function zen_draw_hidden_field($name, $value = '', $parameters = '') { $field = '<input type="hidden" name="' . zen_sanitize_string(zen_output_string($name)) . '"'; if (zen_not_null($value)) { $field .= ' value="' . zen_output_string($value) . '"'; } elseif (isset($GLOBALS[$name]) && is_string($GLOBALS[$name])) { $field .= ' value="' . zen_output_string(stripslashes($GLOBALS[$name])) . '"'; } if (zen_not_null($parameters)) { $field .= ' ' . $parameters; } $field .= ' />'; return $field; }
$process = true; if (ACCOUNT_GENDER == 'true') { if (isset($_POST['gender'])) { $gender = zen_db_prepare_input($_POST['gender']); } else { $gender = false; } } if (isset($_POST['email_format'])) { $email_format = zen_db_prepare_input($_POST['email_format']); } if (ACCOUNT_COMPANY == 'true') { $company = zen_db_prepare_input($_POST['company']); } $firstname = zen_db_prepare_input(zen_sanitize_string($_POST['firstname'])); $lastname = zen_db_prepare_input(zen_sanitize_string($_POST['lastname'])); $nick = zen_db_prepare_input($_POST['nick']); if (ACCOUNT_DOB == 'true') { $dob = zen_db_prepare_input($_POST['dob']); } $email_address = zen_db_prepare_input($_POST['email_address']); $street_address = zen_db_prepare_input($_POST['street_address']); if (ACCOUNT_SUBURB == 'true') { $suburb = zen_db_prepare_input($_POST['suburb']); } $postcode = zen_db_prepare_input($_POST['postcode']); $city = zen_db_prepare_input($_POST['city']); if (ACCOUNT_STATE == 'true') { $state = zen_db_prepare_input($_POST['state']); if (isset($_POST['zone_id'])) { $zone_id = zen_db_prepare_input($_POST['zone_id']);
function zen_db_prepare_input($string) { if (is_string($string)) { return trim(zen_sanitize_string(stripslashes($string))); } elseif (is_array($string)) { reset($string); while (list($key, $value) = each($string)) { $string[$key] = zen_db_prepare_input($value); } return $string; } else { return $string; } }
zen_mail($custinfo->fields['customers_firstname'] . ' ' . $custinfo->fields['customers_lastname'], $custinfo->fields['customers_email_address'], EMAIL_CUSTOMER_STATUS_CHANGE_SUBJECT, $message, STORE_NAME, EMAIL_FROM, $html_msg, 'default'); } zen_record_admin_activity('Customer-approval-authorization set customer auth status to 0 for customer ID ' . (int) $customers_id, 'info'); } else { $sql = "update " . TABLE_CUSTOMERS . " set customers_authorization='" . CUSTOMERS_APPROVAL_AUTHORIZATION . "' where customers_id='" . (int) $customers_id . "'"; zen_record_admin_activity('Customer-approval-authorization set customer auth status to ' . CUSTOMERS_APPROVAL_AUTHORIZATION . ' for customer ID ' . (int) $customers_id, 'info'); } $db->Execute($sql); $action = ''; zen_redirect(zen_href_link(FILENAME_CUSTOMERS, 'cID=' . (int) $customers_id . '&page=' . $_GET['page'], 'NONSSL')); } $action = ''; break; case 'update': $customers_firstname = zen_db_prepare_input(zen_sanitize_string($_POST['customers_firstname'])); $customers_lastname = zen_db_prepare_input(zen_sanitize_string($_POST['customers_lastname'])); $customers_email_address = zen_db_prepare_input($_POST['customers_email_address']); $customers_telephone = zen_db_prepare_input($_POST['customers_telephone']); $customers_fax = zen_db_prepare_input($_POST['customers_fax']); $customers_newsletter = zen_db_prepare_input($_POST['customers_newsletter']); $customers_group_pricing = (int) zen_db_prepare_input($_POST['customers_group_pricing']); $customers_email_format = zen_db_prepare_input($_POST['customers_email_format']); $customers_gender = zen_db_prepare_input($_POST['customers_gender']); $customers_dob = empty($_POST['customers_dob']) ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_db_prepare_input($_POST['customers_dob']); $customers_authorization = zen_db_prepare_input($_POST['customers_authorization']); $customers_referral = zen_db_prepare_input($_POST['customers_referral']); if (CUSTOMERS_APPROVAL_AUTHORIZATION == 2 and $customers_authorization == 1) { $customers_authorization = 2; $messageStack->add_session(ERROR_CUSTOMER_APPROVAL_CORRECTION2, 'caution'); } if (CUSTOMERS_APPROVAL_AUTHORIZATION == 1 and $customers_authorization == 2) {
/** * discount coupon info * * @package page * @copyright Copyright 2003-2011 Zen Cart Development Team * @copyright Portions Copyright 2003 osCommerce * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0 * @version $Id: header_php.php 19517 2011-09-14 21:28:12Z wilt $ */ require DIR_WS_MODULES . zen_get_module_directory('require_languages.php'); $text_coupon_help = ''; if (isset($_POST['lookup_discount_coupon']) and $_POST['lookup_discount_coupon'] != '') { // lookup requested discount coupon $coupon = $db->Execute("select * from " . TABLE_COUPONS . " where coupon_code = '" . zen_db_input($_POST['lookup_discount_coupon']) . "' and coupon_type != 'G'"); $_POST['lookup_discount_coupon'] = zen_sanitize_string($_POST['lookup_discount_coupon']); if ($coupon->RecordCount() < 1) { // invalid discount coupon code $text_coupon_help = sprintf(TEXT_COUPON_FAILED, zen_output_string_protected($_POST['lookup_discount_coupon'])); } else { // valid discount coupon code $lookup_coupon_id = $coupon->fields['coupon_id']; $coupon_desc = $db->Execute("select * from " . TABLE_COUPONS_DESCRIPTION . " where coupon_id = '" . (int) $lookup_coupon_id . "' and language_id = '" . (int) $_SESSION['languages_id'] . "'"); $text_coupon_help = TEXT_COUPON_HELP_HEADER; $text_coupon_help .= sprintf(TEXT_COUPON_HELP_NAME, $coupon_desc->fields['coupon_name']); if (zen_not_null($coupon_desc->fields['coupon_description'])) { $text_coupon_help .= sprintf(TEXT_COUPON_HELP_DESC, $coupon_desc->fields['coupon_description']); } $coupon_amount = $coupon->fields['coupon_amount']; switch ($coupon->fields['coupon_type']) { case 'F':
