Solved

XML response string after a form post to an asp page....HELP PLEASE

Posted on 2004-10-27
233 Views
Last Modified: 2010-08-05
* I have a form on an asp that posts information to a cfm page on another server (the gateway)
* that cfm page sends the response to an asp page in XML format
* I have no trouble parsing the xml & doing what I need to do through ASP, XML DOM, etc but:

* the browser (IE6) displays the xml strings before any of my code is run, - I would rather it not display it at all & just let the asp code do all the parsing work. The latest MS XML parser is already installed on the server. How can I prevent this XML string text from appearing? It contains sensative transaction information so it is imperative it not become viewable to the user.

Any help would be appreciated --- oh yeah, I didn't post any code because the question is a general one: How can I prevent XML string text response from appearing on the browser?
0
Question by:TEKGOD666
    8 Comments
     
    LVL 26

    Expert Comment

    by:rdcpro
    In the general case the XML isn't sent to the browser at all--it's processed on the server.  The code example you posted before had client-side processing of XML.  Do all the processing of the XML on the server, and don't send anything to the client except the data they need to see.


    Do this:

    Browser
        \___________ASP Server
                                  \________________Remote CF Server

    and not:

    Browser
       \   \_________ASP Server
         \______________________________Remote CF Server


    If you use *any* kind of client-side processing, the XML will be available on the client, via "View Source".  

    Again, do all processing on the server, then send an HTML response to the client.

    Regards,
    Mike Sharp
    0
     

    Author Comment

    by:TEKGOD666
    Well either its not that simple or I guess I am just not getting it.

    See the form, has to post to the CFM server directly. I did try posting to another ASP page, which would in turn take the values of the form & do a Response.Redirect to the CF server, but I get the same result.
    0
     
    LVL 26

    Expert Comment

    by:rdcpro
    You mean, browser loads page from Server A (asp), then posts to Server B (cf)?

    That's not a good idea.  A response.redirect is essentially the same thing.  Many people will have the browser configured to refuse a form redirect.  Mine will prompt me, asking if I want to do this.  In most cases, I say no.

    I've said this several times--you have at least three places in your original code that will produce text in the browser.  There is a bug (several, actually) in that code.  

    As far as the architecture goes, what you're doing is essentiall server-side aggregation.  Send the Form to the client from the ASP page.  The client posts the filled out form fields to the ASP server.  The server reads those fields, constructs a POST to the CF server, parses the XML response, transforms the results using XSLT, and sends the results back to the client in the form of HTML.

    The model is like:

    Browser
        \___________ASP Server
                                  \________________Remote CF Server
                                   ____________________/
                                  /
                            ASP Server
          ___________/
         /
    Browser

    If you're still having trouble, I suggest posting the current version of your code--the browser side stuff along with any server-side stuff.

    Regards,
    Mike Sharp

    0
     

    Author Comment

    by:TEKGOD666
    OK, Here I will post a very simple example of what I mean --- the page is at www.overseas-prescription.com/demo payment.htm

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    <HTML><HEAD><TITLE>Demo Payment</TITLE>
    <META http-equiv=Content-Type content="text/html; charset=utf-8">
    <SCRIPT language=JavaScript src="Demo Payment_files/md5.js"
    type=text/javascript></SCRIPT>

    <SCRIPT language=JavaScript type=text/javascript>
    <!--
    function doMD5() {
    var md5Basis
          var thestring = "";
          thestring = thestring + document.Scandorder.merchant_id.value;
          thestring = thestring + document.Scandorder.tr_id.value;
          thestring = thestring + document.Scandorder.tr_amount.value;      
          if(document.Scandorder.API_version.value >= 9) {
                thestring = thestring + document.Scandorder.tr_currency.value;
          }
          thestring = thestring + document.Scandorder.tr_callback_url.value;
          
          thestring = thestring + document.Scandorder.tr_description.value;
          thestring = thestring + document.Scandorder.tr_testMode.value;
          
          thestring = thestring + document.Scandorder.tr_cc_type.value;
          thestring = thestring + document.Scandorder.tr_cc_number.value;
          thestring = thestring + document.Scandorder.tr_cc_exp_date.value;
          thestring = thestring + document.Scandorder.tr_cvx2.value;
          if(document.Scandorder.API_version.value >= 10) {
                thestring = thestring + document.Scandorder.tr_submerchant.value;
          }
          thestring = thestring + document.Scandorder.cus_title.value;
          thestring = thestring + document.Scandorder.cus_firstname.value;
          thestring = thestring + document.Scandorder.cus_lastname.value;
          thestring = thestring + document.Scandorder.cus_address1.value;
          thestring = thestring + document.Scandorder.cus_address2.value;
          thestring = thestring + document.Scandorder.cus_city.value;
          thestring = thestring + document.Scandorder.cus_state.value;
          thestring = thestring + document.Scandorder.cus_zip.value;
          thestring = thestring + document.Scandorder.cus_country.value;
          thestring = thestring + document.Scandorder.cus_phone.value;
          thestring = thestring + document.Scandorder.cus_cellphone.value;
          thestring = thestring + document.Scandorder.cus_email.value;
          
