When I try to update a stock option that was being used before the latest update, Im rec this error.

Fatal error: Uncaught ValueError: mail(): Argument #1 ($to) must not contain any null bytes in /home/offsvac4/public_html/oseadmin/inc/incfunctions.php:1600 Stack trace: #0 /home/offsvac4/public_html/oseadmin/inc/incfunctions.php(1600): mail('1yrphmgdpgulasz...', 'OffshoreElectri...', '<table border="...', 'MIME-Version: 1...') #1 /home/offsvac4/public_html/oseadmin/inc/incprodopts.php(105): dosendemail('1yrphmgdpgulasz...', 'ose-orders@offs...', '', 'OffshoreElectri...', '<table border="...') #2 /home/offsvac4/public_html/oseadmin/inc/incprodopts.php(313): checknotifystock('2568') #3 /home/offsvac4/public_html/oseadmin/adminprodopts.php(40): include('/home/offsvac4/...') #4 {main} thrown in /home/offsvac4/public_html/oseadmin/inc/incfunctions.php on line 1600

If I make a new option today, and edit it, I don't get that error.

Hi Steven
It looks like the people that are doing this to your site have managed to add some illegal email addresses to the Stock Notification table and that is causing this to error when you try to update the stock. I've added a couple of changes to your site just now so that firstly, the email is checked more thoroughly before being added to the stock notification. But secondly, if you go to the page...
ECT Admin -> Store Admin -> Database Utility
...you now have an option at the bottom, "Remove all stock notifications", which will clear the notifyinstock table.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Hiw do I first download the email logs for the item?

I have to notify real customers? Otherwise they are going to be pissed at us. Some people have been waiting months for select items that aren't made elsewhere.

Hi Steven
Probably the easiest way is then to access the database through your hosting control panel using phpMyAdmin. Then click on the "notifyinstock" table and then on the "Export" tab and export the contents in CSV format.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Ok, ive done that. And cleaned up all the garbage coding from the two days where we were hit.

How do we stop people from being able to inject code into this area?

Hi Steven
I've made changes (and added them to your site) so that only legal email addresses can be added to the stock notifications. But there is a difference between Code Injection / SQL Injection and what was happening here.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Thanks Vince. Where should I go from here?

Ive checked the orders and it looks like they are getting code into the actual order details. Ill email you those files.

Hi Steven
I've look through the file and again it's not code as such, more "illegal characters" in that it's not being run as code and is doing no harm.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

The harm is changing all the stock in our store to zero "0". Thats a big problem for us.

I guess the question, should be how do we stop them from doing this again?

Its happening at least once a year. Its cost us money, real customers frustration and lots of my hair pulling, and I don't have much hair left to pull out.

Sorry for the problems but there are changes in the updater that should stop this happening again. I've applied these changes to your site, Steven.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Thanks Vince