[ic] Interchange failure to check for field length

davideth at whojamadoogle.com davideth at whojamadoogle.com
Wed Feb 25 22:19:51 UTC 2026 

I have an urgent problem.

Apparently, there is a glitch in interchange that allows unacceptable 
characters in the userdb file.

An order was placed, process, and credit card was filed, however, the 
userbf files is almost empty It has the user name, item, date, but 
incorrect order total as there was a shipping charge. The order was 
properly logged to tracking.asc and all details are there. email was 
sent correctly to customer and to our orders@ .

from log "Saved user information to user database: SUCCESS"

 From error.log

72.xx.xxx.xxx xxxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52 
-0600] huldapag /cgi-bin/cart.cgi/ord/finalize Report posted HCPZ56522  
... -- http_user_agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36 
Edg/144.0.0.0 remote_addr=72.xx.xxx.xxx
72.xx.xxx.xxx xxxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52 
-0600] huldapag /cgi-bin/cart.cgi/ord/finalize display special page

However, this us what was saved in userdb:

User Name:   u06940     Account Status:   INACTIVE     Total Sales:  
  $40.00     Last login:   Dec 31, 1969 6:33 pm
Customer Details
Customer:
Company:
Home phone:
Work phone:
Email:

Billing Details
Same as shipping address

Shipping Details
Name:
Address:
City:
Country:
Status     Order Number     Order Date     Shipped to     Number of 
items     Subtotal     Total
Pending     HCPZ56522     Feb 13, 2026 14:24     ,     1  $40.00     $40.00


Any idea why this happened?

Any suggestions as to how the database can be fixed/corrected?

I do have previous orders from the customers, is there a way to copy 
from one customer id to another?

I would actually like to change the userid in the transactions, order,, 
etc is possible.


Ah, found the error!

72.xx.xxx.xxx xxxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52 
-0600] huldacpz /cgi-bin/cart.cgi/ord/finalize set_slice error as called 
by Vend::UserDB: DBD::Pg::st execute failed:

 >>>>>>  ERROR:  value too long for type character varying(64) at 
/usr/local/interchange/lib/Vend/Table/DBI.pm line 1420.

 >
 > query was:update "userdb" SET 
"address1"=?,"address2"=?,"b_country"=?,"city"=?,"company"=?,"country"=?,"email"=?,"fname"=?,"lname"=?,"mv_shipmode"=?,"phone_day"=?,"state"=?,"zip"=?,"updated"=?,"preferences"=? 
WHERE "username" = 'u06940'
 > values were xxx
72.xx.xxx.xxx xxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52 -0600] 
huldacpz /cgi-bin/cart.cgi/ord/finalize Report posted HCPZ56522  ... -- 
http_user_agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36 
Edg/144.0.0.0 remote_addr=72.xx.xxx.xxx
72.xx.xxx.xxx xxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52 -0600] 
huldacpz /cgi-bin/cart.cgi/ord/finalize display special page

When so critical, why is there not a trap for excess characters?

More information about the interchange-users mailing list