<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>That helps but the original problem is massive and needs fixing
as well. I believe that it is a major flaw that could affect all
interchange users.</p>
<p>_____________
<br>
<br>
I have an urgent problem. using Interchange 5.10.0 © 2002-2009
under CentOS v7.9.2009 STANDARD kvm
<br>
<br>
<br>
Apparently, there is a glitch in interchange that allows
unacceptable characters in the userdb file and possibly others as
well. .
<br>
<br>
An order was placed, process, and credit card was filed, however,
the userdb files is almost empty It has the user name, item, date,
but incorrect order total as there was a shipping charge. The
order was properly logged to tracking.asc and all details are
there. email was sent correctly to customer and to our orders@ . <br>
</p>
<p><br>
</p>
<p><br>
from log "Saved user information to user database: SUCCESS"
<br>
<br>
From error.log
<br>
<br>
72.xx.xxx.xxx xxxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52
-0600] huldapag /cgi-bin/cart.cgi/ord/finalize Report posted
HCPZ56522 ... -- http_user_agent=Mozilla/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/144.0.0.0 Safari/537.36 Edg/144.0.0.0
remote_addr=72.xx.xxx.xxx
<br>
72.xx.xxx.xxx xxxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52
-0600] huldapag /cgi-bin/cart.cgi/ord/finalize display special
page
<br>
<br>
However, this us what was saved in userdb:
<br>
<br>
User Name: u06940 Account Status: INACTIVE Total
Sales: $40.00 Last login: Dec 31, 1969 6:33 pm
<br>
Customer Details
<br>
Customer:
<br>
Company:
<br>
Home phone:
<br>
Work phone:
<br>
Email:
<br>
<br>
Billing Details
<br>
Same as shipping address
<br>
<br>
Shipping Details
<br>
Name:
<br>
Address:
<br>
City:
<br>
Country:
<br>
Status Order Number Order Date Shipped to Number
of items Subtotal Total
<br>
Pending HCPZ56522 Feb 13, 2026 14:24 , 1 $40.00
$40.00
<br>
<br>
Any idea why this happened?
<br>
<br>
Any suggestions as to how the database can be fixed/corrected?
<br>
<br>
I do have previous orders from the customers, is there a way to
copy from one customer id to another?
<br>
<br>
I would actually like to change the userid in the transactions,
order,, etc is possible.
<br>
<br>
<br>
Ah, found the error message!
<br>
<br>
72.xx.xxx.xxx xxxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52
-0600] huldacpz /cgi-bin/cart.cgi/ord/finalize set_slice error as
called by Vend::UserDB: DBD::Pg::st execute failed:
<br>
<br>
>>>>>> ERROR: value too long for type
character varying(64) at
/usr/local/interchange/lib/Vend/Table/DBI.pm line 1420.
<br>
<br>
>
<br>
> query was:update "userdb" SET
"address1"=?,"address2"=?,"b_country"=?,"city"=?,"company"=?,"country"=?,"email"=?,"fname"=?,"lname"=?,"mv_shipmode"=?,"phone_day"=?,"state"=?,"zip"=?,"updated"=?,"preferences"=?
WHERE "username" = 'u06940'
<br>
> values were xxx
<br>
72.xx.xxx.xxx xxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52
-0600] huldacpz /cgi-bin/cart.cgi/ord/finalize Report posted
HCPZ56522 ... -- http_user_agent=Mozilla/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/144.0.0.0 Safari/537.36 Edg/144.0.0.0
remote_addr=72.xx.xxx.xxx
<br>
72.xx.xxx.xxx xxxxxxxx:72.xx.xxx.xxx - [13/February/2026:14:24:52
-0600] huldacpz /cgi-bin/cart.cgi/ord/finalize display special
page
<br>
<br>
When so critical, why is there not a trap for excess characters or
character length?
<br>
<br>
I can not find any checking or limiting on this problem for many
fields including fname, lname, address, company city, telephone,
etc.
<br>
<br>
Same for shipping or billing.
<br>
<br>
<br>
Am I missing a script or config file to check or limit string
length? </p>
<p><br>
</p>
<p>I would think that something this critical would have a default
error checking. I know that it was in 4.9.2</p>
<p>_____________
<br>
</p>
<br>
</body>
</html>