I'm working on an opencart website, and I was asked if it was possible to change the current affiliate link from reading mywebsite.com/currentproduct?tracking=tracking-code-here
to mywebsite.com/currentproduct?ref=tracking-code-here.
So pretty much the variable named to read ?ref=tracking-code instead of ?tracking=tracking-code-here
My guess is I would just change the the GET varible name from tracking to ref. However, Im not sure exactly where that is.
I found this code in the admin/model/customer/customer.php and was wondering if the part that reads tracking = '" . $this->db->escape($data['tracking']) . "', could just be changed to ref without breaking something important.
if ($data['affiliate']) {
$this->db->query("REPLACE INTO " . DB_PREFIX . "customer_affiliate SET customer_id = '" . (int)$customer_id . "', company = '" . $this->db->escape($data['company']) . "', website = '" . $this->db->escape($data['website']) . "', tracking = '" . $this->db->escape($data['tracking']) . "', commission = '" . (float)$data['commission'] . "', tax = '" . $this->db->escape($data['tax']) . "', payment = '" . $this->db->escape($data['payment']) . "', cheque = '" . $this->db->escape($data['cheque']) . "', paypal = '" . $this->db->escape($data['paypal']) . "', bank_name = '" . $this->db->escape($data['bank_name']) . "', bank_branch_number = '" . $this->db->escape($data['bank_branch_number']) . "', bank_swift_code = '" . $this->db->escape($data['bank_swift_code']) . "', bank_account_name = '" . $this->db->escape($data['bank_account_name']) . "', bank_account_number = '" . $this->db->escape($data['bank_account_number']) . "', status = '" . (int)$data['affiliate'] . "', date_added = NOW()");
}
}
I haven't coded in opencart for almost 5 years, and it's, unfortunately, starting to show. Any answer to this would be greatly appreciated! Thanks!
If you're looking to edit this in the OC code, you can look at the file /catalog/controller/startup/startup.php
Around line 126:
// Tracking Code
if (isset($this->request->get['tracking'])) {
setcookie('tracking', $this->request->get['tracking'], time() + 3600 * 24 * 1000, '/');
$this->db->query("UPDATE `" . DB_PREFIX . "marketing` SET clicks = (clicks + 1) WHERE code = '" . $this->db->escape($this->request->get['tracking']) . "'");
}
You can see that it's looking for the value set by the GET parameter tracking which seems to be what you're looking to change.
Fortunately it seems like OC relies on the cookie thereafter so you shouldn't have to worry about it anywhere else but testing will determine whether that is the case or not
I recommend to use .htaccess rewrite rule to rename URL parameter. here is the best solution for this
htaccess change url parameter
Related
found this floating script to dump given feed into sql. however unable to save feed description and images separately in table. below is the part of code which is currently saving some contents but with empty columns.
any help or advise would be appreciated.
$db = mysql_connect($db_hostname,$db_username,$db_password);
if (!$db)
{
die("Could not connect: " . mysql_error());
}
.....snip.............
EDIT#1:
studying simplepie script and its caching. will update should get it resolved tonight.
EDIT#2:
SQL query which was modified to include description and screengrab for the table contents.
CREATE TABLE rss (
............snip........................
enter image description here
EDIT #3:
thx robert for correcting me yes it was a quick copy paste from the original script and havent put correct query init. i had updated sql query and get things fixed however now the moded script needs more juice by retrieving a image link along with the post. i am using xpath to get each post image link however not able to incorporate the respective image with each row dump. both scripts are running perfectly at their individual grounds but i need more help in merging them together.
require_once("./config.php");
.......snip................
EDIT#4:
well it didnt work i mange to updated existing table with another script
i upvoted your answer but havent accepted it as correct answer due to this reason. might i failed to explain properly but my script is working like a charm and just missing some CSS.
thanks though for your help
NOTE: i snip original scripts from the post/
From your screenshot you're missing info inside "item_enclosure" and "item_status" columns, the rest is filled.
Problem is that your query doesn't try to insert those missing entries
$item_insert_sql = "INSERT INTO rssingest(item_id, feed_url, item_title, item_date, item_description, item_url, fetch_date) VALUES ('" . $item_id . "', '" . $feed_url . "', '" . $item_title . "', '" . $item_date . "', '" . $item_description . "', '" . $item_url . "', '" . $fetch_date . "')";
^ Will never insert "item_enclosure" and "item_status" since the 2 columns are not part of the insert query...
