Post between line 60 and 70. It is doubtful the error is still on the SQL injection line.
Thread: Need Help Please
Results 21 to 26 of 26
-
29 May 2007, 02:57 AM #21
Suspended
- Join Date
- Aug 2004
- Posts
- 1,590
- Plugin Contributions
- 1
Re: Need Help Please
-
29 May 2007, 10:20 AM #22
New Zenner
- Join Date
- May 2007
- Posts
- 69
- Plugin Contributions
- 0
Re: Need Help Please
lines 46 -> 71
Code:for ($i = 1; $i <= MAX_PRODUCTS; $i++) { $valid = false; $product_exist = false; if(isset($product_name) && $product_name[$i]){ foreach($product_name[$i] as $id => $product_language_name){ if($product_language_name != ''){ if(!$product_exist){ //if(strrchr($product_name[$i], '\\'))$image = substr(strrchr($product_image[$i])), '\\', 1;else $image = substr(strrchr($product_image[$i])), '/', 1; if (eregi('\\', $product_name[$i])) { $image = substr($product_image[$i], 1); } else { $image = str_replace('\\', '/', $image); $image = substr($image, 1); } $db->Execute("INSERT INTO " . TABLE_PRODUCTS . " (products_quantity, products_model, products_image, products_price, products_weight, products_status, products_tax_class_id, manufacturers_id) VALUES (" . $product_quantity[$i] . ", '" . $product_model[$i] . "', '" . $image . "', " . $product_price[$i] . ", " . $product_weight[$i] . ", ". $product_status[$i] . ", " . $product_tax[$i] . ", " . $product_manufacturer[$i] . ")"); $products_id_query = $db->Execute("SELECT products_id from " . TABLE_PRODUCTS . " WHERE products_quantity=" . $product_quantity[$i] ." and products_model='" . $product_model[$i] ."' and products_price=" . $product_price[$i] . " and products_weight=" . $product_weight[$i] . " and products_image='" . $image . "' and products_status=" . $product_status[$i] . " and products_tax_class_id=" . $product_tax[$i] . " and manufacturers_id=" . $product_manufacturer[$i] . "); $products_id = new objectInfo($products_id_query->fields); //$db->Execute("INSERT INTO " . TABLE_PRODUCTS_TO_CATEGORIES . " VALUES ('" . $products_id->products_id . "', '" . $product_categories[$i] . "');"); $db->Execute("INSERT INTO " . TABLE_PRODUCTS_TO_CATEGORIES . " VALUES ('" . (int)$products_id->products_id . "', '" . $product_categories[$i] . "')"); } $db->Execute("INSERT INTO " . TABLE_PRODUCTS_DESCRIPTION . " (products_id, language_id, products_name, products_description) VALUES ('" . $products_id->products_id . "', '" . $languages[$i][$id] . "', '" . $product_language_name . "', '" . $product_description[$i][$id] . "');"); $product_exist = true; $valid = true; } } }
-
29 May 2007, 10:27 AM #23
New Zenner
- Join Date
- May 2007
- Posts
- 69
- Plugin Contributions
- 0
Re: Need Help Please
this was another idea we tried...
Code:##// Update database switch ($_GET['action']) { case 'add' : $products_added = 0; for ($i = 1; $i <= MAX_PRODUCTS; $i++) { $valid = false; $product_exist = false; if($_POST['product_name'][$i]){ foreach($_POST['product_name'][$i] as $id => $product_language_name){ if($product_language_name != ''){ if(!$product_exist){ if(strrchr($_POST['product_image'][$i], '\\'))$image = substr(strrchr(trim(stripslashes($_POST['product_image'][$i])), '\\'), 1);else $image = substr(strrchr(trim(stripslashes($_POST['product_image'][$i])), '/'), 1); $db->Execute("INSERT INTO " . TABLE_PRODUCTS . " (products_quantity, products_model, products_image, products_price, products_weight, products_status, products_tax_class_id, manufacturers_id) VALUES (" . $_POST['product_quantity'][$i] . ", '" . $_POST['product_model'][$i] . "', '" . $image . "', " . $_POST['product_price'][$i] . ", " . $_POST['product_weight'][$i] . ", ". $_POST['product_status'][$i] . ", " . $_POST['product_tax'][$i] . ", " . $_POST['product_manufacturer'][$i] . ");"); $products_id_query = "SELECT products_id from " . TABLE_PRODUCTS . " WHERE products_quantity=" . $_POST['product_quantity'][$i] ." and products_model='" . $_POST['product_model'][$i] ."' and products_price=" . $_POST['product_price'][$i] . " and products_weight=" . $_POST['product_weight'][$i] . " and products_image='" . $image . "' and products_status=" . $_POST['product_status'][$i] . " and products_tax_class_id=" . $_POST['product_tax'][$i] . " and manufacturers_id=" . $POST['product_manufacturer'][$i] . ";"; $products_id = $db->Execute($products_id_query); $db->Execute("INSERT INTO " . TABLE_PRODUCTS_TO_CATEGORIES . " VALUES ('" . $products_id->fields['products_id'] . "', '" . $POST['product_categories'][$i] . "');"); } $db->Execute("INSERT INTO " . TABLE_PRODUCTS_DESCRIPTION . " (products_id, language_id, products_name, products_description) VALUES ('" . $products_id->fields['products_id'] . "', '" . $POST['languages'][$i][$id] . "', '" . $product_language_name . "', '" . $POST['product_description'][$i][$id] . "');"); $product_exist = true; $valid = true; } } } if($valid)$products_added++; } $messageStack->add($products_added . ' ' . TEXT_PRODUCTS_ADDED , 'success'); break; }
-
30 May 2007, 02:18 PM #24
New Zenner
- Join Date
- May 2007
- Posts
- 69
- Plugin Contributions
- 0
So Close.....
after finding a few bugs we got the mains screen up for the mod....
