XML response string after a form post to an asp page....HELP PLEASE

* I have a form on an asp that posts information to a cfm page on another server (the gateway)
* that cfm page sends the response to an asp page in XML format
* I have no trouble parsing the xml & doing what I need to do through ASP, XML DOM, etc but:

* the browser (IE6) displays the xml strings before any of my code is run, - I would rather it not display it at all & just let the asp code do all the parsing work. The latest MS XML parser is already installed on the server. How can I prevent this XML string text from appearing? It contains sensative transaction information so it is imperative it not become viewable to the user.

Any help would be appreciated --- oh yeah, I didn't post any code because the question is a general one: How can I prevent XML string text response from appearing on the browser?
Who is Participating?
Well, I had the idea of adding a CSS rule that would set the display to none.  Oddly, that didn't seem to work, though it's not a real robust answer anyway.

This is a very peculiar response from that gateway, to say the least.  I sure don't see any reason to send BOTH the XML and the HTML back to the request.  Weird.  

Anyway, there is only one reliable solution that I can think of.  On the page that makes the post to the remote server, you'll need to parse the responseText, and either extract the XML and use it (preferable approach, because then you  have complete control over how it looks) or remove the XML from the response and use the HTML.

To do this, you'll have to process the form post on your server, construct a request (this should actually be really easy, because everything that is posted to your server will be posted to the remote server), and then use the ServerXMLHTTP Request object to POST to the CFM server gateway.  You can find ASP examples of the use of this object on MSDN, but basically it's like:

strPostBody = // string value of posted form fields.  This will look like the post body from the client.  You can use
                     // Request.BinaryRead(Request.TotalBytes) to get a safearray of the POST body, then convert that to a string

var ServerXMLHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP.4.0");
ServerXMLHTTP.open("POST", "URL TO GATEWAY", false)

Your response from the CFM server is parsed using Regular Expressions, or any other string method:

strResponse = ServerXMLHTTP.responseText

then use string functions to get the part you want.

Mike Sharp
In the general case the XML isn't sent to the browser at all--it's processed on the server.  The code example you posted before had client-side processing of XML.  Do all the processing of the XML on the server, and don't send anything to the client except the data they need to see.

Do this:

    \___________ASP Server
                              \________________Remote CF Server

and not:

   \   \_________ASP Server
     \______________________________Remote CF Server

If you use *any* kind of client-side processing, the XML will be available on the client, via "View Source".  

Again, do all processing on the server, then send an HTML response to the client.

Mike Sharp
TEKGOD666Author Commented:
Well either its not that simple or I guess I am just not getting it.

See the form, has to post to the CFM server directly. I did try posting to another ASP page, which would in turn take the values of the form & do a Response.Redirect to the CF server, but I get the same result.
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

You mean, browser loads page from Server A (asp), then posts to Server B (cf)?

That's not a good idea.  A response.redirect is essentially the same thing.  Many people will have the browser configured to refuse a form redirect.  Mine will prompt me, asking if I want to do this.  In most cases, I say no.

I've said this several times--you have at least three places in your original code that will produce text in the browser.  There is a bug (several, actually) in that code.  

As far as the architecture goes, what you're doing is essentiall server-side aggregation.  Send the Form to the client from the ASP page.  The client posts the filled out form fields to the ASP server.  The server reads those fields, constructs a POST to the CF server, parses the XML response, transforms the results using XSLT, and sends the results back to the client in the form of HTML.

The model is like:

    \___________ASP Server
                              \________________Remote CF Server
                        ASP Server

If you're still having trouble, I suggest posting the current version of your code--the browser side stuff along with any server-side stuff.

Mike Sharp

TEKGOD666Author Commented:
OK, Here I will post a very simple example of what I mean --- the page is at www.overseas-prescription.com/demo payment.htm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<SCRIPT language=JavaScript src="Demo Payment_files/md5.js"

<SCRIPT language=JavaScript type=text/javascript>
function doMD5() {
var md5Basis
      var thestring = "";
      thestring = thestring + document.Scandorder.merchant_id.value;
      thestring = thestring + document.Scandorder.tr_id.value;
      thestring = thestring + document.Scandorder.tr_amount.value;      
      if(document.Scandorder.API_version.value >= 9) {
            thestring = thestring + document.Scandorder.tr_currency.value;
      thestring = thestring + document.Scandorder.tr_callback_url.value;
      thestring = thestring + document.Scandorder.tr_description.value;
      thestring = thestring + document.Scandorder.tr_testMode.value;
      thestring = thestring + document.Scandorder.tr_cc_type.value;
      thestring = thestring + document.Scandorder.tr_cc_number.value;
      thestring = thestring + document.Scandorder.tr_cc_exp_date.value;
      thestring = thestring + document.Scandorder.tr_cvx2.value;
      if(document.Scandorder.API_version.value >= 10) {
            thestring = thestring + document.Scandorder.tr_submerchant.value;
      thestring = thestring + document.Scandorder.cus_title.value;
      thestring = thestring + document.Scandorder.cus_firstname.value;
      thestring = thestring + document.Scandorder.cus_lastname.value;
      thestring = thestring + document.Scandorder.cus_address1.value;
      thestring = thestring + document.Scandorder.cus_address2.value;
      thestring = thestring + document.Scandorder.cus_city.value;
      thestring = thestring + document.Scandorder.cus_state.value;
      thestring = thestring + document.Scandorder.cus_zip.value;
      thestring = thestring + document.Scandorder.cus_country.value;
      thestring = thestring + document.Scandorder.cus_phone.value;
      thestring = thestring + document.Scandorder.cus_cellphone.value;
      thestring = thestring + document.Scandorder.cus_email.value;
      thestring = thestring + document.Scandorder.cus_ssn.value;
      thestring = thestring + document.Scandorder.cus_birthday.value;
      thestring = thestring + document.Scandorder.secret_key.value;
      var theKey = hex_md5(thestring);
      document.Scandorder.checksum.value = theKey;

