TOPIC: authorize.net not holding Data in backend

when my authorize.net was in test mode. it recorded all activities on the backend. now that i\'m live, I got this msg. Is there a fix for this


Your donation has been processed successfully!
093093
Amount :10.00
Transaction ID :2272868532
Invoice number :DC-1894937Sorry!The donor\'s details could not be stored in database

I know the clients will get a email confirmation and so would I. so if there\'s no way to fix this right now. How would I be able to just remove \"sorry the donor\'s details could not be stored in database\" there\'s no need to have a donor now that the details could not be stored in the DB.

I found the dtdonate that has the comment \"The donor\'s details could not be stored in database\" so I was able to delete it, but I still need to know what to do to make the donors info registered in the backend

The root of this problem is that the coding for the input statement in dtdonate.php does not escape the variables that are likely to contain special characters (most notably, an apostrophe) form the user input. For example, if a user enters \"I\'m stoked\" in the comments field, you will receive the database error. Similarly, if a user enters \"D\'Wayne\" in the first name field, you will also receive the database error.

The fix for this problem is to replace the VALUES section of the INSERT queries found at or around rows 3566 and 5331 with the following:

values(\'\".mysql_real_escape_string($fname).\"\',\'\".mysql_real_escape_string($lname).\"\', \'\".mysql_real_escape_string($org).\"\', \'\".mysql_real_escape_string($address).\"\',\'\".mysql_real_escape_string($city).\"\',\'$state\',\'\".mysql_real_escape_string($country).\"\', \'$zip\',\'$phone\',\'$email\',\'$amount\',\'$paymenttype\',NOW(),\'\".mysql_real_escape_string($comments).\"\', \'authorize.net\',\'$transactionid\',\'\".mysql_real_escape_string($currentUserId).\"\')\";

and

values(\'\".mysql_real_escape_string($fname).\"\',\'\".mysql_real_escape_string($lname).\"\', \'\".mysql_real_escape_string($org).\"\', \'\".mysql_real_escape_string($address).\"\',\'\".mysql_real_escape_string($city).\"\',\'$state\',\'\".mysql_real_escape_string($country).\"\', \'$zip\',\'$phone\',\'$email\',\'$amount\',\'$frequency\',\'$startdate\',\'\".mysql_real_escape_string($comments).\"\', \'authorize.net\',\'$subscriptionId\',\'\".mysql_real_escape_string($currentUserId).\"\')\";

respectively. The development people at DTH need to make this a general coding practice so that it does not happen again.

Hope this helps.

I am getting exactly the same error. However, I don;t recall having any characters to escape in my submission. (So far I am testing the live donation page).

The code you posted should do the trick, but I can't go by the line number anymore because I had to customize the front end and the first thing I did was to eliminate the 3 CR after each line of code, a practice I find annoying because it makes a long page longer and finding the code a mess.

I also had to correct several errors like missing colspans and even an extra closing </td>.

But I'll try to find the location anyway and substitute it.

thanks.

conti - this is a very old thread that is no longer valid. I assume you are using an old version of DT Donate as well. We recently released 2.2 which was a big improvement on previous releases.

Actually, I have purchased and downloaded/installed the latest version about a week ago. The license was purchased for "supportourtroops.org".

The version I have downloaded is: com_dtdonate2_1_8_UNZIP. As I said I got it about a week or two ago. When did you release version 2?

Where can I download it? At the moment I am logged in with my own account, but my client bought it under a different account.
Merchant : DirectTech Web Solutions
Date/Time : 30-Oct-2009 08:12:49 PM
Transaction ID : 2681144322

The email was sot AT supportourtroops.org

But I just found the usr/pass to download it. I'll try again, but by now I have customized a lot of the interface and I hate having it to do it again. I guess I'll use a diff program.

By the way, I found several HTML syntax errors. Mostly lack of colspan and duplicate ending </td> . I fixed them in my copy and I'll fix them in the new one. But you may want to take a look at it.

Unfortunately, when I work on the source code your files come to me with 3 empty lines in between each line of code, which drives bezerk. So I always run a clean up search and replace for empty carriages in notepad++. But then my line numbers go to hell.

I'll try to find them before I clean up the line issue and send them to you, if they are still in the new version.

By the way, I am a bit picky, but I think you guys do pretty good work. Especially the lates version I have tested worked pretty well.