The php file seems to be working fine but i have stumbled on an SQL Hiccup..
This is so close to working, and will be a gr8 benefit to all if we can finish it.Code:1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 in: [SELECT products_id from zen_products WHERE products_quantity=50 and products_model='Test' and products_price=50 and products_weight=2 and products_image='Winter.jpg' and products_status=1 and products_tax_class_id=2 and manufacturers_id=;]
I have attached the SS with the main Screen in Zen Admin.
-
31 May 2007, 03:58 AM #25
Suspended
- Join Date
- Aug 2004
- Posts
- 1,590
- Plugin Contributions
- 1
Re: Need Help Please
As mentioned earlier, remove all instances of:
into:PHP Code:"););
PHP Code:");
-
6 Jun 2007, 01:43 PM #26
New Zenner
- Join Date
- May 2007
- Posts
- 69
- Plugin Contributions
- 0
Re: Need Help Please
We made the mod finally work fairly well in regards to populating the site... there is only 2 problems we have left, 1 is the insertion of the images..and the other is on the very 1st attempt of adding a product it reverts back to the admin login page, this happens only the 1st time and after that t is fine....
i have been through the code many times but still cannot find anything that could cause this....
here is the DB insertion ....
Code:##// Update database switch ($_GET['action']){ case 'add' : $products_added = 0; for ($i = 1; $i <= MAX_PRODUCTS; $i++) { $valid = false; $product_exist = false; if($_POST['product_name'][$i]){ foreach($_POST['product_name'][$i] as $id => $product_language_name){ if($product_language_name != ''){ if(!$product_exist){ echo 'aaaaa'; if(strrchr($_POST['product_image'][$i], '\\'))$image = substr(strrchr(trim(stripslashes($_POST['product_image'][$i])), '\\'), 1);else $image = substr(strrchr(trim(stripslashes($_POST['product_image'][$i])), '/'), 1); $db->Execute("INSERT INTO " . TABLE_PRODUCTS . " (products_quantity, products_model, image, products_price, products_weight, products_status, products_tax_class_id, manufacturers_id) VALUES (" . $_POST['product_quantity'][$i] . ", '" . $_POST['product_model'][$i] . "', '" . $image . "', " . $_POST['product_price'][$i] . ", " . $_POST['product_weight'][$i] . ", ". $_POST['product_status'][$i] . ", " . $_POST['product_tax'][$i] . ", " . $_POST['product_manufacturer'][$i] . ");"); $products_id_query = "SELECT products_id from " . TABLE_PRODUCTS . " WHERE products_quantity=" . $_POST['product_quantity'][$i] ." and products_model='" . $_POST['product_model'][$i] ."' and products_price=" . $_POST['product_price'][$i] . " and products_weight=" . $_POST['product_weight'][$i] . " and products_image='" . $image . "' and products_status=" . $_POST['product_status'][$i] . " and products_tax_class_id=" . $_POST['product_tax'][$i] . " and manufacturers_id=" . $_POST['product_manufacturer'][$i] . ";"; $products_id = $db->Execute($products_id_query); $db->Execute("INSERT INTO " . TABLE_PRODUCTS_TO_CATEGORIES . " VALUES ('" . $products_id->fields['products_id'] . "', '" . $_POST['product_categories'][$i] . "');"); } $db->Execute("INSERT INTO " . TABLE_PRODUCTS_DESCRIPTION . " (products_id, language_id, products_name, products_description) VALUES ('" . $products_id->fields['products_id'] . "', '" . $_POST['languages'][$i][$id] . "', '" . $product_language_name . "', '" . $_POST['product_description'][$i][$id] . "');"); $product_exist = true; $valid = true; } } } if($valid)$products_added++; } $messageStack->add($products_added . ' ' . TEXT_PRODUCTS_ADDED , 'success'); break; }
Similar Threads
-
v150 I need help with my product listing please help im going insane!!
By Darion in forum Templates, Stylesheets, Page LayoutReplies: 10Last Post: 10 Sep 2012, 04:16 AM -
v150 I need help with my product listing please help im going insane!!
By Darion in forum General QuestionsReplies: 1Last Post: 10 Sep 2012, 02:12 AM -
please help need help for reviews and tips page
By abs007 in forum General QuestionsReplies: 2Last Post: 9 Apr 2009, 02:14 PM -
Need help with color scheme - URGENT PLEASE HELP
By nepton in forum Templates, Stylesheets, Page LayoutReplies: 4Last Post: 18 Nov 2008, 03:48 AM -
Mcafee scan says I need to fix I need help please??
By touchclothing in forum General QuestionsReplies: 2Last Post: 30 Sep 2008, 08:57 PM
Bookmarks