surf55 Posted March 9, 2013 Share Posted March 9, 2013 Every time somebody writes a review a string is saved into some quiery with certain values lke: rating, name, review text and so on In product_reviews_write.php tep_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int)$HTTP_GET_VARS['products_id'] . "', '" . (int)$customer_id . "', '" . tep_db_input($customer['customers_firstname']) . ' ' . tep_db_input($customer['customers_lastname']) . "', '" . tep_db_input($rating) . "', now())"); What I want to do is create a new variable called rewiews_email I want to save email addres to latter send the customer a discount code. As i allow quests to write reviews i can't use customers registration mail. I have searched everywhere but I can' find the place where to define a new variable Link to comment Share on other sites More sharing options...
surf55 Posted March 9, 2013 Author Share Posted March 9, 2013 Please any suggestions? I tried to use "customer_id" for storing the email address, It seems to work but it gets sanitised before saving so if the input is nonnumerical it will bcome zero. How could i aviod sanitisation or create a new field with proper filtering for e-mail address? Link to comment Share on other sites More sharing options...
♥mattjt83 Posted March 9, 2013 Share Posted March 9, 2013 @@surf55 You could add a new column to the reviews table to hold their email address. Try this out if you'd like. This is untested but should work. BACKUP your files/database first!! In phpmyadmin: ALTER TABLE reviews ADD customers_email_address varchar( 255 ) NOT NULL ; In product_reviews_write.php: change the customer_query to this... $customer_query = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'"); then change the insert query to: tep_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added, customers_email_address) values ('" . (int)$HTTP_GET_VARS['products_id'] . "', '" . (int)$customer_id . "', '" . tep_db_input($customer['customers_firstname']) . ' ' . tep_db_input($customer['customers_lastname']) . "', '" . tep_db_input($rating) . "', now(), '" . tep_db_input($customer['customers_email_address']) . "')"); Matt Link to comment Share on other sites More sharing options...
surf55 Posted March 9, 2013 Author Share Posted March 9, 2013 Thanks a lot I did not have a clue what phpmyadmin was, I didn't know if it was a program a php file ...(a trivial thing but very little basic information on the internet ) Finally found it in my control panel and creted a field just as you described and voila, it works. I hope this mod didn't create any securyty holes since email address is a sensitive information while other data in reviews table has no value for hackers. Maybe someone could look into it since this is the very first time I have actually modded andy php code myself. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.