?
Solved

Submitting to db before posting to payment gateway provider

Posted on 2005-02-28
11
Medium Priority
?
366 Views
Last Modified: 2013-11-29
I have a working page called process.asp where data from checkout.asp used to be posted to.

Before, when you click on "Click to complete your order" on checkout.asp page, all values are sent to process.asp via the post method.

What this process.asp page will do is process all data posted to it, submit them to the db and then send client an email giving details of customer purchase.

This was working fine.

But now, we are posting to payment gateway provider called viaklix like
<form method=post action = "https://viaklix/process.asp">

as a result, what is happening now is customer makes a purchase, viaklix sends an email to client notifying client of total amount, s & h, credit card number and expiration date.

So there is no way for the client to know who the customer is, and what products the customer purchased.

If we can get it now to write to the db before posting to payment provider, then the client will receive email here giving name of client, products pruchased etc.


I have both checkout.asp and process.asp files.

I will be more than happy to make any or both available if and when asked.

Thanks very much
0
Comment
Question by:nigerman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 

Author Comment

by:nigerman
ID: 13426329
Here is what we have been passing to payment gateway site:

    <INPUT type="hidden" name="ssl_merchant_id" value="4098384">
    <INPUT type="hidden" name="ssl_user_id" value="1056">
    <INPUT type="hidden" name="ssl_pin" value="58YUU0">
    <INPUT type="hidden" name="ssl_salestax" value="<%=lshippingCost%>">
    <INPUT type="hidden" name="ssl_number" value="<%=NumID%>">
    <INPUT type="hidden" name="ssl_amount" value="<%= formatCurrency(intTotal)%>">
>">


As stated previously, we would like to submit our data to our db before posting to viaklix, our payment gateway provider.

A suggestion was given to post to our process page first, then use session to declare the variables we need to pass to viaklix, to declare these fields on process page, then use redirect to send them to viaklix.

Below is my entire code.

I know it is long, sorry but it isn't working.

When I click submit, it redirects to viaklix site but does not send any of the values they are looking for but my email is getting sent.

<!-- #include file="db.asp" -->
<!-- #include file="functions.asp" -->
<!--METADATA TYPE="typelib" UUID="CD000000-8B95-11D1-82DB-00C04FB1625D"
NAME="CDO for Windows XP Library" -->

<%
Response.Buffer = true

%>

<%
Session("ssl_merchant_id") = "47887"
Session("ssl_user_id") = "musot"
Session("ssl_pin") = "(JYDD")

For Each key in Request.Form
      strname = key
      strvalue = Request.Form(key)
      Session(strname) = strvalue
Next

Dim arrCart, scartItem
      arrCart = Session("MyCart")
      scartItem = Session("cartItem")
      if scartItem = 0 then
            Response.Redirect "error.asp?msg=" & Server.URLEncode ("Or your session has expired, or you tried to re-submit the form.")
      end if

   'totalWeight = request.form("totalWeight")
   'response.write totalWeight
   'response.end


strTotal = CCur(Request.Form("ssl_amount"))
intTotal = Replace(strTotal,",",".")

      'On error resume next
      sqlAdd = "INSERT INTO orders(ocustomerid,odate,orderamount,totlShippingWeight,totlShippingCharges"
      If Not Request.Form("shipaddress")="" then
            sqlAdd = sqlAdd & ",oshipaddress,oshiptown,oshipzip,oshipstate,oshipcountry,oshipmethod"
      End If
      sqlAdd = sqlAdd & ") VALUES("
      sqlAdd = sqlAdd & Session("custid") & ",'"&date()&"'," & intTotal
      sqlAdd = sqlAdd & "," & Request.Form("totalWeight") & "," & Ccur(Request.Form("shippingCost")) & " "
      If Not Request.Form("shipaddress")="" then
            sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("shipaddress")) & "'"
            sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("shiptown")) & " '"
            sqlAdd = sqlAdd & ",'" & Request.Form("shipzip") & " '"
            sqlAdd = sqlAdd & ",'" & Request.Form("shipstate") & " '"
            sqlAdd = sqlAdd & ",'" & Request.Form("shipcountry") & " '"
      End If
      sqlAdd = sqlAdd & ")"
      'response.write sqlAdd
      'response.end
      call openConn()
      dbc.execute sqlAdd, intAffected

