Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Checkout Problem


shahed

Recommended Posts

I'm using Authorize.net, when I try to checkout I get this error on

checkout_process.php page.

Good part is order goes through but I get this error:

 

You have an error in your SQL syntax near '' at line 2

 

Here is my code on checkout_process.php, anything wrong with it? Let me know.

 

 

/*

 $Id: checkout_process.php,v 1.10 2003/02/16 15:40:39 wilt Exp $



 osCommerce, Open Source E-Commerce Solutions

 http://www.oscommerce.com



 Copyright (c) 2002 osCommerce



 Released under the GNU General Public License

*/



 include('includes/application_top.php');



// if the customer is not logged on, redirect them to the login page

 if (!tep_session_is_registered('customer_id')) {

   $navigation->set_snapshot(array('mode' => 'SSL', 'page' => FILENAME_CHECKOUT_PAYMENT));

   tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));

 }

 

 if (!tep_session_is_registered('sendto')) {

   tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));

 }



 if ( (tep_not_null(MODULE_PAYMENT_INSTALLED)) && (!tep_session_is_registered('payment')) ) {

   tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));

}



// avoid hack attempts during the checkout procedure by checking the internal cartID

 if (isset($cart->cartID) && tep_session_is_registered('cartID')) {

   if ($cart->cartID != $cartID) {

     tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));

   }

 }



 include(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CHECKOUT_PROCESS);



// load selected payment module

 require(DIR_WS_CLASSES . 'payment.php');

 $payment_modules = new payment($payment);



// load the selected shipping module

 require(DIR_WS_CLASSES . 'shipping.php');

 $shipping_modules = new shipping($shipping);



 require(DIR_WS_CLASSES . 'order.php');

 $order = new order;

// load the before_process function from the payment modules

 $payment_modules->before_process();





 require(DIR_WS_CLASSES . 'order_total.php');



 $order_total_modules = new order_total;



 $order_totals = $order_total_modules->process();



 $sql_data_array = array('customers_id' => $customer_id,

                         'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'],

                         'customers_company' => $order->customer['company'],

                         'customers_street_address' => $order->customer['street_address'],

                         'customers_suburb' => $order->customer['suburb'],

                         'customers_city' => $order->customer['city'],

                         'customers_postcode' => $order->customer['postcode'], 

                         'customers_state' => $order->customer['state'], 

                         'customers_country' => $order->customer['country']['title'], 

                         'customers_telephone' => $order->customer['telephone'], 

                         'customers_email_address' => $order->customer['email_address'],

                         'customers_address_format_id' => $order->customer['format_id'], 

                         'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 

                         'delivery_company' => $order->delivery['company'],

                         'delivery_street_address' => $order->delivery['street_address'], 

                         'delivery_suburb' => $order->delivery['suburb'], 

                         'delivery_city' => $order->delivery['city'], 

                         'delivery_postcode' => $order->delivery['postcode'], 

                         'delivery_state' => $order->delivery['state'], 

                         'delivery_country' => $order->delivery['country']['title'], 

                         'delivery_address_format_id' => $order->delivery['format_id'], 

                         'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'], 

                         'billing_company' => $order->billing['company'],

                         'billing_street_address' => $order->billing['street_address'], 

                         'billing_suburb' => $order->billing['suburb'], 

                         'billing_city' => $order->billing['city'], 

                         'billing_postcode' => $order->billing['postcode'], 

                         'billing_state' => $order->billing['state'], 

                         'billing_country' => $order->billing['country']['title'], 

                         'billing_address_format_id' => $order->billing['format_id'], 

                         'payment_method' => $order->info['payment_method'], 

                         'cc_type' => $order->info['cc_type'], 

                         'cc_owner' => $order->info['cc_owner'], 

                         'cc_number' => $order->info['cc_number'], 

                         'cc_expires' => $order->info['cc_expires'], 

                         'date_purchased' => 'now()', 

                         'orders_status' => $order->info['order_status'], 

                         'currency' => $order->info['currency'], 

                         'currency_value' => $order->info['currency_value']);

 tep_db_perform(TABLE_ORDERS, $sql_data_array);

 $insert_id = tep_db_insert_id();

 for ($i=0; $i<sizeof($order_totals); $i++) {

   $sql_data_array = array('orders_id' => $insert_id,

                           'title' => $order_totals[$i]['title'],

                           'text' => $order_totals[$i]['text'],

                           'value' => $order_totals[$i]['value'], 

                           'class' => $order_totals[$i]['code'], 

                           'sort_order' => $order_totals[$i]['sort_order']);

   tep_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);

