We Keep Coding

Changing Opencart Affiliate Variable Name from Tracking to Ref?

I'm working on an opencart website, and I was asked if it was possible to change the current affiliate link from reading mywebsite.com/currentproduct?tracking=tracking-code-here
to mywebsite.com/currentproduct?ref=tracking-code-here.
So pretty much the variable named to read ?ref=tracking-code instead of ?tracking=tracking-code-here
My guess is I would just change the the GET varible name from tracking to ref. However, Im not sure exactly where that is.
I found this code in the admin/model/customer/customer.php and was wondering if the part that reads tracking = '" . $this->db->escape($data['tracking']) . "', could just be changed to ref without breaking something important.
if ($data['affiliate']) {
$this->db->query("REPLACE INTO " . DB_PREFIX . "customer_affiliate SET customer_id = '" . (int)$customer_id . "', company = '" . $this->db->escape($data['company']) . "', website = '" . $this->db->escape($data['website']) . "', tracking = '" . $this->db->escape($data['tracking']) . "', commission = '" . (float)$data['commission'] . "', tax = '" . $this->db->escape($data['tax']) . "', payment = '" . $this->db->escape($data['payment']) . "', cheque = '" . $this->db->escape($data['cheque']) . "', paypal = '" . $this->db->escape($data['paypal']) . "', bank_name = '" . $this->db->escape($data['bank_name']) . "', bank_branch_number = '" . $this->db->escape($data['bank_branch_number']) . "', bank_swift_code = '" . $this->db->escape($data['bank_swift_code']) . "', bank_account_name = '" . $this->db->escape($data['bank_account_name']) . "', bank_account_number = '" . $this->db->escape($data['bank_account_number']) . "', status = '" . (int)$data['affiliate'] . "', date_added = NOW()");
}
}
I haven't coded in opencart for almost 5 years, and it's, unfortunately, starting to show. Any answer to this would be greatly appreciated! Thanks!

If you're looking to edit this in the OC code, you can look at the file /catalog/controller/startup/startup.php
Around line 126:
// Tracking Code
if (isset($this->request->get['tracking'])) {
setcookie('tracking', $this->request->get['tracking'], time() + 3600 * 24 * 1000, '/');
$this->db->query("UPDATE `" . DB_PREFIX . "marketing` SET clicks = (clicks + 1) WHERE code = '" . $this->db->escape($this->request->get['tracking']) . "'");
}
You can see that it's looking for the value set by the GET parameter tracking which seems to be what you're looking to change.
Fortunately it seems like OC relies on the cookie thereafter so you shouldn't have to worry about it anywhere else but testing will determine whether that is the case or not

I recommend to use .htaccess rewrite rule to rename URL parameter. here is the best solution for this
htaccess change url parameter

How to use the result of one query in another query (PHP/MySQL)

I have 2 tables (artist, cd) and I'm trying to use the result of the first query which returns an artID and make it equal to the artID in the 2nd table(cd) where artID is a foreign key but I'm not sure how to do it. Any help would be appreciated.
$strqueryID="SELECT artID FROM artist WHERE artName= '" . $_POST["category"] . "' ";
$resultsID=mysql_query ($strqueryID) or die(mysql_error());
$strqueryCD="INSERT INTO cd SET cdTitle='" . $_POST['title'] . "', artID='" . ??? . "' cdPrice='" . $_POST['price'] . "', cdGenre='" . $_POST['genre'] . "', cdNumTracks='" . $_POST['tracks'] . "'";
$resultsCD=mysql_query ($strqueryCD) or die(mysql_error());

You can use one single query, like this:
$strqueryCD="
INSERT INTO cd (cdTitle, artID, cdPrice, cdGenre, cdNumTracks)
VALUES(
'" . $_POST['title'] . "',
(SELECT artID FROM artist WHERE artName= '" . $_POST["category"] . "'),
'" . $_POST['price'] . "',
'" . $_POST['genre'] . "',
'" . $_POST['tracks'] . "')
";
also, google 'sqlinjection' before you continue