      if dbc.Errors.count > 0 then
            call closeConn()
            Response.Redirect "error.asp?msg=" & server.URLEncode("Error occurred sending info to Database. Please contact us.")
      elseif intAffected = 1 then
            'Dim oid, sqlo
            sqlo = "SELECT max(orderID) FROM orders"
            Set rso = dbc.Execute(sqlo)
            oid = Cint(rso(0))
            rso.Close

            If oid < 1 Then
                  call closeConn()
                  Response.Redirect "error.asp?msg=" & Server.URLEncode ("Error: No order id.")
            Else
                  'insert order items into oitems table
                  For i = 1 To scartItem
                        sqlOItem = "INSERT INTO oitems(orderid,catalogid,numitems) VALUES("
                        sqlOItem = sqlOItem & oid
                        sqlOItem = sqlOItem & "," & arrCart(cProductid,i)
                        sqlOItem = sqlOItem & "," & arrCart(cQuantity,i)
                        sqlOItem = sqlOItem & ")"
                        dbc.execute sqlOItem
                  Next
                  If dbc.Errors.Count > 0 then
                        call closeConn()
                        Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
                  else
                        'send mail to merchant, use function mailMerchant
                        blnMail =  mailMerchant("mydomain.com",oid,nosmtp)
                        if blnMail = false then
                              call closeConn()
                              Response.Redirect "error.asp?msg=" & Server.URLEncode ("Could not send mail to merchant.")
                        end if
                  end if
            End if
      else
            call closeConn()
            Response.Redirect "error.asp?msg=" & Server.URLEncode ("Order information could not be sent to database. Please try again later.")
      end if
            If dbc.Errors.Count > 0 then
                  dbc.Close
                  set dbc = nothing
                  Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
            Else
                  dbc.close
                  set dbc = nothing
                  'Response.Redirect "thanks.asp"
            End If

strTotal = CCur(Request.Form("ssl_amount"))
intTotal = Replace(strTotal,",",".")

      'On error resume next
      sqlAdd = "INSERT INTO orders(ocustomerid,odate,orderamount,totlShippingWeight,totlShippingCharges"
      If Not Request.Form("shipaddress")="" then
            sqlAdd = sqlAdd & ",oshipaddress,oshiptown,oshipzip,oshipstate,oshipcountry "
      End If
      sqlAdd = sqlAdd & ") VALUES("
      sqlAdd = sqlAdd & Session("custid") & ",'" & Date() & "'," & intTotal
      sqlAdd = sqlAdd & "," & Request.Form("totalWeight") & "," & Ccur(Request.Form("shippingCost")) & " "
      If Not Request.Form("shipaddress")="" then
            sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("shipaddress")) & "'"
            sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("shiptown")) & " '"
            sqlAdd = sqlAdd & ",'" & Request.Form("shipzip") & " '"
            sqlAdd = sqlAdd & ",'" & Request.Form("shipstate") & " '"
            sqlAdd = sqlAdd & ",'" & Request.Form("shipcountry") & " '"
      End If
      sqlAdd = sqlAdd & ")"
  'response.write sqlAdd
  'response.end

      call openConn()
      dbc.execute sqlAdd, intAffected

      if dbc.Errors.count > 0 then
            call closeConn()
            Response.Redirect "error.asp?msg=" & server.URLEncode("Error occurred sending info to Database. Please contact us.")
      elseif intAffected = 1 then
            Dim oid, sqlo
            sqlo = "SELECT max(orderID) FROM orders"
            Set rso = dbc.Execute(sqlo)
            oid = Cint(rso(0))
            rso.Close

