Quickbooks Import QBI Support Thread

[swguy]

Plugin: https://www.zen-cart.com/downloads.php?do=file&id=54

[wolfderby]

so I'm trying to update this add-on but I need a little help getting the admin page registration working but possibly more importantly this error sorted out to make sure it'll all be worth it:

[07-Jan-2018 01:27:35 America/New_York] Request URI: /spelL-MUd-shoRe/qbi_config.php, IP address: 73.52.227.139
#1 mysqli_real_escape_string() called at [/home/content/62/5902262/html/MY_ADMIN/includes/functions/qbi_functions.php:152]
#2 mysql_escape_string_array()
#3 array_walk() called at [/home/content/62/5902262/html/MY_ADMIN/includes/classes/qbi_classes.php:2610]
#4 Proc_form->proc_cleanData() called at [/home/content/62/5902262/html/MY_ADMIN/qbi_config.php:30]

[08-Jan-2018 15:36:37 America/New_York] PHP Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in /home/content/62/5902262/html/MY_ADMIN/includes/functions/qbi_functions.php on line 154


here's the guilty function:

Code:

function mysql_escape_string_array(&$var, $db) {
    if (is_array($var)) {
        array_walk($var,'mysql_escape_string_array', $db);
    } else {
        $var=mysqli_real_escape_string($db,$var); // This function is deprecated. PHP>=4.3.0 may use mysql_real_escape_string
    }
    return $var;
}

if I switch it to mysql_real_escape_string( and swap the order of the parameters as needed) it php errors about $db not being a resource.

I don't quite understand constructors or classes at this point in my programming experience but this qbi_mysql.php file contains this:

Code:

    function & query($sql) {
		$this->dbConn = mysqli_connect($this->host, $this->dbUser, $this->dbPass, $this->dbName);
		
        if (!$queryResource=mysqli_query($this->dbConn,$sql)) {
            trigger_error ('Query failed: '.mysqli_error($this->dbConn).' SQL: '.$sql);
		}

		return new MySQLResult($this,$queryResource);
    }
}

which might help someone suggest a solution possibly?

[swguy]

Best practice in Zen Cart is *not* to use mysqli directly. This will get you started on understanding the Zen Cart db abstraction layer:
https://www.zen-cart.com/wiki/index....ers_-_Database

[ShopVille]

Is this for QB online or QB desktop ?

[mc12345678]

so I'm trying to update this add-on but I need a little help getting the admin page registration working but possibly more importantly this error sorted out to make sure it'll all be worth it:

[07-Jan-2018 01:27:35 America/New_York] Request URI: /spelL-MUd-shoRe/qbi_config.php, IP address: 73.52.227.139
#1 mysqli_real_escape_string() called at [/home/content/62/5902262/html/MY_ADMIN/includes/functions/qbi_functions.php:152]
#2 mysql_escape_string_array()
#3 array_walk() called at [/home/content/62/5902262/html/MY_ADMIN/includes/classes/qbi_classes.php:2610]
#4 Proc_form->proc_cleanData() called at [/home/content/62/5902262/html/MY_ADMIN/qbi_config.php:30]

[08-Jan-2018 15:36:37 America/New_York] PHP Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in /home/content/62/5902262/html/MY_ADMIN/includes/functions/qbi_functions.php on line 154


here's the guilty function:

Code:

function mysql_escape_string_array(&$var, $db) {
    if (is_array($var)) {
        array_walk($var,'mysql_escape_string_array', $db);
    } else {
        $var=mysqli_real_escape_string($db,$var); // This function is deprecated. PHP>=4.3.0 may use mysql_real_escape_string
    }
    return $var;
}

if I switch it to mysql_real_escape_string( and swap the order of the parameters as needed) it php errors about $db not being a resource.

I don't quite understand constructors or classes at this point in my programming experience but this qbi_mysql.php file contains this:

Code:

    function & query($sql) {
		$this->dbConn = mysqli_connect($this->host, $this->dbUser, $this->dbPass, $this->dbName);
		
        if (!$queryResource=mysqli_query($this->dbConn,$sql)) {
            trigger_error ('Query failed: '.mysqli_error($this->dbConn).' SQL: '.$sql);
		}

		return new MySQLResult($this,$queryResource);
    }
}

which might help someone suggest a solution possibly?

If you do stay with the direct mysqli_ related function call (instead of using built-in ZC functions), then the first parameter instead of just $db (database object) would need to be the database link. Such is referenced within the query_factory class file by review of similar functions.

Further, like swguy was suggesting, there is a function within ZC that already supports the action part of that function, but not one that addresses the array aspect. Again that is in the query_factory class file and would make that portion of code flexible/compatible to more versions of ZC/php.

