[ic] Really need some help
davideth at whojamadoogle.com
davideth at whojamadoogle.com
Fri Mar 13 17:20:09 UTC 2026
The only thing xxx-ed out were specific IP information.
The excess data was in the field company name, however, I tried every
field including fname, lname, address, phone, billing name, billing
address, etc. There is NO field length checking for any fields. Why????
This message appears if any field is too long but the order is generated
with a blank data stored and the customer is sent a order
acknowledgement and the payment is charged.
So, the customer has an order acknowledgement but the company has a
blank record. The record has a userid but no data in the userdb except
the userid, not data in transactions, no data in orderln, etc.
As I said, a massive failure.
Not gripping, just concerned.
David
On 3/12/26 13:45, davideth at whojamadoogle.com wrote:
>
> from log "Saved user information to user database: SUCCESS"
>
> From error.log
>
> 72.xx.xxx.xxx xxxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52
> -0600] huldapag /cgi-bin/cart.cgi/ord/finalize Report posted
> HCPZ56522 ... -- http_user_agent=Mozilla/5.0 (Windows NT 10.0; Win64;
> x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0
> Safari/537.36 Edg/144.0.0.0 remote_addr=72.xx.xxx.xxx
> 72.xx.xxx.xxx xxxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52
> -0600] huldapag /cgi-bin/cart.cgi/ord/finalize display special page
>
> However, this us what was saved in userdb:
>
> User Name: u06940 Account Status: INACTIVE Total Sales:
> $40.00 Last login: Dec 31, 1969 6:33 pm
> Customer Details
> Customer:
> Company:
> Home phone:
> Work phone:
> Email:
>
> Billing Details
> Same as shipping address
>
> Shipping Details
> Name:
> Address:
> City:
> Country:
> Status Order Number Order Date Shipped to Number of
> items Subtotal Total
> Pending HCPZ56522 Feb 13, 2026 14:24 , 1 $40.00
> $40.00
>
> Any idea why this happened?
>
> Any suggestions as to how the database can be fixed/corrected?
>
> I do have previous orders from the customers, is there a way to copy
> from one customer id to another?
>
> I would actually like to change the userid in the transactions,
> order,, etc is possible.
>
>
> Ah, found the error message!
>
> 72.xx.xxx.xxx xxxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52
> -0600] huldacpz /cgi-bin/cart.cgi/ord/finalize set_slice error as
> called by Vend::UserDB: DBD::Pg::st execute failed:
>
> >>>>>> ERROR: value too long for type character varying(64) at
> /usr/local/interchange/lib/Vend/Table/DBI.pm line 1420.
>
> >
> > query was:update "userdb" SET
> "address1"=?,"address2"=?,"b_country"=?,"city"=?,"company"=?,"country"=?,"email"=?,"fname"=?,"lname"=?,"mv_shipmode"=?,"phone_day"=?,"state"=?,"zip"=?,"updated"=?,"preferences"=?
> WHERE "username" = 'u06940'
> > values were xxx
> 72.xx.xxx.xxx xxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52
> -0600] huldacpz /cgi-bin/cart.cgi/ord/finalize Report posted
> HCPZ56522 ... -- http_user_agent=Mozilla/5.0 (Windows NT 10.0; Win64;
> x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0
> Safari/537.36 Edg/144.0.0.0 remote_addr=72.xx.xxx.xxx
> 72.xx.xxx.xxx xxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52
> -0600] huldacpz /cgi-bin/cart.cgi/ord/finalize display special page
>
> When so critical, why is there not a trap for excess characters or
> character length?
>
> I can not find any checking or limiting on this problem for many
> fields including fname, lname, address, company city, telephone, etc.
>
> Same for shipping or billing.
>
>
> Am I missing a script or config file to check or limit string length?
>
>
> I would think that something this critical would have a default error
> checking. I know that it was in 4.9.2
>
> _____________
>
>
More information about the interchange-users
mailing list