            If oid < 1 Then
                  call closeConn()
                  Response.Redirect "error.asp?msg=" & Server.URLEncode ("Error: No order id.")
            Else
                  'insert order items into oitems table
                  For i = 1 To scartItem
                        sqlOItem = "INSERT INTO oitems(orderid,catalogid,numitems) VALUES("
                        sqlOItem = sqlOItem & oid
                        sqlOItem = sqlOItem & "," & arrCart(cProductid,i)
                        sqlOItem = sqlOItem & "," & arrCart(cQuantity,i)
                        sqlOItem = sqlOItem & ")"
                        dbc.execute sqlOItem
                  Next
                  If dbc.Errors.Count > 0 then
                        call closeConn()
                        Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
                  else
                        'send mail to merchant, use function mailMerchant
                        blnMail =  mailMerchant(mydomain.com",oid,nosmtp)
                        if blnMail = false then
                              call closeConn()
                              Response.Redirect "error.asp?msg=" & Server.URLEncode ("Could not send mail to merchant.")
                        end if
                  end if
            End if
      else
            call closeConn()
            Response.Redirect "error.asp?msg=" & Server.URLEncode ("Order information could not be sent to database. Please try again later.")
      end if
            If dbc.Errors.Count > 0 then
                  dbc.Close
                  set dbc = nothing
                  Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
            Else
                  dbc.close
                  set dbc = nothing
                  'Response.Redirect "thanks.asp"
            End If

function mailMerchant(merchantmail,orderid,smtpServer)
      'get client info from DB
      set cmd = server.CreateObject("ADODB.Command")
      cmd.ActiveConnection = dbc
      cmd.CommandText = "qryOrderInfo"
      cmd.CommandType = adCmdStoredProc
      set param = cmd.CreateParameter("oid",adInteger,adParamInput,4)
      cmd.Parameters.Append param
      cmd("oid") = orderid

      'build message body strBody
      set rs = server.CreateObject("ADODB.recordset")
      set rs = cmd.Execute
      if not rs.eof then
            strBody = "Online order by Millennium Health Products on " & rs("odate") & vbCrLf & vbCrLf
            strBody = strBody & "Customer info:" & vbCrLf
            strBody = strBody & rs("cfirstname") & vbCrLf
            strBody = strBody & rs("clastname") & vbCrLf
            strBody = strBody & rs("cemail") & vbCrLf
            strBody = strBody & rs("caddress") & " - " & rs("caddress2") & vbCrLf
            strBody = strBody & rs("ctown") & vbCrLf
            strBody = strBody & rs("czip") & vbCrLf
            strBody = strBody & rs("cstate") & vbCrLf
            strBody = strBody & rs("ccountry") & vbCrLf
            strBody = strBody & rs("cphone") & vbCrLf & vbCrLf

          strBody = strBody & "Ordered items:" & vbCrLf
          strBody = strBody & "Code" & vbTab & vbTab & "|" &"Item" & vbTab & vbTab & "|"  & "No." & vbTab & "|" & "Price" & vbCrLf
          strBody = strBody & "-------------------------------------------------------" & vbCrLf
          dblOrderTotal = 0
          while not rs.EOF
               strBody = strBody & rs("ccode") & vbTab & "|" & rs("cname") & vbTab & "|"
               lineTotal = rs("cprice")*rs("numitems")
               strBody = strBody & rs("numitems") & vbTab & "|" & FormatCurrency(lineTotal,2) & vbCrLf
               dblOrderTotal = dblOrderTotal + lineTotal
               rs.MoveNext
          wend
          strBody = strBody & "-------------------------------------------------------" & vbCrLf
          strBody = strBody & "Total: " & FormatCurrency(dblOrderTotal,2) & vbCrLf
          strBody = strBody & vbCrLf & vbCrLf

            rs.Close
            set rs = nothing
            set cmd = nothing

      '*******************************************
      'code for sending email.  This will one work on windows 2000 or windows xp.
      Dim iMsg
      Set iMsg = CreateObject("CDO.Message")
      Dim iBp
      Dim Flds
      Dim iConf
      Set iConf = CreateObject("CDO.Configuration")
      Set Flds = iConf.Fields
      Flds(cdoSendUsingMethod)  = cdoSendUsingPort
      Flds(cdoSMTPServer)       = "mail.domainName.com"
      Flds(cdoSMTPServerPort)   = 25
      Flds(cdoSMTPAuthenticate)     = cdoAnonymous ' 0
      Flds.Update
      With iMsg
       Set .Configuration = iConf
           .From = "mydomain.com"
           .To = "clientDomain.net"
           .Subject     = "Order Details"
           .TextBody    = strBody
             .Send
      End With
            if Err.number > 0 then
                  mailMerchant = false
            else
                  mailMerchant = true
            end if

