Authorize.net SIM module seems incompatible with Mysql Strict mode since it tries to insert '' as the
transaction ID when payment is rejected.
Authorize.net SIM module seems incompatible with Mysql Strict mode since it tries to insert '' as the
transaction ID when payment is rejected.
True.
Simple fix:
/includes/modules/payment/authorizenet.php
around line 607 change this:
to this:Code:$sql = $db->bindVars($sql, ':transID', $response['x_trans_id'], 'string');
Same with authorizenet_aim.php line 687, if you're going to use the AIM module.Code:if (trim($response['x_trans_id']) != '') { $sql = $db->bindVars($sql, ':transID', $response['x_trans_id'], 'string'); } else { $sql = $db->bindVars($sql, ':transID', 'NULL', 'passthru'); }
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Alternatively you could just use:
But that will leave you with a bunch of 0 values for transaction_id, instead of blank. It's a small difference but does impact storage ever so slightly.Code:$sql = $db->bindVars($sql, ':transID', $this->transaction_id, 'integer');
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Thanks for the quick fix. Any chance it'll get into the next release?
FWIW, I'd probably use the ternary operator as it's only a single argument changing.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Bookmarks