You'd need to extract the 2 missing items and modify the insert query to:
$item_insert_sql = "INSERT INTO rssingest(item_id, feed_url, item_title, item_date, item_description, item_url, fetch_date, item_enclosure, item_status) VALUES ('" . $item_id . "', '" . $feed_url . "', '" . $item_title . "', '" . $item_date . "', '" . $item_description . "', '" . $item_url . "', '" . $fetch_date . "', '" . $item_enclosure . "', '" . $item_status . "')";
You'll need to first define:
$item_enclosure
$item_status
Btw the query you pasted in your updated reply is wrong, it should start with "INSERT INTO" not "CREATE TABLE", you're not echoing the right query.
UPDATE:
In your original code there's this line
$has_image = preg_match('/<img.+src=[\'"](?P<src>.+?)[\'"].*>/i', $RSSitem, $image);
So right now if your code finds an image it should be putting it in an array called $image
Try print_r of $image to see in which array item it's stored, I think it will be $image[0][0] or $image[0]
So do the following to define the image URL (I'm guessing it's $image[0][0], but double check just in case):
$img_url = (isset($image)) ? $image[0][0] : "";
Then you'll need to update the insert query (i don't know what column name is used for the image so it's just an example):
$item_insert_sql = "INSERT INTO rssingest(item_id, feed_url, item_title, item_date, item_description, item_url, fetch_date, item_enclosure, item_status, image_column) VALUES ('" . $item_id . "', '" . $feed_url . "', '" . $item_title . "', '" . $item_date . "', '" . $item_description . "', '" . $item_url . "', '" . $fetch_date . "', '" . $item_enclosure . "', '" . $item_status . "', '" . $img_url . "')";
This question already has answers here:
How can I make PHP display the error instead of giving me 500 Internal Server Error [duplicate]
(7 answers)
Closed 5 years ago.
$result = $db->execute("
INSERT INTO arrowchat_chatroom_rooms (author_id, name, description, welcome_message, image, type,password, length, max_users, session_time, limit_message_num, limit_seconds_num)
VALUES ('" . $db->escape_string($userid) . "',
'" . $_POST["add_chatroom_name"] . "',
'" . $_POST["add_chatroom_desc"] . "',
'" . $_POST["add_chatroom_welcome_msg" . "',
'" . $db->escape_string($icon_filename) ."',
'". $_POST["add_chatroom_type"] . "',
'" . $_POST["add_chatroom_password"] . "',
'" . $_POST["add_chatroom_length"] . "',
'" . $_POST["chatroom_max_users"] . "',
'" . time() . "',
'" . $_POST["limit_message_num"] . "',
'" . *_POST["limit_seconds_num"] . "')"
);
return http 500 x_x
you are missing the closing ] for
$_POST["add_chatroom_welcome_msg"
and * in the start of
*_POST["limit_seconds_num"]
in your query, and that is the most probable cause of your 500 error try enabling the display_errors = On from the php.ini
I have 2 tables (artist, cd) and I'm trying to use the result of the first query which returns an artID and make it equal to the artID in the 2nd table(cd) where artID is a foreign key but I'm not sure how to do it. Any help would be appreciated.
$strqueryID="SELECT artID FROM artist WHERE artName= '" . $_POST["category"] . "' ";
$resultsID=mysql_query ($strqueryID) or die(mysql_error());
$strqueryCD="INSERT INTO cd SET cdTitle='" . $_POST['title'] . "', artID='" . ??? . "' cdPrice='" . $_POST['price'] . "', cdGenre='" . $_POST['genre'] . "', cdNumTracks='" . $_POST['tracks'] . "'";
$resultsCD=mysql_query ($strqueryCD) or die(mysql_error());
You can use one single query, like this:
$strqueryCD="
INSERT INTO cd (cdTitle, artID, cdPrice, cdGenre, cdNumTracks)
VALUES(
'" . $_POST['title'] . "',
(SELECT artID FROM artist WHERE artName= '" . $_POST["category"] . "'),
'" . $_POST['price'] . "',
'" . $_POST['genre'] . "',
'" . $_POST['tracks'] . "')
";
also, google 'sqlinjection' before you continue
So, first thing's first - you shouldn't be using mysql_* functions now in 2017. I mean, really - they're actually even removed in later versions of PHP (7.0+). Refer to this StackOverflow post for more information.