            else

            rs.Close
            set rs = nothing
            set cmd = nothing
            mailMerchant = false
      end if
      '************************************

end function
Response.redirect "https://www.viaKLIX.com/process.asp"
%>
0
 
LVL 14

Accepted Solution

by:
huji earned 1200 total points
ID: 13427240
Hi
See, when you finally redirect the user to viaklix web site, you only send them to the preocess.asp page on their site WITHOUT any POST or GET data. So that site will do nothing with this user!
When the form's action was set to that site, all the INPUTs values where sent via POST to that site. Now when the pages are first sent to you, these data are sent to YOU, and Response.Redirect will not send them again. But viakilx needs that data to react correctly.
Now the solution:
1) If you can send the data via GET to that site too (you should ask that site's admin and confirm that you can send data via GET),      AND you are sure that the data can be placed on GET (which means be shown in the address bar) then try to send it via get: instead of what you have at the end, right now, try this:

Response.Redirect "https://www.viaKLIX.com/process.asp?ssl_user_id=" & Request("ssl_user_id") &_
     "&ssl_pin=" & Request("ssl_pin") & "&ssl_salestax=" & Request("ssl_salestax") & "&ssl_number=" & Request("ssl_number") &_
     "&ssl_amount=" & Request("ssl_amount")

Second choice: If their process.asp page can NOT read querystrings, then you have one other way:
Don't redirect them! Instead, follow this strategy: When the user clicks on submit, do all processes you've coded above, but instead of the response.redirect part, response.write some lines of html like this:

<html>
<body onload="document.forms[0].submit();">
<form action="https://www.viaKLIX.com/process.asp" method=post>
<INPUT type="hidden" name="ssl_user_id" value="<%=Request("ssl_user_id")%>">
<INPUT type="hidden" name="ssl_pin" value="<%=Request("ssl_pin")%>">
<INPUT type="hidden" name="ssl_salestax" value="<%=Request("ssl_salestax")%>">
<INPUT type="hidden" name="ssl_number" value="<%=Request("ssl_number")%>">
<INPUT type="hidden" name="ssl_amount" value="<%=Request("ssl_amount")%>">
</form>
</body>
</html>

What does it do? It sends a form to the user, and submits it just as the page is loaded in his browser. No user intertaction needed.
The only disadvantage: If user presses Cancel when this page is loaded, before the form is automatically submitted, then you have added records to your DB, but viaKLIX has not recieved the related data.
Solution: It would be great to find a way with vaiKLIX admins, to let YOUR SITE to make GET (querystring) request. Specially, it would be a good idea to manage it somehow, that you can send your querystring scrambeled (obfuscated), so that user can not simply modify it.
Wish I can help
Huji
0
 
LVL 14

Expert Comment

by:huji
ID: 13427246
Hi
See, when you finally redirect the user to viaklix web site, you only send them to the preocess.asp page on their site WITHOUT any POST or GET data. So that site will do nothing with this user!
When the form's action was set to that site, all the INPUTs values where sent via POST to that site. Now when the pages are first sent to you, these data are sent to YOU, and Response.Redirect will not send them again. But viakilx needs that data to react correctly.
Now the solution:
1) If you can send the data via GET to that site too (you should ask that site's admin and confirm that you can send data via GET),      AND you are sure that the data can be placed on GET (which means be shown in the address bar) then try to send it via get: instead of what you have at the end, right now, try this:

Response.Redirect "https://www.viaKLIX.com/process.asp?ssl_user_id=" & Request("ssl_user_id") &_
     "&ssl_pin=" & Request("ssl_pin") & "&ssl_salestax=" & Request("ssl_salestax") & "&ssl_number=" & Request("ssl_number") &_
     "&ssl_amount=" & Request("ssl_amount")

