Magento : Can't add product to cart after order

Question

After placing an order, it is not possible to add a product to cart. Magento keeps telling me : Cannot add the item to shopping cart.

Plus, if I try to reorder , I got an error :

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1";i:1;s:2954:"#0 C:\wamp\www\ronamagento\trunk\lib\Zend\Db\Statement.php(300): Zend_Db_Statement_Pdo->_execute(Array)

If I log out then relog in, everything works fine until I place another order.

Any idea?

---------------------- EDIT --------------------------

The errors seems to come from sales/order/controllers/OrderController.php , in the reorder function at the $cart->save();
And the same code in Checkout/controllers/CartController.php in the add function
Seems like my cart object is broken or something.

---------------------- EDIT --------------------------

---------------------- EDIT #2 --------------------------

Well , if I comment the line $this->getQuote()->collectTotals(); in the save function of Checkout/model/cart.php it seems to work but doesn't show that the item has been added to my cart. Then I put back the line of code and everything works fine. Seems like something is wrong in collectTotals()...

---------------------- EDIT #2 --------------------------

Thanks!

Answer 1

This most likely is an issue caused by a 3rd party module, perhaps rewriting a Magento model or providing an event listener (my preferred guess) with some unescaped (perhaps direct, not using Magento ORM infrastructure) SQL queries in it.

As a quick debug, I would suggest you try disabling (not via Admin, that wouldn't work as it does just disengage rendering, not rewrites or event listeners, but via renaming the third party module's "app/etc/modules/[Module_Name].xml" file to something like "app/etc/modules/[Module_Name].xml.disabled" so Magento ignores it) each of the 3rd party modules you have - one by one - until you can place the order.

Once you have identified the responsible module, you can either find the fix by properly escaping the string in the SQL query, or get back to the module's manufacturer asking to provide a fix for you.

You can also try proper debugging using xdebug, and I would highly discourage doing any of these in production environment, as you may cause outage.

Please note that using raw SQL queries with unescaped values is a security threat, as it may lead to SQL injection attacks. You could easily get your customer data stolen, or your database hacked, just by people using properly crafted URLs on your site.