Originally Posted by
Elemi
okay, so I just did the update from c to d (minus the paypal files) and have this as an error log
Code:
[02-Mar-2022 11:08:14 Pacific/Auckland] Request URI: /index.php?main_page=product_reviews_info&products_id=134&reviews_id=2, IP address: 222.152.188.206
#1 trigger_error() called at [/home/amoraromatherapy/public_html/includes/classes/db/mysql/query_factory.php:170]
#2 queryFactory->show_error() called at [/home/amoraromatherapy/public_html/includes/classes/db/mysql/query_factory.php:142]
#3 queryFactory->set_error() called at [/home/amoraromatherapy/public_html/includes/classes/db/mysql/query_factory.php:269]
#4 queryFactory->Execute() called at [/home/amoraromatherapy/public_html/includes/classes/observers/class.savecart.php:109]
#5 save_cart->__construct() called at [/home/amoraromatherapy/public_html/includes/autoload_func.php:44]
#6 require(/home/amoraromatherapy/public_html/includes/autoload_func.php) called at [/home/amoraromatherapy/public_html/includes/application_top.php:222]
#7 require(/home/amoraromatherapy/public_html/includes/application_top.php) called at [/home/amoraromatherapy/public_html/index.php:25]
--> PHP Fatal error: 1054:Unknown column '7_chk26' in 'where clause' :: SELECT pa.products_attributes_id
FROM products_attributes pa
INNER JOIN products_options po
ON po.products_options_id = pa.options_id
AND po.language_id = 1
INNER JOIN products_options_values pov
ON pov.products_options_values_id = pa.options_values_id
AND pov.language_id = 1
WHERE pa.products_id = 63
AND pa.options_id = 7_chk26
AND pa.options_values_id = 26
LIMIT 1 ==> (as called by) /home/amoraromatherapy/public_html/includes/classes/observers/class.savecart.php on line 109 <== in /home/amoraromatherapy/public_html/includes/classes/db/mysql/query_factory.php on line 170.
I don't know if it's related or not, however when I uploaded the admin/orders.php file, I have no access to my Orders page - it's a blank screen.
Suggestions please :-)
Your "plugin" doesn't properly quote content in generating the query that is executed.
The file includes/classes/observers/class.savecart.php should have single quotes around the option_id "value" when the option_id is not a number.
The query should be either generated at line 109 or shortly before.
I would expect the query at the line of concern to look something like:
Code:
AND pa.options_id = ' . $option_id . '
And instead would be "better" as:
Code:
AND pa.options_id = ' . (is_numeric($option_id) ? $option_id : "'" . $option_id . "'") . '
Bookmarks