Second choice: If their process.asp page can NOT read querystrings, then you have one other way:
Don't redirect them! Instead, follow this strategy: When the user clicks on submit, do all processes you've coded above, but instead of the response.redirect part, response.write some lines of html like this:

<html>
<body onload="document.forms[0].submit();">
<form action="https://www.viaKLIX.com/process.asp" method=post>
<INPUT type="hidden" name="ssl_user_id" value="<%=Request("ssl_user_id")%>">
<INPUT type="hidden" name="ssl_pin" value="<%=Request("ssl_pin")%>">
<INPUT type="hidden" name="ssl_salestax" value="<%=Request("ssl_salestax")%>">
<INPUT type="hidden" name="ssl_number" value="<%=Request("ssl_number")%>">
<INPUT type="hidden" name="ssl_amount" value="<%=Request("ssl_amount")%>">
</form>
</body>
</html>

What does it do? It sends a form to the user, and submits it just as the page is loaded in his browser. No user intertaction needed.
The only disadvantage: If user presses Cancel when this page is loaded, before the form is automatically submitted, then you have added records to your DB, but viaKLIX has not recieved the related data.
Solution: It would be great to find a way with vaiKLIX admins, to let YOUR SITE to make GET (querystring) request. Specially, it would be a good idea to manage it somehow, that you can send your querystring scrambeled (obfuscated), so that user can not simply modify it.
Wish I can help
Huji
0
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

 
LVL 14

Expert Comment

by:huji
ID: 13427252
Oops, I posted it twice. Excuse me.
Huji
0
 

Author Comment

by:nigerman
ID: 13429227
thank you huji for your good suggestions.

Some really good asp programmers have suggested similar solutions, especially the html solution (your second solution).

My big concern with those is that someone with mischevious intent can write a sniffer code and get some infor about my client.

I don't want that to happen.

Although, as a temporary solution, I think I will try that because coming up with this solution has taken on an urgent significance,
giving the fact that a customer could potentially be making a purchase on the site now and there is no way for my client to know what items they have purchased.

Some people have suggested using XMLHTTP but I know nothing about that.

I doubt that we can send data via the GET method because it is a secure site and information being sent to it must follow a certain spec.
0
 
LVL 14

Expert Comment

by:huji
ID: 13430775
Hi again
1) No matter the method used to send information is GET or POST, unless you are protected with SSL or similar methods, the whole query can be simply "read" by a person with malcious intent. But if both your site, and the site you are redirecting to are secure sites (https://...) then there should be no worry about it.
About XMLHTTP, well we can focus on it now, but I doubt it would really help more than the other method (GET method).

Look at these links:
http://www.example-code.com/asp/xmlHttp.asp    (only the section above the line with ********************)
http://www.4guysfromrolla.com/webtech/110100-1.shtml

The above examples show how XMLHTTP works. In brief, XMLHTTP gives you a means, by use of which, you simulate a user sitting at your server, opening internet explorer, browsing to a web site that you define, and getting all the HTML returned by that site. Now, instead of showing that in internet explorer window(!) it gives the HTML to you, in a variable. So you can show it to your user for example. But you need to modify that HTML before sending it to your user....
Why don't we simply paste this obtained HTML to the HTML of our page? Becuase, that HTML contains many items, which should be set again, to have a meaning! (Bad explanation!!) Let's give an example:
You connect to www.viaKLIX.com web site, and in return, it gives you this html:
<html>
...
<body>
...
<img src="logo.gif">
...