 }



//START OF THE CODE MODIFIED BY ALIENWIZ 030430

 $customer_notification = (SEND_EMAILS == 'true') ? '1' : '0';

 $sql_data_array = array('orders_id' => $insert_id, 

                         'orders_status_id' => $order->info['order_status'], 

                         'date_added' => 'now()', 

                         'customer_notified' => $customer_notification,

                         'comments' => $order->info['comments'],

                        'heard_about' => $hearab);

 tep_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);

//END OF THE CODE MODIFIED BY ALIENWIZ 030430



// initialized for the email confirmation

 $products_ordered = '';

 $subtotal = 0;

 $total_tax = 0;



 for ($i=0; $i<sizeof($order->products); $i++) {

// Stock Update - Joao Correia

   if (STOCK_LIMITED == 'true') {

       if ((DOWNLOAD_ENABLED == 'true') && isset($attributes_values['products_attributes_filename']) && tep_not_null($attributes_values['products_attributes_filename'])) {

       $stock_query_raw = "SELECT products_quantity, pad.products_attributes_filename 

                           FROM " . TABLE_PRODUCTS . " p

                           LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES . " pa

                            ON p.products_id=pa.products_id

                           LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad

                            ON pa.products_attributes_id=pad.products_attributes_id

                           WHERE p.products_id = '" . tep_get_prid($order->products[$i]['id']) . "'";

// Will work with only one option for downloadable products

// otherwise, we have to build the query dynamically with a loop

       $products_attributes = $order->products[$i]['attributes'];

       if (is_array($products_attributes)) {

         $stock_query_raw .= " AND pa.options_id = '" . $products_attributes[0]['option_id'] . "' AND pa.options_values_id = '" . $products_attributes[0]['value_id'] . "'";

       }

       $stock_query = tep_db_query($stock_query_raw);

     } else {

       $stock_query = tep_db_query("select products_quantity from " . TABLE_PRODUCTS . " where products_id = '" . tep_get_prid($order->products[$i]['id']) . "'");

     }

     if (tep_db_num_rows($stock_query) > 0) {

       $stock_values = tep_db_fetch_array($stock_query);

// do not decrement quantities if products_attributes_filename exists

       if ((DOWNLOAD_ENABLED != 'true') || (!$stock_values['products_attributes_filename'])) {

         $stock_left = $stock_values['products_quantity'] - $order->products[$i]['qty'];

       } else {

         $stock_left = $stock_values['products_quantity'];

       }

       tep_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . $stock_left . "' where products_id = '" . tep_get_prid($order->products[$i]['id']) . "'");

       if ($stock_left < 1) {

         tep_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . tep_get_prid($order->products[$i]['id']) . "'");

       }

     }

   }



// Update products_ordered (for bestsellers list)

   tep_db_query("update " . TABLE_PRODUCTS . " set products_ordered = products_ordered + " . sprintf('%d', $order->products[$i]['qty']) . " where products_id = '" . tep_get_prid($order->products[$i]['id']) . "'");



   $sql_data_array = array('orders_id' => $insert_id, 

                           'products_id' => tep_get_prid($order->products[$i]['id']), 

                           'products_model' => $order->products[$i]['model'], 

                           'products_name' => $order->products[$i]['name'], 

                           'products_price' => $order->products[$i]['price'], 

                           'final_price' => $order->products[$i]['final_price'], 

                           'products_tax' => $order->products[$i]['tax'], 

                           'products_quantity' => $order->products[$i]['qty']);

   tep_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array);

   $order_products_id = tep_db_insert_id();

   $order_total_modules->update_credit_account($i);//ICW ADDED FOR ORDER_TOTAL CREDIT SYSTEM

//------insert customer choosen option to order--------

   $attributes_exist = '0';

   $products_ordered_attributes = '';

   if ($order->products[$i]['attributes']) {

     $attributes_exist = '1';

     for ($j=0; $j<sizeof($order->products[$i]['attributes']); $j++) {



/*

      if (DOWNLOAD_ENABLED == 'true') {

         $attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename 

                              from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa 

                              left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad

                               on pa.products_attributes_id=pad.products_attributes_id

                              where pa.products_id = '" . $order->products[$i]['id'] . "' 

                               and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' 

                               and pa.options_id = popt.products_options_id 

                               and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' 

                               and pa.options_values_id = poval.products_options_values_id 

                               and popt.language_id = '" . $languages_id . "' 

                               and poval.language_id = '" . $languages_id . "'";

         $attributes = tep_db_query($attributes_query);

       } else {

         $attributes = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $languages_id . "' and poval.language_id = '" . $languages_id . "'");

