[Webinar] Streamline your web hosting managementRegister Today


XML response string after a form post to an asp page....HELP PLEASE

Posted on 2004-10-27
Medium Priority
Last Modified: 2010-08-05
* I have a form on an asp that posts information to a cfm page on another server (the gateway)
* that cfm page sends the response to an asp page in XML format
* I have no trouble parsing the xml & doing what I need to do through ASP, XML DOM, etc but:

* the browser (IE6) displays the xml strings before any of my code is run, - I would rather it not display it at all & just let the asp code do all the parsing work. The latest MS XML parser is already installed on the server. How can I prevent this XML string text from appearing? It contains sensative transaction information so it is imperative it not become viewable to the user.

Any help would be appreciated --- oh yeah, I didn't post any code because the question is a general one: How can I prevent XML string text response from appearing on the browser?
Question by:TEKGOD666
  • 4
  • 4
LVL 26

Expert Comment

ID: 12427273
In the general case the XML isn't sent to the browser at all--it's processed on the server.  The code example you posted before had client-side processing of XML.  Do all the processing of the XML on the server, and don't send anything to the client except the data they need to see.

Do this:

    \___________ASP Server
                              \________________Remote CF Server

and not:

   \   \_________ASP Server
     \______________________________Remote CF Server

If you use *any* kind of client-side processing, the XML will be available on the client, via "View Source".  

Again, do all processing on the server, then send an HTML response to the client.

Mike Sharp

Author Comment

ID: 12474051
Well either its not that simple or I guess I am just not getting it.

See the form, has to post to the CFM server directly. I did try posting to another ASP page, which would in turn take the values of the form & do a Response.Redirect to the CF server, but I get the same result.
LVL 26

Expert Comment

ID: 12476922
You mean, browser loads page from Server A (asp), then posts to Server B (cf)?

That's not a good idea.  A response.redirect is essentially the same thing.  Many people will have the browser configured to refuse a form redirect.  Mine will prompt me, asking if I want to do this.  In most cases, I say no.

I've said this several times--you have at least three places in your original code that will produce text in the browser.  There is a bug (several, actually) in that code.  

As far as the architecture goes, what you're doing is essentiall server-side aggregation.  Send the Form to the client from the ASP page.  The client posts the filled out form fields to the ASP server.  The server reads those fields, constructs a POST to the CF server, parses the XML response, transforms the results using XSLT, and sends the results back to the client in the form of HTML.

The model is like:

    \___________ASP Server
                              \________________Remote CF Server
                        ASP Server

If you're still having trouble, I suggest posting the current version of your code--the browser side stuff along with any server-side stuff.

Mike Sharp

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions


Author Comment

ID: 12478329
OK, Here I will post a very simple example of what I mean --- the page is at www.overseas-prescription.com/demo payment.htm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<SCRIPT language=JavaScript src="Demo Payment_files/md5.js"

<SCRIPT language=JavaScript type=text/javascript>
function doMD5() {
var md5Basis
      var thestring = "";
      thestring = thestring + document.Scandorder.merchant_id.value;
      thestring = thestring + document.Scandorder.tr_id.value;
      thestring = thestring + document.Scandorder.tr_amount.value;      
      if(document.Scandorder.API_version.value >= 9) {
            thestring = thestring + document.Scandorder.tr_currency.value;
      thestring = thestring + document.Scandorder.tr_callback_url.value;
      thestring = thestring + document.Scandorder.tr_description.value;
      thestring = thestring + document.Scandorder.tr_testMode.value;
      thestring = thestring + document.Scandorder.tr_cc_type.value;
      thestring = thestring + document.Scandorder.tr_cc_number.value;
      thestring = thestring + document.Scandorder.tr_cc_exp_date.value;
      thestring = thestring + document.Scandorder.tr_cvx2.value;
      if(document.Scandorder.API_version.value >= 10) {
            thestring = thestring + document.Scandorder.tr_submerchant.value;
      thestring = thestring + document.Scandorder.cus_title.value;
      thestring = thestring + document.Scandorder.cus_firstname.value;
      thestring = thestring + document.Scandorder.cus_lastname.value;
      thestring = thestring + document.Scandorder.cus_address1.value;
      thestring = thestring + document.Scandorder.cus_address2.value;
      thestring = thestring + document.Scandorder.cus_city.value;
      thestring = thestring + document.Scandorder.cus_state.value;
      thestring = thestring + document.Scandorder.cus_zip.value;
      thestring = thestring + document.Scandorder.cus_country.value;
      thestring = thestring + document.Scandorder.cus_phone.value;
      thestring = thestring + document.Scandorder.cus_cellphone.value;
      thestring = thestring + document.Scandorder.cus_email.value;
      thestring = thestring + document.Scandorder.cus_ssn.value;
      thestring = thestring + document.Scandorder.cus_birthday.value;
      thestring = thestring + document.Scandorder.secret_key.value;
      var theKey = hex_md5(thestring);
      document.Scandorder.checksum.value = theKey;