When this page is actually seen as a part of a page fro viaKLIX.com   the browser "translates" the IMG line of code to such:
<img src="http://www.viaKILX.com/logo.gif">
So it requests that image from viaKLIX web server, and downloads it, and shows it. OK? Now suppose that you've got that HTML in a variable. If you simply paste it inside your response to your user, then the IMG line is translated to:
<img src="http://www.yourSite.com/logo.gif">
And the image file doesn't exist and... things mess up! The same thing happens to links (<a href="....) and this means you have to modify all image sources, link hrefs, etc, before showing it to the user. This is one part of the story which needs some hard work. (Not indeed!! I'm working on a simliar thing now myself, and I can help you, if you decide to use XMLHTTP.)
There are minor things left:
Suppose that you've fixed the abvoe bug. After all, the page is shown as a page in YOUR SITE. When links are from your site to viaKLIX site, their pages may not react correctly. You see, some security issues force financial sites to have a complete control of what they recieve. One security solution is to check if all data sent to their page is actually sent from another page in THEIR site. You must be aware of this, before shifting to XMLHTTP method.
Second, when you use XMLHTTP, it means, that, if viaKLIX.com stores anything in SESSION variable, it is stroed for that simulatory user at your server, and not for the real user sitting somewhere in the world, connecting to your site. Thus, the next click made by that user, can mean a user without required session ID, for viaKLIX web site, and things can again mess up! Same issue with cookies!
Third, when you use XMLHTTP, all requests for the process.asp page at their site, will be recorded to be sent from YOUR SERVER, and if they store IP adresses, etc, they will store your server's. So this can be a potential problem, in rare cases.
Fifth, if they make change to their web design (at viaKLIX) you may need to reconfigure your XMLHTTP and ASP codes. Some hours (or probably days) of delay in understanding such a case has happened, can make your users dissatisfied, or can even result in big financial problems.
After ALL, I recommend you avoid using XMLHTTP. The BEST solution is even to avoid the HTML method I mentioned (the second method of my above post.) If they can support GET, and they are secured, then you can simply redirect. Otherwise, your site, and their site, should integrate somehow.

Not-the-last note: As I stated above, it is an excellent idea to somehow cipher/scramble the things you send as the querystring to their site. For example a querystring like this:
?CreditCardNo=123-3808-4039-2386-5&price=23&....
can be scrambeled to such:
?sender=yourSite&data=1kj23kjl12j3lk4hj46gh2l14870vgar7qrhljgh1734ljdg7qt

Now, the process.asp page at viaKLIX.com web site can check for a "sender=yourSite" and as it understands the querystring is sent from your site, it can run a piece of code, which "decodes" that interesting data(!), to meaningful information.

Finalizing: Well, if all financial parts of the story are going to be done at viaKLIX.com site, and if this site belongs to a "big enough" company, then I, as a user, prefer things to be like this:
I go to your site, select an item, press "cash your cart" button, I'm sent to a SSL secured site named viaKLIX.com. There is some text there, and some links, which can help me ensure that this site is valid, secure, and trustful. The page also shows me what I'm going to pay for, how much I'm going to pay, so I fill in the forms, submit it, and then I'm redirected to your site again, and see a message like "thank you!"

Have you thought of requesting viaKLIX to provide you a mechanism to send the user back to your site?

Wish I can help
Huji
PS:Excuse me for writing this much! I'm trying to make things easier to understand.... or I'm hoping to! ;o)
0
 

Author Comment

by:nigerman
ID: 13431334
I really appreciate your hep, Huji.

Don't worry about the long text, the longer, the more information that I get, the better off I am.

Right now, I am using the html method and it seems to work fine except *one* thing - the salestax is not being posted to the viaklix site.

I did response.write, it is writing to our database but I can't get it to post to viaklix.

Please forgive but I am posting the entire code.

Can you see if you can figure out why, please.

I feel a lot of pressure right now because the site is already live and any customer purchase today will bring alot of confusion because there is no way for my client to know what products are being purchased.

I can either get that to work, or I can add that to my email program so that client see the salestax.

Once again, sorry for the long code I am posting.

Everything hidden html form is the same as on the checkout.asp page and it worked when it was from checkout straight to viaklix.