          thestring = thestring + document.Scandorder.cus_ssn.value;
          thestring = thestring + document.Scandorder.cus_birthday.value;
          
          thestring = thestring + document.Scandorder.secret_key.value;
          //alert(thestring);
          var theKey = hex_md5(thestring);
          //alert(theKey);
          
          document.Scandorder.checksum.value = theKey;
    }
    //-->
    </SCRIPT>

    <META content="MSHTML 6.00.2900.2180" name=GENERATOR></HEAD>
    <BODY><BR><BR>
    <FORM name=Scandorder
    action=https://www.scandorderinc.com/entrypoint.cfm method=POST>
    <TABLE>
      <TBODY>
      <TR>
        <TD>debug_output: </TD>
        <TD><INPUT size=80 value=Yes name=debug_output></TD></TR>
      <TR>
        <TD>merchant_id: </TD>
        <TD><INPUT size=80 value=12345 name=merchant_id></TD></TR>
      <TR>
        <TD>tr_id: </TD>
        <TD><INPUT size=80 value=112 name=tr_id></TD></TR>
      <TR>
        <TD>tr_amount: </TD>
        <TD><INPUT size=80 value=100 name=tr_amount></TD></TR>
      <TR>
        <TD>tr_currency: </TD>
        <TD><INPUT size=80 value=USD name=tr_currency></TD></TR>
      <TR>
        <TD>tr_callback_url: </TD>
        <TD><INPUT size=80
          value=https://merchants.scandorderinc.com/pos/pos_demo_callback.cfm
          name=tr_callback_url></TD></TR>
      <TR>
        <TD>tr_cc_type: </TD>
        <TD><INPUT size=80 value=visa name=tr_cc_type></TD></TR>
      <TR>
        <TD>tr_cc_number: </TD>
        <TD><INPUT size=80 value=4444333322221111 name=tr_cc_number></TD></TR>
      <TR>
        <TD>tr_cc_exp_date: </TD>
        <TD><INPUT size=80 value=0206 name=tr_cc_exp_date></TD></TR>
      <TR>
        <TD>tr_cvx2: </TD>
        <TD><INPUT size=80 value=123 name=tr_cvx2></TD></TR>
      <TR>
        <TD>tr_submerchant: </TD>
        <TD><INPUT size=80 name=tr_submerchant></TD></TR>
      <TR>
        <TD>tr_description: </TD>
        <TD><INPUT size=80 value=test name=tr_description></TD></TR>
      <TR>
        <TD>tr_testMode: </TD>
        <TD><INPUT size=80 value=yes name=tr_testMode></TD></TR>
      <TR>
        <TD>cus_title: </TD>
        <TD><INPUT size=80 value=Mr name=cus_title></TD></TR>
      <TR>
        <TD>cus_firstname: </TD>
        <TD><INPUT size=80 value=Chris name=cus_firstname></TD></TR>
      <TR>
        <TD>cus_lastname: </TD>
        <TD><INPUT size=80 value=Wesson name=cus_lastname></TD></TR>
      <TR>
        <TD>cus_address1: </TD>
        <TD><INPUT size=80 value="225 West 78 Street" name=cus_address1></TD></TR>
      <TR>
        <TD>cus_address2: </TD>
        <TD><INPUT size=80 name=cus_address2></TD></TR>
      <TR>
        <TD>cus_city: </TD>
        <TD><INPUT size=80 value="New York" name=cus_city></TD></TR>
      <TR>
        <TD>cus_state: </TD>
        <TD><INPUT size=80 value=NY name=cus_state></TD></TR>
      <TR>
        <TD>cus_zip: </TD>
        <TD><INPUT size=80 value=10024 name=cus_zip></TD></TR>
      <TR>
        <TD>cus_country: </TD>
        <TD><INPUT size=80 value=US name=cus_country></TD></TR>
      <TR>
        <TD>cus_phone: </TD>
        <TD><INPUT size=80 value="(212) 785 6684" name=cus_phone></TD></TR>
      <TR>
        <TD>cus_cellphone: </TD>
        <TD><INPUT size=80 name=cus_cellphone></TD></TR>
      <TR>
        <TD>cus_email: </TD>
        <TD><INPUT size=80 value=test@scandorderinc.com name=cus_email></TD></TR>
      <TR>
        <TD>cus_ssn: </TD>
        <TD><INPUT size=80 value=1234 name=cus_ssn></TD></TR>
      <TR>
        <TD>cus_birthday: </TD>
        <TD><INPUT size=80 value=050670 name=cus_birthday></TD></TR>
      <TR>
        <TD>secret_key: </TD>
        <TD><INPUT size=80 value=v7iTT5yq6_66eQ name=secret_key></TD></TR>
      <TR>
        <TD>API_version: </TD>
        <TD><INPUT size=80 value=10 name=API_version></TD></TR>
      <TR>
        <TD>
              <INPUT onclick=doMD5(); type=checkbox value="Calc Checksum" name="Calc Checksum"></TD>
        <TD><INPUT size=80 name=checksum>
          <input name="tr_customerdata_modify" type="hidden" id="tr_customerdata_modify" value="yes">
                                            <input name="tr_max_amount" type="hidden" id="tr_max_amount" value="0">
                                            <input name="tr_amount_modify" type="hidden" id="tr_amount_modify" value="no"></TD></TR>
      <TR>
        <TD align=middle colSpan=2><INPUT type=submit alt=Pay value=Scandorder name=pay></TD></TR></TBODY></TABLE></FORM></BODY></HTML>