       }

       $attributes_values = tep_db_fetch_array($attributes);



       $sql_data_array = array('orders_id' => $insert_id, 

                               'orders_products_id' => $order_products_id, 

                               'products_options' => $attributes_values['products_options_name'],

                               'products_options_values' => $attributes_values['products_options_values_name'], 

                               'options_values_price' => $attributes_values['options_values_price'], 

                               'price_prefix' => $attributes_values['price_prefix']);

       tep_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);



       if (DOWNLOAD_ENABLED == 'true') {

         $sql_data_array = array('orders_id' => $insert_id, 

                                 'orders_products_id' => $order_products_id, 

                                 'orders_products_filename' => $attributes_values['products_attributes_filename'], 

                                 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 

                                 'download_count' => $attributes_values['products_attributes_maxcount']);

         tep_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);

       }

*/



//START OF THE CODE MODIFIED BY ALIENWIZ 030430

   $option_id=$order->products[$i]['attributes'][$j]['option_id'];

   if ($option_id!= -9 && $option_id!=-8 && $option_id!=-7) {

  	 if (DOWNLOAD_ENABLED == 'true') {

     $attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename 

                from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa 

                left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad

              	 on pa.products_attributes_id=pad.products_attributes_id

                where pa.products_id = '" . $order->products[$i]['id'] . "' 

              	 and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' 

              	 and pa.options_id = popt.products_options_id 

              	 and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' 

              	 and pa.options_values_id = poval.products_options_values_id 

              	 and popt.language_id = '" . $languages_id . "' 

              	 and poval.language_id = '" . $languages_id . "'";

     $attributes = tep_db_query($attributes_query);

  	 } else {

     $attributes = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $languages_id . "' and poval.language_id = '" . $languages_id . "'");

  	 }

  	 $attributes_values = tep_db_fetch_array($attributes);



  	 $sql_data_array = array('orders_id' => $insert_id, 

              	 'orders_products_id' => $order_products_id, 

              	 'products_options' => $attributes_values['products_options_name'],

              	 'products_options_values' => $attributes_values['products_options_values_name'], 

              	 'options_values_price' => $attributes_values['options_values_price'], 

              	 'price_prefix' => $attributes_values['price_prefix']);

  	 tep_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);



  	 if ((DOWNLOAD_ENABLED == 'true') && isset($attributes_values['products_attributes_filename']) && tep_not_null($attributes_values['products_attributes_filename'])) {

     $sql_data_array = array('orders_id' => $insert_id, 

                 'orders_products_id' => $order_products_id, 

                 'orders_products_filename' => $attributes_values['products_attributes_filename'], 

                 'download_maxdays' => $attributes_values['products_attributes_maxdays'], 

                 'download_count' => $attributes_values['products_attributes_maxcount']);

     tep_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);

  	 }

   }else{

  	 if ($option_id==-9) {

$str_sql="SELECT n1.neigh_id, n1.neigh_name, n2.neigh_name FROM aw_neighbourhoods n1, aw_neighbourhoods n2 

           WHERE n1.parent_id=n2.neigh_id AND n1.neigh_id=".$value;

    	 $rst=mysql_query($str_sql);

    	 if ($rst) {

       $adata=mysql_fetch_row($rst);

  	 $sql_data_array = array('orders_id' => $insert_id, 

              	 'orders_products_id' => $order_products_id,

              	 'products_options' => $adata[2],

              	 'products_options_values' => $adata[1], 

              	 'options_values_price' => 0, 

              	 'price_prefix' => 0);

  	 tep_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);

}else{echo mysql_error();}

    	 mysql_free_result($rst);

  	 }elseif($option_id==-8) {



       $value=substr($order->products[$i]['id'],strpos($order->products[$i]['id'],"{-8}")+4);	

    	 $lng_tempprodid=substr($order->products[$i]['id'],0, strpos($order->products[$i]['id']	,"{"));

       if ($lng_tempprodid==$lng_yogiesproductid) {

      	 if (strlen(trim($value))>0) {

         $price = $lng_customtextprice;

         $prefix="+";

      	 }

       }else{

      	 if (strpos($value,"{")>0) {

         $value=substr($value,0,strpos($value,"{"));

      	 }

      	 $price=0;

      	 $prefix="0";

      	 if (strlen($value)>14) {

         $price = strlen($value)-14;

         $prefix="+";

      	 }

       }

  	 $sql_data_array = array('orders_id' => $insert_id, 

              	 'orders_products_id' => $order_products_id,

              	 'products_options' => "Custom",

              	 'products_options_values' => "$value", 

              	 'options_values_price' => $price, 

              	 'price_prefix' => '$prefix');

  	 tep_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);