<META content="MSHTML 6.00.2900.2180" name=GENERATOR></HEAD>
<FORM name=Scandorder
action=https://www.scandorderinc.com/entrypoint.cfm method=POST>
    <TD>debug_output: </TD>
    <TD><INPUT size=80 value=Yes name=debug_output></TD></TR>
    <TD>merchant_id: </TD>
    <TD><INPUT size=80 value=12345 name=merchant_id></TD></TR>
    <TD>tr_id: </TD>
    <TD><INPUT size=80 value=112 name=tr_id></TD></TR>
    <TD>tr_amount: </TD>
    <TD><INPUT size=80 value=100 name=tr_amount></TD></TR>
    <TD>tr_currency: </TD>
    <TD><INPUT size=80 value=USD name=tr_currency></TD></TR>
    <TD>tr_callback_url: </TD>
    <TD><INPUT size=80
    <TD>tr_cc_type: </TD>
    <TD><INPUT size=80 value=visa name=tr_cc_type></TD></TR>
    <TD>tr_cc_number: </TD>
    <TD><INPUT size=80 value=4444333322221111 name=tr_cc_number></TD></TR>
    <TD>tr_cc_exp_date: </TD>
    <TD><INPUT size=80 value=0206 name=tr_cc_exp_date></TD></TR>
    <TD>tr_cvx2: </TD>
    <TD><INPUT size=80 value=123 name=tr_cvx2></TD></TR>
    <TD>tr_submerchant: </TD>
    <TD><INPUT size=80 name=tr_submerchant></TD></TR>
    <TD>tr_description: </TD>
    <TD><INPUT size=80 value=test name=tr_description></TD></TR>
    <TD>tr_testMode: </TD>
    <TD><INPUT size=80 value=yes name=tr_testMode></TD></TR>
    <TD>cus_title: </TD>
    <TD><INPUT size=80 value=Mr name=cus_title></TD></TR>
    <TD>cus_firstname: </TD>
    <TD><INPUT size=80 value=Chris name=cus_firstname></TD></TR>
    <TD>cus_lastname: </TD>
    <TD><INPUT size=80 value=Wesson name=cus_lastname></TD></TR>
    <TD>cus_address1: </TD>
    <TD><INPUT size=80 value="225 West 78 Street" name=cus_address1></TD></TR>
    <TD>cus_address2: </TD>
    <TD><INPUT size=80 name=cus_address2></TD></TR>
    <TD>cus_city: </TD>
    <TD><INPUT size=80 value="New York" name=cus_city></TD></TR>
    <TD>cus_state: </TD>
    <TD><INPUT size=80 value=NY name=cus_state></TD></TR>
    <TD>cus_zip: </TD>
    <TD><INPUT size=80 value=10024 name=cus_zip></TD></TR>
    <TD>cus_country: </TD>
    <TD><INPUT size=80 value=US name=cus_country></TD></TR>
    <TD>cus_phone: </TD>
    <TD><INPUT size=80 value="(212) 785 6684" name=cus_phone></TD></TR>
    <TD>cus_cellphone: </TD>
    <TD><INPUT size=80 name=cus_cellphone></TD></TR>
    <TD>cus_email: </TD>
    <TD><INPUT size=80 value=test@scandorderinc.com name=cus_email></TD></TR>
    <TD>cus_ssn: </TD>
    <TD><INPUT size=80 value=1234 name=cus_ssn></TD></TR>
    <TD>cus_birthday: </TD>
    <TD><INPUT size=80 value=050670 name=cus_birthday></TD></TR>
    <TD>secret_key: </TD>
    <TD><INPUT size=80 value=v7iTT5yq6_66eQ name=secret_key></TD></TR>
    <TD>API_version: </TD>
    <TD><INPUT size=80 value=10 name=API_version></TD></TR>
          <INPUT onclick=doMD5(); type=checkbox value="Calc Checksum" name="Calc Checksum"></TD>
    <TD><INPUT size=80 name=checksum>
      <input name="tr_customerdata_modify" type="hidden" id="tr_customerdata_modify" value="yes">
                                        <input name="tr_max_amount" type="hidden" id="tr_max_amount" value="0">
                                        <input name="tr_amount_modify" type="hidden" id="tr_amount_modify" value="no"></TD></TR>
    <TD align=middle colSpan=2><INPUT type=submit alt=Pay value=Scandorder name=pay></TD></TR></TBODY></TABLE></FORM></BODY></HTML>

