smartwork Posted January 28, 2013 Posted January 28, 2013 we use text attributes - customer enters personalization info. We also have the quantity price break contribution installed. Both work great with exception to this scenario: Customer enters a comma in the text field and follows it with a space or letter, and that comma complicates things. If the comma is followed by a number, no problem. Here's where I think the problem is - see the explode and implode lines that uses a comma. includes/classes/PriceFormatterStore.php function PriceFormatterStore() { global $cart, $languages_id; if (is_object($cart)) { $product_id_list = $cart->get_product_id_list(); if (tep_not_null($product_id_list)) { // get rid of attributes first $product_id_list_array = array(); $product_id_list_temp_array = explode(",", $product_id_list); foreach ($product_id_list_temp_array as $key => $value) { // only add valid values: issue with the first value in the product id list // being empty which gave an error in the next query [e.g. products_id in (,52,48)] // on checkout $valid_value = tep_get_prid($value); if (tep_not_null($valid_value)) { $product_id_list_array[] = $valid_value; } } $product_id_list_array = array_unique($product_id_list_array); unset($product_id_list); $product_id_list = implode(",", $product_id_list_array); // now do one query for all products in the shopping basket $sql = "select pd.products_name, pd.products_packaged_components, p.products_model, p.products_image, p.products_id," . " p.manufacturers_id, p.products_price, p.products_weight, p.products_quantity," . " p.products_qty_blocks, p.products_tax_class_id," . " IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price," . " ptdc.discount_categories_id from (((" . TABLE_PRODUCTS . " p) left join " . TABLE_SPECIALS . " s on " . " p.products_id = s.products_id )left join " . TABLE_PRODUCTS_TO_DISCOUNT_CATEGORIES . " ptdc on " . " p.products_id = ptdc.products_id, " . " " . TABLE_PRODUCTS_DESCRIPTION . " pd ) where p.products_status = '1'" . " and pd.products_id = p.products_id " . " and p.products_id in (" . $product_id_list . ")" . " and pd.language_id = '". (int)$languages_id ."'"; I believe the customers entered comma is complicating that implode line and then combines that text with p.product_id resulting in this error at shopping_cart.php. In this example, the text - me, you - was entered. See where it adds - you - in the "in" condition toward the end of this select. 1054 - Unknown column 'you' in 'where clause' select pd.products_name, pd.products_packaged_components, p.products_model, p.products_image, p.products_id, p.manufacturers_id, p.products_price, p.products_weight, p.products_quantity, p.products_qty_blocks, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, ptdc.discount_categories_id from products p left join specials s on p.products_id = s.products_id left join products_to_discount_categories ptdc on p.products_id = ptdc.products_id, products_description pd where p.products_status = '1' and pd.products_id = p.products_id and p.products_id in (3612, you) and pd.language_id = '1' Can anyone advise to a work around on this to deal with a comma that a customer may enter? Thank you!
smartwork Posted January 28, 2013 Author Posted January 28, 2013 I think I found a fix for anyone who may run into this. The text entry was being added to the product ID list and by text being added to that list, it was causing the check of "in" to fail. I installed a numeric check in the loop that builds that list. This prevents text values from being added to the product_id list.
rak1 Posted January 29, 2013 Posted January 29, 2013 Im getting that error. can you tell me exactly how to fix it? Thanks
rak1 Posted January 29, 2013 Posted January 29, 2013 PS. but my error is when I click on a catagory...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.