<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>I went to the demo and created the errors there. Have 4 screen
grabs.</p>
<p>Places and order </p>
<p><img src="cid:part1.ZLf9VgFv.qtGCuWAU@whojamadoogle.com" alt=""></p>
<p><br>
</p>
<p>Received an order acknowledgement:</p>
<p><img src="cid:part2.O0Ops8Uj.2OedXwSI@whojamadoogle.com" alt=""></p>
<p><br>
</p>
<p>I then tried to login</p>
<p><img src="cid:part3.KrRYogd0.GjumoUEi@whojamadoogle.com" alt=""></p>
<p>Checking the userdb:</p>
<p><img src="cid:part4.8PEADw7k.hYkNu0EK@whojamadoogle.com" alt=""></p>
<p>And</p>
<p><img src="cid:part5.LbRFWfRj.28r6jGnO@whojamadoogle.com" alt=""></p>
<p>Note the blank fields.</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 3/13/26 12:20,
<a class="moz-txt-link-abbreviated" href="mailto:davideth@whojamadoogle.com">davideth@whojamadoogle.com</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:7b681caa-c6a7-4168-b26b-2f285d708245@whojamadoogle.com">The
only thing xxx-ed out were specific IP information.
<br>
<br>
The excess data was in the field company name, however, I tried
every field including fname, lname, address, phone, billing name,
billing address, etc. There is NO field length checking for any
fields. Why????
<br>
<br>
This message appears if any field is too long but the order is
generated with a blank data stored and the customer is sent a
order acknowledgement and the payment is charged.
<br>
<br>
So, the customer has an order acknowledgement but the company has
a blank record. The record has a userid but no data in the userdb
except the userid, not data in transactions, no data in orderln,
etc.
<br>
<br>
As I said, a massive failure.
<br>
<br>
Not gripping, just concerned.
<br>
<br>
<br>
David
<br>
<br>
<br>
On 3/12/26 13:45, <a class="moz-txt-link-abbreviated" href="mailto:davideth@whojamadoogle.com">davideth@whojamadoogle.com</a> wrote:
<br>
<blockquote type="cite">
<br>
from log "Saved user information to user database: SUCCESS"
<br>
<br>
From error.log
<br>
<br>
72.xx.xxx.xxx xxxxxxxxx:72.xx.xxx.xxx -
[13/February/2026:14:24:52 -0600] huldapag
/cgi-bin/cart.cgi/ord/finalize Report posted HCPZ56522 ... --
http_user_agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0
Safari/537.36 Edg/144.0.0.0 remote_addr=72.xx.xxx.xxx
<br>
72.xx.xxx.xxx xxxxxxxxx:72.xx.xxx.xxx -
[13/February/2026:14:24:52 -0600] huldapag
/cgi-bin/cart.cgi/ord/finalize display special page
<br>
<br>
However, this us what was saved in userdb:
<br>
<br>
User Name: u06940 Account Status: INACTIVE Total
Sales: $40.00 Last login: Dec 31, 1969 6:33 pm
<br>
Customer Details
<br>
Customer:
<br>
Company:
<br>
Home phone:
<br>
Work phone:
<br>
Email:
<br>
<br>
Billing Details
<br>
Same as shipping address
<br>
<br>
Shipping Details
<br>
Name:
<br>
Address:
<br>
City:
<br>
Country:
<br>
Status Order Number Order Date Shipped to Number
of items Subtotal Total
<br>
Pending HCPZ56522 Feb 13, 2026 14:24 , 1 $40.00
$40.00
<br>
<br>
Any idea why this happened?
<br>
<br>
Any suggestions as to how the database can be fixed/corrected?
<br>
<br>
I do have previous orders from the customers, is there a way to
copy from one customer id to another?
<br>
<br>
I would actually like to change the userid in the transactions,
order,, etc is possible.
<br>
<br>
<br>
Ah, found the error message!
<br>
<br>
72.xx.xxx.xxx xxxxxxxxx:72.xx.xxx.xxx -
[13/February/2026:14:24:52 -0600] huldacpz
/cgi-bin/cart.cgi/ord/finalize set_slice error as called by
Vend::UserDB: DBD::Pg::st execute failed:
<br>
<br>
>>>>>> ERROR: value too long for type
character varying(64) at
/usr/local/interchange/lib/Vend/Table/DBI.pm line 1420.
<br>
<br>
>
<br>
> query was:update "userdb" SET
"address1"=?,"address2"=?,"b_country"=?,"city"=?,"company"=?,"country"=?,"email"=?,"fname"=?,"lname"=?,"mv_shipmode"=?,"phone_day"=?,"state"=?,"zip"=?,"updated"=?,"preferences"=?
WHERE "username" = 'u06940'
<br>
> values were xxx
<br>
72.xx.xxx.xxx xxxxxxxx:72.xx.xxx.xxx -
[13/February/2026:14:24:52 -0600] huldacpz
/cgi-bin/cart.cgi/ord/finalize Report posted HCPZ56522 ... --
http_user_agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0
Safari/537.36 Edg/144.0.0.0 remote_addr=72.xx.xxx.xxx
<br>
72.xx.xxx.xxx xxxxxxxx:72.xx.xxx.xxx -
[13/February/2026:14:24:52 -0600] huldacpz
/cgi-bin/cart.cgi/ord/finalize display special page
<br>
<br>
When so critical, why is there not a trap for excess characters
or character length?
<br>
<br>
I can not find any checking or limiting on this problem for
many fields including fname, lname, address, company city,
telephone, etc.
<br>
<br>
Same for shipping or billing.
<br>
<br>
<br>
Am I missing a script or config file to check or limit string
length?
<br>
<br>
<br>
I would think that something this critical would have a default
error checking. I know that it was in 4.9.2
<br>
<br>
_____________
<br>
<br>
<br>
</blockquote>
</blockquote>
</body>
</html>