
Originally Posted by
RodG
Aha. That's a good start, but it doesn't really give much info about what is required for the update_product.php file, which, in simple terms, just requires an addition to the $sql_data_array the name of the custom DB field, and a sanitised rendition of the $_POST field from the collect_info.php page.
The *lack* of this field doesn't explain the mod_security error, but it could imply that the custom DB field has been added to this file and isn't being correctly sanitised, so the 1st thing I'd be doing is replacing this file with an unmodifed copy, which should make the mod_security error 'go away' (IOW, you'll be able to edit/save all the other data fields ok), and when this is the case, re-add the new field and possibly debug with part of the new $_POST variable is actually triggereing the error (assuming the error is still triggered).
Cheers
RodG
ps. I'm about to head off to bed (2:20am) so you'll probably get no more reply from me until tomorrow.
Thank you very much for the late night replies. update_product.php has this line for $sql_data_array = array:
PHP Code:
'youtube_vids' => zen_db_prepare_input($_POST['youtube_vids'])
Tried all of this with the stock files, but as I mentioned the regular product description area allows for the iframe anyway with or with the custom field there.