathew Chan, 25 Feb 2009)
// $db->prepareInput(zen_db_prepare_input(urldecode($_SERVER['REQUEST_URI'])))
//$db->Execute("UPDATE " . TABLE_SUPERTRACKER . " SET last_click = NOW(), exit_page='" . zen_db_prepare_input(urldecode($_SERVER['REQUEST_URI'])) . "', exit_page_name='" . $page_title . "', num_clicks=num_clicks+1, added_cart='" . $tracking_data->fields['added_cart'] . "', categories_viewed='" . $categories_viewed . "', products_viewed='" . $tracking_data->fields['products_viewed'] . "', customer_id='" . $customer_id . "', completed_purchase='" . $completed_purchase . "', cart_contents='" . $cart_contents . "', cart_total = '" . $cart_total . "', order_id = '" . $order_id . "' WHERE tracking_id='" . $tracking_data->fields['tracking_id'] . "'");
183 --- cart_contents='" . zen_db_input($cart_contents) . "'
This doesn't seem to have anything special.
Either I'm lost or it's again the beginning of the classe :
class supertracker {
function supertracker(){
}
Does using function __construct again will help ?
I'm a bit... Sorry I'm completely lost