Upon clicking the submit form button (You have to click on the checksum button first!) The result page will show exactly what I mean. The XML string response is nicely parsed in a table, but before any of that wonderful XSLT parsing magic happens the raw XML text appears at the top of the page. I cannot send the variables needed by the CF server in any other format other than posting form variables directly, which would mean they would be client-side I guess. Thank you for your continuous help, & let me know if you can see anything I am doing wrong still.
LVL 26

Expert Comment

ID: 12478509
Well, since this seems to be coming from the CFM server, do you have control over any of that code??  


Author Comment

ID: 12479844
Unfortunately no. It is a post to the payment gateway which simply bounces the transaction response in the form of XML strings to the address of my choosing. (This is referenced as the tr_callback_url form variable). Any recommendations? Thanks.
LVL 26

Accepted Solution

rdcpro earned 1200 total points
ID: 12486326
Well, I had the idea of adding a CSS rule that would set the display to none.  Oddly, that didn't seem to work, though it's not a real robust answer anyway.

This is a very peculiar response from that gateway, to say the least.  I sure don't see any reason to send BOTH the XML and the HTML back to the request.  Weird.  

Anyway, there is only one reliable solution that I can think of.  On the page that makes the post to the remote server, you'll need to parse the responseText, and either extract the XML and use it (preferable approach, because then you  have complete control over how it looks) or remove the XML from the response and use the HTML.

To do this, you'll have to process the form post on your server, construct a request (this should actually be really easy, because everything that is posted to your server will be posted to the remote server), and then use the ServerXMLHTTP Request object to POST to the CFM server gateway.  You can find ASP examples of the use of this object on MSDN, but basically it's like:

strPostBody = // string value of posted form fields.  This will look like the post body from the client.  You can use
                     // Request.BinaryRead(Request.TotalBytes) to get a safearray of the POST body, then convert that to a string

var ServerXMLHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP.4.0");
ServerXMLHTTP.open("POST", "URL TO GATEWAY", false)

Your response from the CFM server is parsed using Regular Expressions, or any other string method:

strResponse = ServerXMLHTTP.responseText

then use string functions to get the part you want.

Mike Sharp

Author Comment

ID: 12610876
At long last a solution. I always understood the need to parse server-to-server but did not know how to post the form data from the server end directly to the remote server so the server xmlhttp was the trick & the Request.BinaryRead(Request.Totalbytes) saves alot of time in form handling. All I have to do left is extract the necessary XML strings for all the other functions but that shouldn't be too hard. Thanks a bunch, Mike.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Confluence of Individual Knowledge and the Collective Intelligence At this writing (summer 2013) the term API (http://dictionary.reference.com/browse/API?s=t) has made its way into the popular lexicon of the English language.  A few years ago, …
I was working on a PowerPoint add-in the other day and a client asked me "can you implement a feature which processes a chart when it's pasted into a slide from another deck?". It got me wondering how to hook into built-in ribbon events in Office.
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question