[wolfderby]

Is this for QB online or QB desktop ?

This I believe is for QB Desktop to generate an IFF file

[wolfderby]

So I'm still stuck in the qbi_class.php file

Code:

	function find_country_id($country_name) {
		//$country_name=mysqli_real_escape_string($this->db,$country_name);
		//global $db;
		//$this->db=$db;
		//$this->db=$db;
		$country_name=mysql_real_escape_string($country_name,$this->dbConn);
		$country_id=0;
		$sql="SELECT countries_id FROM ".TABLE_COUNTRIES." WHERE countries_name LIKE '".$country_name."'";
		$result=$this->db->query($sql);
		if ($row=$result->fetch()) $country_id=$row['countries_id'];
		return($country_id);
	}

Considering this isn't used in any other part of zen-cart that I can find using developers tool-kit (or google really) i'm thinking there's a better way all together, basically I can't seem to satisfy the db link (2nd parameter part) for mysqli_real_escape_string

[wolfderby]

so after reading more into the database abstraction I'm convinced I need to go this bindVars route... so I'm trying this...

Code:

	function find_country_id($country_name) {
		$country_id=0;
		$sql="SELECT countries_id FROM ".TABLE_COUNTRIES." WHERE countries_name LIKE :country_name";
		$sql = $db->bindVars($sql, ':country_name', $country_name, 'string');
		$result = $db->Execute($sql);
		$country_id = $result->fields['countries_id']; 
		//$result=$this->db->query($sql);
		//if ($row=$result->fetch()) $country_id=$row['countries_id'];
		return($country_id);
	}

but it results in...

[08-Jan-2018 22:01:16 America/New_York] PHP Fatal error: Call to a member function bindVars() on a non-object in

[mc12345678]

so after reading more into the database abstraction I'm convinced I need to go this bindVars route... so I'm trying this...

Code:

	function find_country_id($country_name) {
		$country_id=0;
		$sql="SELECT countries_id FROM ".TABLE_COUNTRIES." WHERE countries_name LIKE :country_name";
		$sql = $db->bindVars($sql, ':country_name', $country_name, 'string');
		$result = $db->Execute($sql);
		$country_id = $result->fields['countries_id']; 
		//$result=$this->db->query($sql);
		//if ($row=$result->fetch()) $country_id=$row['countries_id'];
		return($country_id);
	}

but it results in...

[08-Jan-2018 22:01:16 America/New_York] PHP Fatal error: Call to a member function bindVars() on a non-object in

I don't know if the following is cruel or just enough of a carrot. So, considering the things that have been made available to the function, is there anything in that line that seems undefined? Think beyond what is in the line as something you know/expect.

Now again, regarding the use of mysql_/mysqli_ related functions, these are typically abstracted in the ZC code so that a "common" function name can be used through all versions of ZC and the software still work. A concern I have whether valid or not, is that it appears that the software is written to take a sort of snapshot of the database and hold it in time while processing, as compared to constantly using the data of the current database. While it may not be so important in this particular function of whether to use the class' internal $db or the one that is used throughout the ZC software, there may be instances where an operation is performed on the internal $db in one function the results of which are pulled from another with the expectation that the internal $db data hasn't been modified between the two operations.

It's not something that I necessarily expect, but considering how the internal $db was assigned at one point or another, it seems possible to use it that way and therefore would consider continuing to use in the same way but through migration to the functions available in the database's class.

[wolfderby]

I don't know if the following is cruel or just enough of a carrot. So, considering the things that have been made available to the function, is there anything in that line that seems undefined? Think beyond what is in the line as something you know/expect.

Now again, regarding the use of mysql_/mysqli_ related functions, these are typically abstracted in the ZC code so that a "common" function name can be used through all versions of ZC and the software still work. A concern I have whether valid or not, is that it appears that the software is written to take a sort of snapshot of the database and hold it in time while processing, as compared to constantly using the data of the current database. While it may not be so important in this particular function of whether to use the class' internal $db or the one that is used throughout the ZC software, there may be instances where an operation is performed on the internal $db in one function the results of which are pulled from another with the expectation that the internal $db data hasn't been modified between the two operations.

It's not something that I necessarily expect, but considering how the internal $db was assigned at one point or another, it seems possible to use it that way and therefore would consider continuing to use in the same way but through migration to the functions available in the database's class.

Just enough of a carrot, thanks!

added global $db and it seems to be working for at least 1 new order.

attempting to dl 7206 orders internal server error 500'd but that's probably just my hosting, might attempt to add order range constraints.