This is the 2nd time we have faced this problem. We had an issue with some orders being authorized through Authorize.net but there was no record of the sale in Zen Cart. We realized that there was a single quote in the Product's title which was causing the problem, truncating the SQL prematurely. We made a workaround by removing the single quote from the Product title. Now we have another similar situation where the order was processed by Authorize.net but no record of the order in Zen Cart. This time the customer entered a single quote in the Address field and we suspect that this is what caused the problem.
Is there an easy way to take care of this problem? I have not tested it but does this mean that SQL injection is possible?
I would appreciate if someone could recommend a solution or point me in the right direction. Thanks.