So, first thing's first - you shouldn't be using mysql_* functions now in 2017. I mean, really - they're actually even removed in later versions of PHP (7.0+). Refer to this StackOverflow post for more information.
Now, for your question at hand. Given the fact that you've searched for (and found) a given artID, you'll first have to get the actual "rows" from the $resultsID variable. In this example, we'll do it in a typical while loop:
while ($row = mysql_fetch_assoc($resultsID)) {
$strqueryCD="INSERT INTO cd SET cdTitle='" . $_POST['title'] . "', artID='" . $row['artID'] . "' cdPrice='" . $_POST['price'] . "', cdGenre='" . $_POST['genre'] . "', cdNumTracks='" . $_POST['tracks'] . "'";
$resultsCD=mysql_query ($strqueryCD) or die(mysql_error());
}
That should now loop over the artIDs that you've found in your first query and use them in the subsequent insert(s).
--
Disclaimer: I've disregarded the fact that user input is being passed straight into the query itself, as it's just too much "out of scope" for this post.

Duplicate data is getting updated ob table

I am looking to update one of the table. After I update, all the duplicate data is getting inserted again. Especially, the cloneSQL part of the code. I tried using DISTINCT, NOT EXISTS but no luck.
if(DB_num_rows($checkResult) > 0){
$cloneSQL = "UPDATE DISTINCT pricematrixdiscount SET
discount='" . $vals[3] . "'
WHERE debtorno='" . $_POST['cloneTo'] . "',
product_line='" . $vals[1] . "',
salestype='" . $vals[2] . "' ";
}
else {
$cloneSQL = "INSERT into pricematrixdiscount
(debtorno,
product_line,
salestype,
discount) VALUES
('" . $_POST['cloneTo'] . "',
'" . $vals[1] . "',
'" . $vals[2] . "',
'" . $vals[3] . "')";
How can I insert only distinct values on the pricematricdiscount table without the duplicates being inserted?

Getting Error with qoutes in MySQL query

Here is my code:
$result = mysql_query("INSERT INTO clients (client_id, name, surname, tel1,tel2,id_num,address)
VALUES ('" .$updating_id . "','" .$updatedName1 . "','" .$updatedName1 . "', '" .$updatedSurname1
. "', '" . $updatedTel1 . "', '" .$updatedTel2 . ", '" .$updatedId_num1. "', '" .$updatedAddress1.
") ON DUPLICATE KEY UPDATE name='" . $updatedName1 . "', surname='" . $updatedSurname1 . "',
tel1='" . $updatedTel1 . "', tel2='" . $updatedTel2 . "', id_num='" . $updatedId_num1 . "',
address='" .$updatedAddress1 . "'");
if(mysql_query($result))
{ echo $updatedName1," ", $updatedSurname1, " updated successfully ";
}
else {
echo mysql_error();}
}
I am noticing that the first quote on the mysql_query("INSERT INTO...
is closing with the first quote of the VALUES ('" .$updating_id . "'... statement and yet the way I quoted is the one in my examples, I have assessed.

Use if($result) instead of if(mysql_query($result)). thx #Vinie
And you miss two simple quotes in your VALUES statement:
$updatedTel2 . "'
$updatedAddress1."'
And you need to have a look at mysql_real_escape_string(); or at least use PDO :)

UPDATE two rows - MySQL

I'm trying to update two rows in my database using a query (which is going to be run from a PHP script) and there is just one Condition (WHERE). What I've tried is:
$sql = 'UPDATE ' . CANNED_MESSAGES . "
SET canned_message_content = '" . $db->sql_escape($content) . "',
canned_message_title = '" . $db->sql_escape($title) . "'
WHERE id = '" . intval($id) . "'" ;
$db->sql_query($sql);
Can you tell me whats wrong with my query? :)

This may be due to Quotes mismatch. Please use this
$sql = "UPDATE '" . CANNED_MESSAGES ."'
SET canned_message_content = '" . $db->sql_escape($content) . "',
canned_message_title = '" . $db->sql_escape($title) . "'
WHERE id = '" . intval($id) . "' " ;

I highly doubt that two rows can have the same id column. Do they? If not, how could you update 2 rows by specifying a condition on a column with such a constraint?