knifeman Posted September 21, 2011 Posted September 21, 2011 we are using this payment module to connect to Sage Payments http://sage-osc.com/module1.php After awhile of using this module, I found out that there is a slight problem. If a customer enters an address like this: 512 Mary's Way The address sent to Sage is this: 512 Mary/'s Way That slash messes up the Sage website when it is time to settle our batch. I can post some code if need be, but I am unsure of where to begin preventing the slashes. Can anyone point me in the right direction? Tim This is what I believe to be pertinent code from includes/payment/modules... //Sets the order number and hidden fields function process_button() { global $_POST, $order; //assigns an orderID $query = tep_db_query("select * from " . TABLE_ORDERS . " order by orders_id desc limit 1"); $last_order_id = tep_db_fetch_array($query); $new_order_id = $last_order_id['orders_id']; $new_order_id = ($new_order_id + 1); $process_button_string = tep_draw_hidden_field('M_id', MODULE_PAYMENT_NET1_MERCHANT_ID) . tep_draw_hidden_field('M_key', MODULE_PAYMENT_NET1_MERCHANT_KEY) . tep_draw_hidden_field('T_amt', number_format($order->info['total'], 2)) . tep_draw_hidden_field('T_ordernum', $new_order_id) . tep_draw_hidden_field('C_cardnumber', $this->cc_card_number) . tep_draw_hidden_field('C_exp', $this->cc_expiry_month . substr($this->cc_expiry_year, -2)) . tep_draw_hidden_field('C_name', $order->billing['firstname'] . ' ' . $order->billing['lastname']) . tep_draw_hidden_field('C_address', $order->billing['street_address']) . tep_draw_hidden_field('C_city', $order->billing['city']) . tep_draw_hidden_field('C_state', $order->billing['state']) . tep_draw_hidden_field('C_zip', $order->billing['postcode']) . tep_draw_hidden_field('C_email', $order->billing['email']) . tep_draw_hidden_field('C_cvv', $_POST['net1_cc_cvv']) . tep_draw_hidden_field('T_code', "02"); return $process_button_string; }//end process_button function before_process() { global $_POST; $eftsecure_url = 'https://xxxxxxx.net/cgi-bin/eftBankcard.dll?transaction'; //should be set from the admin panel $data = "M_id=" . MODULE_PAYMENT_NET1_MERCHANT_ID; //merchant id $data .= "&M_key=" . MODULE_PAYMENT_NET1_MERCHANT_KEY; //merchant key /*Encode data to be sent. This stuff was grabbed from the earlier creation of the process_button_string (those little hidden input fields) */ $data .= "&T_amt=" . urlencode( $_POST['T_amt'] ); $data .= "&C_name=" . urlencode( $_POST['C_name'] ); $data .= "&C_address=" . urlencode( $_POST['C_address'] ); $data .= "&C_city=" . urlencode( $_POST['C_city'] ); $data .= "&C_state=" . urlencode( $_POST['C_state'] ); $data .= "&C_zip=" . urlencode( $_POST['C_zip'] ); $data .= "&C_email=" . urlencode( $_POST['C_email'] ); $data .= "&C_cardnumber=" . urlencode( $_POST['C_cardnumber'] ); $data .= "&C_exp=" . urlencode( $_POST['C_exp'] ); $data .= "&T_code=02"; //transaction type indicator //curl procedures $ch = curl_init(); //initialize the CURL library. curl_setopt($ch, CURLOPT_URL, $eftsecure_url); // set the URL to post to. curl_setopt($ch, CURLOPT_POST, 1); // tell it to POST not GET (you can GET but POST is //preferred) curl_setopt($ch, CURLOPT_POSTFIELDS, $data); // set the data to be posted. /* this tells the library to return the data to you instead of writing it to a file */ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $res = curl_exec($ch); // make the post. curl_close($ch); // shut down the curl library.
hughesca Posted September 21, 2011 Posted September 21, 2011 It's happening here with urlencode in your code below: $data .= "&T_amt=" . urlencode( $_POST['T_amt'] ); $data .= "&C_name=" . urlencode( $_POST['C_name'] ); $data .= "&C_address=" . urlencode( $_POST['C_address'] ); $data .= "&C_city=" . urlencode( $_POST['C_city'] ); $data .= "&C_state=" . urlencode( $_POST['C_state'] ); $data .= "&C_zip=" . urlencode( $_POST['C_zip'] ); $data .= "&C_email=" . urlencode( $_POST['C_email'] ); $data .= "&C_cardnumber=" . urlencode( $_POST['C_cardnumber'] ); $data .= "&C_exp=" . urlencode( $_POST['C_exp'] ); $data .= "&T_code=02"; You'll want to check to see if you have magic quotes enabled on your server. If it's not, doing so should resolve the issue. If you are unable to change that setting, you'll need to add a stripslashes() function in there. ;) Hope that helps! Peace, Chris
knifeman Posted September 21, 2011 Author Posted September 21, 2011 Thanks Chris, I have magic qutes enabled per my server info: --enable-magic-quotes' ' I will see if i can figure out the stripslashes() function Tim
hughesca Posted September 21, 2011 Posted September 21, 2011 Try: $data .= "&C_address=" . stripslashes(urlencode( $_POST['C_address'] )); Peace, Chris
knifeman Posted September 21, 2011 Author Posted September 21, 2011 Thanks Chris, I tried exactly what you proposed, but it made no difference. My Merchant provider was no help, they want me to put a mesasage on my site for customers to not enter special characters. of course that is not the solution either. Tim
hughesca Posted September 21, 2011 Posted September 21, 2011 How about: $data .= "&C_address=" . (stripslashes(urlencode( $_POST['C_address'] )));
knifeman Posted September 21, 2011 Author Posted September 21, 2011 I will try that this evening. I was thinking during my dinner break that maybe the slashes are added at the merchant website, not by mine. So no amount of sanitizing will affect the outcome... Tim
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.