Now, for your question at hand. Given the fact that you've searched for (and found) a given artID, you'll first have to get the actual "rows" from the $resultsID variable. In this example, we'll do it in a typical while loop:
while ($row = mysql_fetch_assoc($resultsID)) {
$strqueryCD="INSERT INTO cd SET cdTitle='" . $_POST['title'] . "', artID='" . $row['artID'] . "' cdPrice='" . $_POST['price'] . "', cdGenre='" . $_POST['genre'] . "', cdNumTracks='" . $_POST['tracks'] . "'";
$resultsCD=mysql_query ($strqueryCD) or die(mysql_error());
}
That should now loop over the artIDs that you've found in your first query and use them in the subsequent insert(s).
--
Disclaimer: I've disregarded the fact that user input is being passed straight into the query itself, as it's just too much "out of scope" for this post.
I have a problem with the condition 'where'.
I want one more condition in this code:
$sql="UPDATE
coursegrade
SET
FirstExam='" . mysql_real_escape_string($_POST['FirstExam']) . "',
SecondExam='" . mysql_real_escape_string($_POST['SecondExam']) . "',
ThirdExam='" . mysql_real_escape_string($_POST['ThirdExam']) . "',
Assignments='" . mysql_real_escape_string($_POST['Assignments']) . "',
FinalExam='" . mysql_real_escape_string($_POST['FinalExam']) . "'
WHERE
SID=" . mysql_real_escape_string($_POST['SID']) ;
Tell now I have no problem .. but the problem is that I don't know how to set the second condition.
CourseID=" . mysql_real_escape_string($_POST['CourseID'])
I want the condition to be something like...
WHERE
SID=" . mysql_real_escape_string($_POST['SID'])
AND CourseID=" . mysql_real_escape_string($_POST['CourseID'])
How could I do it?
Unless you use heredoc syntax php will parse strings on a single line.
ie the rendered clause is:
"WHERE SID=19AND CourseID=45"
Basically you missed a space before
"AND CourseID=" . mysql_real_escape_string($_POST['CourseID'])
or you could put quotes around the values
"SID='" . mysql_real_escape_string($_POST['SID']) . "'
AND CourseID='" . mysql_real_escape_string($_POST['CourseID'])."'"
This is may help
WHERE
SID=" . mysql_real_escape_string($_POST['SID'])
OR CourseID=" . mysql_real_escape_string($_POST['CourseID'])
or
WHERE
SID in (
mysql_real_escape_string($_POST['SID']),
mysql_real_escape_string($_POST['CourseID'])
)
its will work for INT value of SID and CourseID
You can try this, and let me know if there is error message
$sql="UPDATE coursegrade
SET
FirstExam = '" . mysql_real_escape_string($_POST[' FirstExam ']) . "',
SecondExam = '" . mysql_real_escape_string($_POST[' SecondExam ']) . "',
ThirdExam = '" . mysql_real_escape_string($_POST[' ThirdExam ']) . "',
Assignments = '" . mysql_real_escape_string($_POST[' Assignments ']) . "',
FinalExam = '" . mysql_real_escape_string($_POST[' FinalExam ']) . "'
WHERE
SID = ". mysql_real_escape_string($_POST['SID'])."
AND
CourseID = " . mysql_real_escape_string($_POST['CourseID']) .";
I'm trying to update two rows in my database using a query (which is going to be run from a PHP script) and there is just one Condition (WHERE). What I've tried is:
$sql = 'UPDATE ' . CANNED_MESSAGES . "
SET canned_message_content = '" . $db->sql_escape($content) . "',
canned_message_title = '" . $db->sql_escape($title) . "'
WHERE id = '" . intval($id) . "'" ;
$db->sql_query($sql);
Can you tell me whats wrong with my query? :)
This may be due to Quotes mismatch. Please use this
$sql = "UPDATE '" . CANNED_MESSAGES ."'
SET canned_message_content = '" . $db->sql_escape($content) . "',
canned_message_title = '" . $db->sql_escape($title) . "'
WHERE id = '" . intval($id) . "' " ;
I highly doubt that two rows can have the same id column. Do they? If not, how could you update 2 rows by specifying a condition on a column with such a constraint?