    Upon clicking the submit form button (You have to click on the checksum button first!) The result page will show exactly what I mean. The XML string response is nicely parsed in a table, but before any of that wonderful XSLT parsing magic happens the raw XML text appears at the top of the page. I cannot send the variables needed by the CF server in any other format other than posting form variables directly, which would mean they would be client-side I guess. Thank you for your continuous help, & let me know if you can see anything I am doing wrong still.
    0
     
    LVL 26

    Expert Comment

    by:rdcpro
    Well, since this seems to be coming from the CFM server, do you have control over any of that code??  

    0
     

    Author Comment

    by:TEKGOD666
    Unfortunately no. It is a post to the payment gateway which simply bounces the transaction response in the form of XML strings to the address of my choosing. (This is referenced as the tr_callback_url form variable). Any recommendations? Thanks.
    0
     
    LVL 26

    Accepted Solution

    by:
    Well, I had the idea of adding a CSS rule that would set the display to none.  Oddly, that didn't seem to work, though it's not a real robust answer anyway.

    This is a very peculiar response from that gateway, to say the least.  I sure don't see any reason to send BOTH the XML and the HTML back to the request.  Weird.  

    Anyway, there is only one reliable solution that I can think of.  On the page that makes the post to the remote server, you'll need to parse the responseText, and either extract the XML and use it (preferable approach, because then you  have complete control over how it looks) or remove the XML from the response and use the HTML.

    To do this, you'll have to process the form post on your server, construct a request (this should actually be really easy, because everything that is posted to your server will be posted to the remote server), and then use the ServerXMLHTTP Request object to POST to the CFM server gateway.  You can find ASP examples of the use of this object on MSDN, but basically it's like:

    strPostBody = // string value of posted form fields.  This will look like the post body from the client.  You can use
                         // Request.BinaryRead(Request.TotalBytes) to get a safearray of the POST body, then convert that to a string

    var ServerXMLHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP.4.0");
    ServerXMLHTTP.open("POST", "URL TO GATEWAY", false)
    ServerXMLHTTP.send(strPostBody)


    Your response from the CFM server is parsed using Regular Expressions, or any other string method:

    strResponse = ServerXMLHTTP.responseText

    then use string functions to get the part you want.

    Regards,
    Mike Sharp
    0
     

    Author Comment

    by:TEKGOD666
    At long last a solution. I always understood the need to parse server-to-server but did not know how to post the form data from the server end directly to the remote server so the server xmlhttp was the trick & the Request.BinaryRead(Request.Totalbytes) saves alot of time in form handling. All I have to do left is extract the necessary XML strings for all the other functions but that shouldn't be too hard. Thanks a bunch, Mike.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Suggested Solutions

    Browsing the questions asked to the Experts of this forum, you will be amazed to see how many times people are headaching about monster regular expressions (regex) to select that specific part of some HTML or XML file they want to extract. The examp…
    Many times as a report developer I've been asked to display normalized data such as three rows with values Jack, Joe, and Bob as a single comma-separated string such as 'Jack, Joe, Bob', and vice versa.  Here's how to do it. 
    Want to pick and choose which updates you receive? Feel free to check out this quick video on how to manage your email notifications.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    875 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now