function zen_get_all_get_params($exclude_array = '') { global $_GET; if ($exclude_array == '') { $exclude_array = array(); } $get_url = ''; reset($_GET); while (list($key, $value) = each($_GET)) { if ($key != zen_session_name() && $key != 'error' && !in_array($key, $exclude_array)) { $get_url .= zen_sanitize_string($key) . '=' . rawurlencode(stripslashes($value)) . '&'; } } return $get_url; }
function zen_db_prepare_input($string) { global $gBitUser; if (empty($string)) { return NULL; } elseif (is_string($string) && !$gBitUser->hasPermission('p_bitcommerce_admin')) { return trim(zen_sanitize_string(stripslashes($string))); } elseif (is_array($string)) { reset($string); while (list($key, $value) = each($string)) { $string[$key] = zen_db_prepare_input($value); } return $string; } else { return $string; } }
<?php include 'tiosafe_config.php'; if (postNotEmpty('title')) { $products_name = $_POST['title']; $products_sale_price = 0; $language_id = getDefaultLanguageID($db); $products_date_added = date('Y/m/d h:i:s'); // Setting the products_status as '1' ie available $sql_array = array('products_price' => $products_sale_price, 'products_status' => '1', 'products_date_added' => $products_date_added); zen_db_perform(TABLE_PRODUCTS, $sql_array); $products_id = zen_db_insert_id(); $sql_array = array('products_id' => $products_id, 'language_id' => $language_id, 'products_name' => zen_sanitize_string($products_name)); zen_db_perform(TABLE_PRODUCTS_DESCRIPTION, $sql_array); } else { echo '\\nInvalid query: The parameter title is required!'; } $db->close();
//Get the option ID $query1 = 'SELECT po.products_options_id, po.products_options_name FROM ' . TABLE_PRODUCTS_OPTIONS . ' AS po WHERE po.language_id = "' . $language_id . '" AND po.products_options_name = "' . $product_base_category . '"'; $result1 = $db->Execute($query1); if (!$result1->EOF) { $products_options_id = $result1->fields['products_options_id']; } //Get the option value id $query2 = 'SELECT pov.products_options_values_id, pov.products_options_values_name FROM ' . TABLE_PRODUCTS_OPTIONS_VALUES . ' AS pov WHERE pov.language_id = ' . $language_id . ' AND pov.products_options_values_name = "' . zen_sanitize_string($product_variation) . '"'; //echo $query2; $result2 = $db->Execute($query2); if (!$result2->EOF) { $products_options_values_id = $result2->fields['products_options_values_id']; } //delete the attribute if ($products_options_id != "" and $products_options_values_id != "") { $query = 'DELETE FROM ' . TABLE_PRODUCTS_ATTRIBUTES . ' WHERE products_id = ' . $products_id . ' AND options_id = ' . $products_options_id . ' AND options_values_id = ' . $products_options_values_id; //echo $query; $result = $db->Execute($query); } } else {
//Check if value exists $query2 = 'SELECT pov.products_options_values_id, pov.products_options_values_name FROM ' . TABLE_PRODUCTS_OPTIONS_VALUES . ' AS pov WHERE pov.language_id = ' . $language_id . ' AND pov.products_options_values_name = "' . zen_sanitize_string($product_variation) . '"'; //echo $query2; $result2 = $db->Execute($query2); if (!$result2->EOF) { $products_options_values_id = $result2->fields['products_options_values_id']; } else { $new_option_value = true; //Get the next id as done in zencart $max_values_id_values = $db->Execute("select max(products_options_values_id) + 1\n as next_id from " . TABLE_PRODUCTS_OPTIONS_VALUES); $products_options_values_id = $max_values_id_values->fields['next_id']; $sql_array = array('products_options_values_id' => $products_options_values_id, 'language_id' => $language_id, 'products_options_values_name' => zen_sanitize_string($product_variation)); zen_db_perform(TABLE_PRODUCTS_OPTIONS_VALUES, $sql_array); } //Check if the option is used buy the product $query3 = 'SELECT pa.products_attributes_id AS id, po.products_options_name, pov.products_options_values_name FROM ' . TABLE_PRODUCTS_ATTRIBUTES . ' AS pa LEFT JOIN ' . TABLE_PRODUCTS_OPTIONS . ' AS po ON pa.options_id = po.products_options_id LEFT JOIN ' . TABLE_PRODUCTS_OPTIONS_VALUES . ' AS pov ON pa.options_values_id = pov.products_options_values_id WHERE pa.products_id = "' . $products_id . '" AND pa.options_id = "' . $products_options_id . '" AND pa.options_values_id = "' . $products_options_values_id . '" AND po.language_id = "' . $language_id . '"