[ic] Interchange failure to check for field length
davideth at whojamadoogle.com
davideth at whojamadoogle.com
Wed Mar 4 17:34:02 UTC 2026
Thanks Peter,
That helps but the original problem is massive and needs fixing as well.
_____________
I have an urgent problem. using Interchange 5.10.0 © 2002-2009 under
CentOS v7.9.2009 STANDARD kvm
Apparently, there is a glitch in interchange that allows unacceptable
characters in the userdb file and possibly others as well. .
An order was placed, process, and credit card was filed, however, the
userbf files is almost empty It has the user name, item, date, but
incorrect order total as there was a shipping charge. The order was
properly logged to tracking.asc and all details are there. email was
sent correctly to customer and to our orders@ .
from log "Saved user information to user database: SUCCESS"
From error.log
72.xx.xxx.xxx xxxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52
-0600] huldapag /cgi-bin/cart.cgi/ord/finalize Report posted HCPZ56522
... -- http_user_agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Edg/144.0.0.0 remote_addr=72.xx.xxx.xxx
72.xx.xxx.xxx xxxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52
-0600] huldapag /cgi-bin/cart.cgi/ord/finalize display special page
However, this us what was saved in userdb:
User Name: u06940 Account Status: INACTIVE Total Sales:
$40.00 Last login: Dec 31, 1969 6:33 pm
Customer Details
Customer:
Company:
Home phone:
Work phone:
Email:
Billing Details
Same as shipping address
Shipping Details
Name:
Address:
City:
Country:
Status Order Number Order Date Shipped to Number of
items Subtotal Total
Pending HCPZ56522 Feb 13, 2026 14:24 , 1 $40.00 $40.00
Any idea why this happened?
Any suggestions as to how the database can be fixed/corrected?
I do have previous orders from the customers, is there a way to copy
from one customer id to another?
I would actually like to change the userid in the transactions, order,,
etc is possible.
Ah, found the error message!
72.xx.xxx.xxx xxxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52
-0600] huldacpz /cgi-bin/cart.cgi/ord/finalize set_slice error as called
by Vend::UserDB: DBD::Pg::st execute failed:
>>>>>> ERROR: value too long for type character varying(64) at
/usr/local/interchange/lib/Vend/Table/DBI.pm line 1420.
>
> query was:update "userdb" SET
"address1"=?,"address2"=?,"b_country"=?,"city"=?,"company"=?,"country"=?,"email"=?,"fname"=?,"lname"=?,"mv_shipmode"=?,"phone_day"=?,"state"=?,"zip"=?,"updated"=?,"preferences"=?
WHERE "username" = 'u06940'
> values were xxx
72.xx.xxx.xxx xxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52 -0600]
huldacpz /cgi-bin/cart.cgi/ord/finalize Report posted HCPZ56522 ... --
http_user_agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Edg/144.0.0.0 remote_addr=72.xx.xxx.xxx
72.xx.xxx.xxx xxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52 -0600]
huldacpz /cgi-bin/cart.cgi/ord/finalize display special page
When so critical, why is there not a trap for excess characters?
I can not find any checking or limiting on this problem for many
fields including fname, lname, address, company city, telephone, etc.
Same for shipping or billing.
Am I missing a script or config file to check or limit string length?
_____________
On 2/26/26 13:44, davideth at whojamadoogle.com wrote:
> <snipping two more instances which are basically the same error>
>
> Basically put Interchange is trying to update the transactions table
> with an empty string in a field that is defined as type timestamp,
> likely the update_date field and postgresql is complaining because it
> won't accept the empty string as input for this field type. There are a
> few possible different solutions:
>
> * Drop the affected column from the db.
>
> * Change the type of the field to varchar or a similar type that allows
> an empty string as a field.
>
> * Fix the metadata for the table in IC so that it populates the field
> with a suitable default.
>
>
> Peter
>
>
>
More information about the interchange-users
mailing list