PHP iSDK: Anyone has experienced querying CC table and getting cc details that does not belong to indicated Contact ID?

We are using query data in accessing CreditCard table and we are retrieving cc details for only one contact. However our client was able to see cc details that is not theirs which is not good. Any idea how this was possible? Or is it a glitch? I can’t replicate the scenario since when I logged in it shows the correct CCs, but she has screenshot as proof and I verified the CCs listed and they belong to someone else’s. Any feedback would be helpful. Thank you very much.

Best Regards,
Joanna D.

One guess is that somehow the wrong Contact Id was used when querying the Card Data. But if you done this 1000s of times without an issue, then some odd glitch had occurred.
Outside possibility that someone accidentally merged 2 different Contact Records together, and the details have been mixed up.

I have also been experiencing glitches with Infusionsoft this week as well. I had one today in which particular Card Payments were triggering a Campaign Goal that was not even related to the Product that was being purchased.

The client have seen her cc as well as someone else’s which is odd since the code queries only one contact, so it couldn’t be a case of using a wrong Contact ID? She shouldn’t be seeing CCs belonging to more than 1 person. Also, I have checked her record and although she does have 2 records they are not merged.

Thanks for the insight @Pav.

I would check with person who developed your solution to see if anything odd has happened.

I’am the developer :smile: and I did verify the source code to be querying the Contact ID that belongs to the logged user only. The code is pretty straight forward which is why I find it odd that it would display not only CCs that belong to them but to another member as well, that would imply that I was able to query with multiple IDs, which as far as I know is not possible, unless the code is in a loop with different contact IDs which is not the case. We don’t save any CC info on our site, everything is through API.

Oh you are the developer, now we know where the problem came from. :rofl:

Joking aside, actually it is possible to query with multiple Id Numbers. If you supply the Data Query function with an array of Id’s (which act like a IN SQL statement), then it will filter the results. Not every API Table Column, but the ones with the usual Table Id References will work. Also the Id Numbers has to be Integers, otherwise you will get a warning message back.

Example: $app->dsQuery(‘CreditCard’, 100, 0, [ ‘ContactId’ => [ 1, 2, 3, 4] ], [ ‘Id’, ‘FirstName’, ‘LastName’ ]);

Running a test on the Credit Card table with several Contact Id numbers, I was able to get multiple Cards back.

My recommendation is to do defensive programming. Not sure how your code works, but if you can get the Email Address of the User, you could run a check against the Id and Email Address first to see if the Contact is valid. If it is, then you can conduct your Card searching.

Otherwise, you will just have to work possible scenarios of how the Id number could have differed. Then it just boils down to bugs or human error afterwards.

1 Like

That IS quite true on some level… I did the coding. :sweat_smile:

Here is my code which is, what I have said is pretty straight forward:

$returnFields = array(‘Id’,‘NameOnCard’,‘CardType’,‘Last4’,‘ExpirationMonth’,‘ExpirationYear’,‘ContactId’,‘BillName’,‘BillAddress1’,‘BillAddress2’,‘BillCity’,‘BillState’,‘BillZip’,‘BillCountry’,‘PhoneNumber’,‘Email’);
$query = array(‘ContactId’ => ‘’.$infusion_id.‘’, ‘Status’ => 3); // Status 3 = exclude inactive and deleted cc
$ccdetails = $app->dsQuery(“CreditCard”,100,0,$query,$returnFields);

Now I know my variable $infusion_id does not contain multiple IDs since it is queried directly from DB, but it doesn’t change the fact that somewhere something has gone wrong. That being said, you have an awesome idea! I will work that into my code, cross referencing before I pull the CC details. Thank you very much @Pav!