  	 } else {

       $value=substr($order->products[$i]['id'],strpos($order->products[$i]['id'],"{-7}")+4);	

       if (strpos($value,"{")>0) {

      	 $value=substr($value,0,strpos($value,"{"));

       }

  	 $sql_data_array = array('orders_id' => $insert_id, 

              	 'orders_products_id' => $order_products_id,

              	 'products_options' => "Special Instructions",

              	 'products_options_values' => "$value", 

              	 'options_values_price' => 0, 

              	 'price_prefix' => 0);

  	 tep_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);



  	 }



   }

//END OF THE CODE MODIFIED BY ALIENWIZ 030430





       $products_ordered_attributes .= "nt" . $attributes_values['products_options_name'] . ' ' . $attributes_values['products_options_values_name'];

     }

   }

//------insert customer choosen option eof ----

   $total_weight += ($order->products[$i]['qty'] * $order->products[$i]['weight']);

   $total_tax += tep_calculate_tax($total_products_price, $products_tax) * $order->products[$i]['qty'];

   $total_cost += $total_products_price;



   $products_ordered .= $order->products[$i]['qty'] . ' x ' . $order->products[$i]['name'] . ' (' . $order->products[$i]['model'] . ') = ' . $currencies->display_price($order->products[$i]['final_price'], $order->products[$i]['tax'], $order->products[$i]['qty']) . $products_ordered_attributes . "n";

 }

$order_total_modules->apply_credit();//ICW ADDED FOR ORDER_TOTAL CREDIT SYSTEM

// lets start with the email confirmation

 $email_order = STORE_NAME . "n" . 

                EMAIL_SEPARATOR . "n" . 

                EMAIL_TEXT_ORDER_NUMBER . ' ' . $insert_id . "n" .

                EMAIL_TEXT_INVOICE_URL . ' ' . tep_href_link(FILENAME_ACCOUNT_HISTORY_INFO, 'order_id=' . $insert_id, 'SSL', false) . "n" .

                EMAIL_TEXT_DATE_ORDERED . ' ' . strftime(DATE_FORMAT_LONG) . "nn";

 if ($order->info['comments']) {

+    $email_order .= tep_db_output($order->info['comments']) . "nn";

 }

 $email_order .= EMAIL_TEXT_PRODUCTS . "n" . 

                 EMAIL_SEPARATOR . "n" . 

                 $products_ordered . 

                 EMAIL_SEPARATOR . "n";



 for ($i=0; $i<sizeof($order_totals); $i++) {

   $email_order .= strip_tags($order_totals[$i]['title']) . ' ' . strip_tags($order_totals[$i]['text']) . "n";

 }



 if ($order->content_type != 'virtual') {

   $email_order .= "n" . EMAIL_TEXT_DELIVERY_ADDRESS . "n" . 

                   EMAIL_SEPARATOR . "n" .

                   tep_address_label($customer_id, $sendto, 0, '', "n") . "n";

 }



 $email_order .= "n" . EMAIL_TEXT_BILLING_ADDRESS . "n" .



                 EMAIL_SEPARATOR . "n" .

                 tep_address_label($customer_id, $billto, 0, '', "n") . "nn";

 if (is_object($$payment)) {

   $email_order .= EMAIL_TEXT_PAYMENT_METHOD . "n" . 

                   EMAIL_SEPARATOR . "n";

   $payment_class = $$payment;

   $email_order .= $payment_class->title . "nn";

   if ($payment_class->email_footer) { 

     $email_order .= $payment_class->email_footer . "nn";

   }

 }

 tep_mail($order->customer['firstname'] . ' ' . $order->customer['lastname'], $order->customer['email_address'], EMAIL_TEXT_SUBJECT, nl2br($email_order), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, '');



// send emails to other people

 if (SEND_EXTRA_ORDER_EMAILS_TO != '') {

   tep_mail('', SEND_EXTRA_ORDER_EMAILS_TO, EMAIL_TEXT_SUBJECT, nl2br($email_order), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, '');

 }



// load the after_process function from the payment modules

 $payment_modules->after_process();



 $cart->reset(TRUE);



// unregister session variables used during checkout

 tep_session_unregister('sendto');

 tep_session_unregister('billto');

 tep_session_unregister('shipping');

 tep_session_unregister('payment');

 $order_total_modules->clear_posts();//ICW ADDED FOR ORDER_TOTAL CREDIT SYSTEM

 tep_session_unregister('comments');



 tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));



 require(DIR_WS_INCLUDES . 'application_bottom.php');

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...