<META content="MSHTML 6.00.2900.2180" name=GENERATOR></HEAD>
<FORM name=Scandorder
action=https://www.scandorderinc.com/entrypoint.cfm method=POST>
    <TD>debug_output: </TD>
    <TD><INPUT size=80 value=Yes name=debug_output></TD></TR>
    <TD>merchant_id: </TD>
    <TD><INPUT size=80 value=12345 name=merchant_id></TD></TR>
    <TD>tr_id: </TD>
    <TD><INPUT size=80 value=112 name=tr_id></TD></TR>
    <TD>tr_amount: </TD>
    <TD><INPUT size=80 value=100 name=tr_amount></TD></TR>
    <TD>tr_currency: </TD>
    <TD><INPUT size=80 value=USD name=tr_currency></TD></TR>
    <TD>tr_callback_url: </TD>
    <TD><INPUT size=80
    <TD>tr_cc_type: </TD>
    <TD><INPUT size=80 value=visa name=tr_cc_type></TD></TR>
    <TD>tr_cc_number: </TD>
    <TD><INPUT size=80 value=4444333322221111 name=tr_cc_number></TD></TR>
    <TD>tr_cc_exp_date: </TD>
    <TD><INPUT size=80 value=0206 name=tr_cc_exp_date></TD></TR>
    <TD>tr_cvx2: </TD>
    <TD><INPUT size=80 value=123 name=tr_cvx2></TD></TR>
    <TD>tr_submerchant: </TD>
    <TD><INPUT size=80 name=tr_submerchant></TD></TR>
    <TD>tr_description: </TD>
    <TD><INPUT size=80 value=test name=tr_description></TD></TR>
    <TD>tr_testMode: </TD>
    <TD><INPUT size=80 value=yes name=tr_testMode></TD></TR>
    <TD>cus_title: </TD>
    <TD><INPUT size=80 value=Mr name=cus_title></TD></TR>
    <TD>cus_firstname: </TD>
    <TD><INPUT size=80 value=Chris name=cus_firstname></TD></TR>
    <TD>cus_lastname: </TD>
    <TD><INPUT size=80 value=Wesson name=cus_lastname></TD></TR>
    <TD>cus_address1: </TD>
    <TD><INPUT size=80 value="225 West 78 Street" name=cus_address1></TD></TR>
    <TD>cus_address2: </TD>
    <TD><INPUT size=80 name=cus_address2></TD></TR>
    <TD>cus_city: </TD>
    <TD><INPUT size=80 value="New York" name=cus_city></TD></TR>
    <TD>cus_state: </TD>
    <TD><INPUT size=80 value=NY name=cus_state></TD></TR>
    <TD>cus_zip: </TD>
    <TD><INPUT size=80 value=10024 name=cus_zip></TD></TR>
    <TD>cus_country: </TD>
    <TD><INPUT size=80 value=US name=cus_country></TD></TR>
    <TD>cus_phone: </TD>
    <TD><INPUT size=80 value="(212) 785 6684" name=cus_phone></TD></TR>
    <TD>cus_cellphone: </TD>
    <TD><INPUT size=80 name=cus_cellphone></TD></TR>
    <TD>cus_email: </TD>
    <TD><INPUT size=80 value=test@scandorderinc.com name=cus_email></TD></TR>
    <TD>cus_ssn: </TD>
    <TD><INPUT size=80 value=1234 name=cus_ssn></TD></TR>
    <TD>cus_birthday: </TD>
    <TD><INPUT size=80 value=050670 name=cus_birthday></TD></TR>
    <TD>secret_key: </TD>
    <TD><INPUT size=80 value=v7iTT5yq6_66eQ name=secret_key></TD></TR>
    <TD>API_version: </TD>
    <TD><INPUT size=80 value=10 name=API_version></TD></TR>
          <INPUT onclick=doMD5(); type=checkbox value="Calc Checksum" name="Calc Checksum"></TD>
    <TD><INPUT size=80 name=checksum>
      <input name="tr_customerdata_modify" type="hidden" id="tr_customerdata_modify" value="yes">
                                        <input name="tr_max_amount" type="hidden" id="tr_max_amount" value="0">
                                        <input name="tr_amount_modify" type="hidden" id="tr_amount_modify" value="no"></TD></TR>
    <TD align=middle colSpan=2><INPUT type=submit alt=Pay value=Scandorder name=pay></TD></TR></TBODY></TABLE></FORM></BODY></HTML>

Upon clicking the submit form button (You have to click on the checksum button first!) The result page will show exactly what I mean. The XML string response is nicely parsed in a table, but before any of that wonderful XSLT parsing magic happens the raw XML text appears at the top of the page. I cannot send the variables needed by the CF server in any other format other than posting form variables directly, which would mean they would be client-side I guess. Thank you for your continuous help, & let me know if you can see anything I am doing wrong still.
Well, since this seems to be coming from the CFM server, do you have control over any of that code??  

TEKGOD666Author Commented:
Unfortunately no. It is a post to the payment gateway which simply bounces the transaction response in the form of XML strings to the address of my choosing. (This is referenced as the tr_callback_url form variable). Any recommendations? Thanks.
TEKGOD666Author Commented:
At long last a solution. I always understood the need to parse server-to-server but did not know how to post the form data from the server end directly to the remote server so the server xmlhttp was the trick & the Request.BinaryRead(Request.Totalbytes) saves alot of time in form handling. All I have to do left is extract the necessary XML strings for all the other functions but that shouldn't be too hard. Thanks a bunch, Mike.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.