echo field "description" from tblproducts table breaks code

[shadowfax007]

Hello all-

We are just getting ready to build our new site with WHMCS.  As such, I am a complete novice to WHMCS.  To make matters worse, I an not familiar with PHP either (I am familiar with db development, just not with PHP.  I've spent the past hour searching the discussion list to no avail (I'm sure there would be a thread on this).

I've created a very basic page (to familiarize myself WHMCS).  I know there is much missing and I'm sure there may be some security issues with what I've written (hint - I AM aware of these issues).  Following some examples, I have three pages to this solution: clients/test1.php, clients/templates/test-template/test1a.tpl & clients/feeds/test1.php.

Here is the clients/feeds/test1.php page code:

 

$result = "SELECT id,name,type,description FROM tblproducts WHERE tblproducts.hidden = 0 ORDER BY tblproducts.order ASC";
$data = mysql_query($result);
while ($row = mysql_fetch_assoc($data)) {
    $code .= '<li><a href="cart.php?gid='.$row['id'].'">'.$row['name'].' <br> '.$row["type"].'<br><br> </a></li>';
    
    $newCode .= '<li><a href="cart.php?gid='.$row['id'].'">'.$row['name'].' <br> '.$row["description"].'<br><br> </a></li>';
     
}  

echo "document.write('<br />Plan Details:<br /><br />');";

echo "document.write('".$code."');";

echo "document.write('<br /><hr /><br /><br /><hr />')";
/*
echo "document.write('".$newCode."');";
*/

 

This "somewhat" works as expected for me (except that it only displays 3 records - there are 15 records, 6 of them with a "hidden" field value of 0 ).

BUT as soon as I uncomment the last line: 

echo "document.write('".$newCode."');";

The page breaks.  I assume this is an encoding issue because of the HTML values in the table.  Could someone please point me the right direction - I would really appreciate some help!

Thanks,

James

[Kian]

On 5/25/2019 at 4:37 AM, shadowfax007 said:

(hint - I AM aware of these issues)

Okay so I'm not going to say anything 😄 The problem with your script is very simple. Take a look at this part:

echo "document.write('<br /><hr /><br /><br /><hr />')";

The ";" char is missing. Here's the fixed version:

echo "document.write('<br /><hr /><br /><br /><hr />');";

Edited May 27, 2019 by Kian

[shadowfax007]

Thanks Gearhead!

And thanks for not pointing out any security issues, etc... having done development work in a similar language to PHP for 20 years, I know from experience that someone will invariably  respond (sometimes in not such a nice way) about security issues (and some I can understand).  I am a big "stickler" on poorly written code, especially from a security viewpoint! but this is my first time getting me feet wet in PHP syntax and such 🙂

I still get the same error (I should say "problem" as I'm just now trying to find to find the code to display PHP errors on the page).  Right now, with the fixed line you pointed out (Thank you for that!).  Here's what I'm getting :

- As is, with the description field (and the HTML code within the field), I get nothing displaying from either variable "$code" or $newCode".

- If I remove the description field from $newCode, I get one instance of the record 3 times for each variable (3 for $code, 3 for $newCode).

So, to me it seems it is hanging up on something in the description field (Which was populated from WHMCS when setting up the different hosting plans).

I just now went into the tblproducts table and removed the "description" code for the 6 records that should be displaying and they all (6) display correctly.

So something is stopping the code and I'm sure it must be a single or double set of quotes (or so I assume!)...

 

[shadowfax007]

Ok, I have some new information that may shed some light on my problem.  I changed the code somewhat and found something that, to me at least, seems interesting:

The below code displays nothing (https://www.domain name/test1.php).  If, however, I load the test page directly from the "feeds" folder ( https://www.domain name/clients/feeds/test1.php) ), it displays all six records correctly!

======================================

<?php
//    original code for test1.php was a copy of productsinfo.PHP

require("../init.php");

$result = "SELECT id,name,type,description FROM tblproducts WHERE tblproducts.hidden = 0 ORDER BY tblproducts.order ASC";
$data = mysql_query($result);
while ($row = mysql_fetch_assoc($data)) {
//    $code .= '<li><a href="cart.php?gid='.$row['id'].'">'.$row['name'].' <br> '.$row["type"].'<br><br> </a></li>';
    
    $newCode .= '<li><a href="cart.php?gid='.$row['id'].'">'.$row['name'].'</a> <br> '.$row["description"].'<br><br></li>';
    
}  

echo "<br />Plan Details:<br />";

    echo "<hr />";

    echo "$newCode.";

======================================

 

The ".tpl" page basically just has this code:

Product Information:<br ><br />
<script language="javascript" src="feeds/test1.php?pid=1&get=name"></script>
<script language="javascript" src="feeds/test1.php?pid=1&get=description"></script>
<script language="javascript" src="feeds/test1.php?pid=1&get=price&billingcycle=monthly"></script>

 

 

I hope this makes sense to someone better than I 🙂

[Kian]

That's not how it works. Feeds output is javascript. You can't directly echo PHP strings. Change:

<?php

echo "<br />Plan Details:<br />";
echo "<hr />";
echo "$newCode."; 

With:

<?php

echo "document.write('".addslashes($newCode)."');";

p.s. When replying there's a button to copy-paste formatted code. Use it otherwise it's messy.

[shadowfax007]

Kian-

You answered a question I meant to ask in my last post but thought of it too late.  Thank you very much for explaining what Feed are for. I Haven't gotten to the place of understanding the architecture of how WHMCS works yet but knowing that the "feed" pages are javascript driven explains why I couldn't understand why a simple "echo" command wouldn't work! In my original try at this, I was using echo document.write, wondering why I needed the javascript command!

I see what I ended up doing was simply writing a PHP page within the feeds folder - now I understand the logic!

I will get back to the original code I was trying to get to work - I'm sure I'll have similar questions as I wasn't able to get it working but now I at least have some better insight!

Apologies for not seeing the button for posting formatted code in my posts - I will use it next time!