Getting issue with shopify order webhook php

Highlighted
Shopify Partner
2 0 0
$api_url = 'https://a5d5938e2e4ef03787807b7e33635cff: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@printifyapi.myshopify.com/admin/api/2020-07/orders.json';
$shopify = $api_url . '/admin/webhooks.json';
$arguments = array(
'topic' => 'order/creation',
'format' => 'json'
);    
$webhooks = $api_url . '/admin/webhooks.json', $arguments;     // getting syntax error on this line about "," (comma). it was working fine few days ago 
var_dump($webhook ?? 'nothing');
exit();
$webhookContent  = '';
$webhook = fopen('php://input' , 'rb');
while (!feof($webhook)) {
$webhookContent .= fread($webhook, 4096);
}
fclose($webhook);
mail('mail@yourdomain.com', 'test - hook', $webhookContent);
error_log($webhookContent );
// Write log
$content = "some text here".$webhookContent;
$fp = fopen($_SERVER['DOCUMENT_ROOT'] . "/logFile.txt","wb");
fwrite($fp,$content);
fclose($fp);
// close
    $orders = json_decode($webhookContent , true);
 
$servername = "localhost";
        $database = "indybzbd_orderapi";
        $username = "indybzbd_order";
        $password = "order@1234#";
        $sql = "mysql:host=$servername;dbname=$database;";
      foreach($orders as $order){ 
 
        try { 
          $db = new PDO($sql, $username, $password);
           } catch (PDOException $error) 
   {
          echo 'Connection error: ' . $error->getMessage();
        }
                $order_id = $order['id'];
                $order_number = $order['name'];
                $f_name = $order['billing_address']['name'];
                $payment_gateway = $order['gateway'];
                $financial_status = $order['financial_status'];
                $order_value = $order['total_price'];
                $order_status = $order['#'];
                $shipping_province = $order['shipping_address']['province'];
                $created_at = $order['created_at'];
                $updated_at = $order['updated_at'];
                $shipping_method = $order['shipping_lines'][0]['title'];
 
                $stmt = $db->query("INSERT INTO orders(order_id, order_number, cust_fname, payment_gateway, financial_status, order_value, order_status, ship_to, created_at, updated_at, shipping_method)
                                    VALUES ('$created_at', '$order_id', '$order_number', '$f_name', '$payment_gateway', '$financial_status', '$order_value', '$order_status', '$shipping_province', '$created_at', '$updated_at', '$shipping_method')");
 
            }
0 Likes
Highlighted
Trailblazer
209 1 101

You can't use that comma in PHP to concat strings. That's just bad syntax. Not exactly sure what you're trying to do, but that's not the way to get it done.

Additionally you have scary security issues with this code.

I wouldn't write logs using fopen. You run the risk of a hacker creatively writing a request to have them write code which might get executed on your server. Best avoided in production code. Also it wouldn't scale, as writing logs to file will eat up cycles.

Also you have SQL injection issues with that SQL statement you wrote. You need to use placeholders.
https://websitebeaver.com/php-pdo-prepared-statements-to-prevent-sql-injection


0 Likes