i was having a problem with "[INSERT INTO dg_businessTS_detail" and found a customer had an apostrophe in his name,
i corrected it by adding mysql_real_escape_string() to the customers name in the insert query.
changed line 189
Code:
$insert = "INSERT INTO dg_businessTS_detail (order_date, orders_id, customers_name, payment_method, subtotal, coupon, discount, tax, shipping, order_total) VALUES ('" . $dataset->fields['orderdate'] . "', " . $dataset->fields['orders_id'] . ", '" . $dataset->fields['customers_name'] . "', '". $dataset->fields['payment_method'] . "', " . $dataset->fields['subtotal'] . ", " . $dataset->fields['coupons'] . ", " . $dataset->fields['discounts'] . ", " . $dataset->fields['tax'] . ", " . $dataset->fields['shipping'] . ", " . $dataset->fields['ordertotal'] . ")";
to
Code:
$insert = "INSERT INTO dg_businessTS_detail (order_date, orders_id, customers_name, payment_method, subtotal, coupon, discount, tax, shipping, order_total) VALUES ('" . $dataset->fields['orderdate'] . "', " . $dataset->fields['orders_id'] . ", '" . mysql_real_escape_string($dataset->fields['customers_name']) . "', '". $dataset->fields['payment_method'] . "', " . $dataset->fields['subtotal'] . ", " . $dataset->fields['coupons'] . ", " . $dataset->fields['discounts'] . ", " . $dataset->fields['tax'] . ", " . $dataset->fields['shipping'] . ", " . $dataset->fields['ordertotal'] . ")";
probably should correct this elsewhere so it gets properly inserted, but that's for another post!
hope this helps someone,
Sean
Bookmarks