Zen Cart Rule #3: Don’t Over-Prepare

 hints, php, troubleshoot, zen-cart  Comments Off on Zen Cart Rule #3: Don’t Over-Prepare
Oct 312015
 

When you’re performing database manipulations, it’s important to prepare your textual input so that there aren’t any stray single- (‘) or double-quotes  (“) that will wreck havoc with your MySQL queries.  Zen Cart provides methods (the functions zen_db_input and $db->prepare_input) that will help, but you need to have a plan for what method you’re going to use to insert or update that data to prevent over-preparation.

Zen Cart provides two methods for inserting and updating database information:

  1. class-based, using the $db->Execute function.
  2. function-based, using the zen_db_perform function.

The class-based method allows you full control over the formatting of a MySQL query while the function-based method uses an associative input-array to map each database field to its associated value.  The function-based method’s strength is its ease in creating or updating an entire database table record, while the class-based method is more suitable to a quick update of a couple of fields in a record.

When you use the class-based method, it’s very important to prepare any text input prior to sending that data to the database, i.e. escaping any quotes within the data.  Failure to do this can result in a whitescreen (with associated myDEBUG*.log) intermittently … based on the data input.

When you use the function-based method, that function automatically prepares all input — in fact, it treats all input as strings.  If you’ve also prepared the input, the resultant database field will include unwanted slashes (e.g. o/’Toole instead of o’Toole).  That’s because the function has prepared (via call to $db->prepare_input) data that you’ve already prepared, resulting in the slashes themselves being escaped … a result of over-preparation!

Zen Cart makes it easy to perform your database manipulations, but the onus is on you to first choose the method that you’re going to use and then perform any input-preparations needed based on the method you’ve chosen.

Zen Cart Rule #1: Shipping Module Names

 hints, php, troubleshoot, zen-cart  Comments Off on Zen Cart Rule #1: Shipping Module Names
Aug 282015
 

There are rules everywhere.  In the kitchen, my #1 rule is “Never try to catch a falling knife“; it apparently applies to investments, too!  In Zen Cart, my current #1 rule (having spent an inordinate amount of time debugging its misuse) is “Never use an underscore (_) in a shipping module’s name“.


A shipping module (unlike a payment or order-total module) can have multiple methods that it supports, so the built-in Zen Cart processing uses an underscore (_) to record both the Shipping Module and Shipping Method chosen for an order as a single string value.  For example, using Zen Cart v1.5.4, the Store Pickup shipping module supports multiple stores.  When the customer chooses the first store location, the id associated to the shipping selection is storepickup_storepickup0.

Once the shipping selection is made, the Zen Cart processing maps that selection back to the Store Pickup module (storepickup.php) and its storepickup0 method by splitting (via the PHP explode function) that id value at the (presumed single) underscore.  If there’s an underscore in the shipping module’s name, the association between the shipping module and selected method can never be resolved so the customer is always redirected back to the checkout_shipping page (with no message).


Repeat after me:  I will never (again) use an underscore in a shipping module’s name.

Products’ URL: Template File Changes for Zen Cart 1.5.3 and later

 v1.5.3, v1.5.4, zen-cart  Comments Off on Products’ URL: Template File Changes for Zen Cart 1.5.3 and later
Apr 302015
 

Starting with Zen Cart v1.5.3, the built-in handling that displays a product’s URL was changed.  If you are upgrading your store from a previous version of Zen Cart and you want your products’ URLs to continue to properly display, make sure to merge the following changes into your template’s tpl_*_display.php files.  In each file, look for:

<!--bof Product URL -->
<?php
  if (zen_not_null($products_url)) {
    if ($flag_show_product_info_url == 1) {
?>
    <p id="productInfoLink" class="productGeneral centeredContent"><?php echo sprintf(TEXT_MORE_INFORMATION, zen_href_link(FILENAME_REDIRECT, 'action=url&goto=' . urlencode($products_url), 'NONSSL', true, false)); ?></p>
<?php
    } // $flag_show_product_info_url
  }
?>
<!--eof Product URL -->

and make sure that the highlighted section is changed to:

<!--bof Product URL -->
<?php
  if (zen_not_null($products_url)) {
    if ($flag_show_product_info_url == 1) {
?>
    <p id="productInfoLink" class="productGeneral centeredContent"><?php echo sprintf(TEXT_MORE_INFORMATION, zen_href_link(FILENAME_REDIRECT, 'action=product&products_id=' . zen_output_string_protected($_GET['products_id']), 'NONSSL', true, false)); ?></p>
<?php 
    } // $flag_show_product_info_url 
  } ?> <!--eof Product URL -->

Making that change will allow your Zen Cart v1.5.3+ store to continue to properly display your products’ URLs.