<!-- #include file="db.asp" -->
<!-- #include file="functions.asp" -->
<!--METADATA TYPE="typelib" UUID="CD000000-8B95-11D1-82DB-00C04FB1625D"
NAME="CDO for Windows XP Library" -->
<%
Response.Buffer = true

%>
<%
'===================================================
'Shopping Shart
'(c) 2004 KeNig, Inc
'===================================================
For Each key in Request.Form
      strname = key
      strvalue = Request.Form(key)
      Session(strname) = strvalue
Next

Dim arrCart, scartItem
      arrCart = Session("MyCart")
      scartItem = Session("cartItem")
      if scartItem = 0 then
            Response.Redirect "error.asp?msg=" & Server.URLEncode ("Or your session has expired, or you tried to re-submit the form.")
      end if

   'totalWeight = request.form("totalWeight")
   'response.write totalWeight
   'response.end


strTotal = CCur(Request.Form("ssl_amount"))
intTotal = Replace(strTotal,",",".")


      'On error resume next
      sqlAdd = "INSERT INTO orders(ocustomerid,odate,orderamount,totlShippingWeight,totlShippingCharges"
      If Not Request.Form("shipaddress")="" then
            sqlAdd = sqlAdd & ",oshipaddress,oshiptown,oshipzip,oshipstate,oshipcountry "
      End If
      sqlAdd = sqlAdd & ") VALUES("
      sqlAdd = sqlAdd & Session("custid") & ",'" & Date() & "'," & intTotal
      sqlAdd = sqlAdd & "," & Request.Form("totalWeight") & "," & CCur(Request.Form("ssl_salestax")) & " "
      If Not Request.Form("shipaddress")="" then
            sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("shipaddress")) & "'"
            sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("shiptown")) & " '"
            sqlAdd = sqlAdd & ",'" & Request.Form("shipzip") & " '"
            sqlAdd = sqlAdd & ",'" & Request.Form("shipstate") & " '"
            sqlAdd = sqlAdd & ",'" & Request.Form("shipcountry") & " '"
      End If
      sqlAdd = sqlAdd & ")"
      'response.write sqlAdd
      'response.end
      call openConn()
      dbc.execute sqlAdd, intAffected

      if dbc.Errors.count > 0 then
            call closeConn()
            Response.Redirect "error.asp?msg=" & server.URLEncode("Error occurred sending info to Database. Please contact us.")
      elseif intAffected = 1 then
            'Dim oid, sqlo
            sqlo = "SELECT max(orderID) FROM orders"
            Set rso = dbc.Execute(sqlo)
            oid = Cint(rso(0))
            rso.Close

            If oid < 1 Then
                  call closeConn()
                  Response.Redirect "error.asp?msg=" & Server.URLEncode ("Error: No order id.")
            Else
                  'insert order items into oitems table
                  For i = 1 To scartItem
                        sqlOItem = "INSERT INTO oitems(orderid,catalogid,numitems) VALUES("
                        sqlOItem = sqlOItem & oid
                        sqlOItem = sqlOItem & "," & arrCart(cProductid,i)
                        sqlOItem = sqlOItem & "," & arrCart(cQuantity,i)
                        sqlOItem = sqlOItem & ")"
                        dbc.execute sqlOItem
                  Next
                  If dbc.Errors.Count > 0 then
                        call closeConn()
                        Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
                  else
                        'send mail to merchant, use function mailMerchant
                        blnMail =  mailMerchant("ciss@bellsouh.net",oid,nosmtp)
                        if blnMail = false then
                              call closeConn()
                              Response.Redirect "error.asp?msg=" & Server.URLEncode ("Could not send mail to merchant.")
                        end if
                  end if
            End if
      else
            call closeConn()
            Response.Redirect "error.asp?msg=" & Server.URLEncode ("Order information could not be sent to database. Please try again later.")
      end if
            If dbc.Errors.Count > 0 then
                  dbc.Close
                  set dbc = nothing
                  Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
            Else
                  dbc.close
                  set dbc = nothing
                  'Response.Redirect "thanks.asp"
            End If

strTotal = CCur(Request.Form("ssl_amount"))
intTotal = Replace(strTotal,",",".")

      'On error resume next
      sqlAdd = "INSERT INTO orders(ocustomerid,odate,orderamount,totlShippingWeight,totlShippingCharges"
      If Not Request.Form("shipaddress")="" then
            sqlAdd = sqlAdd & ",oshipaddress,oshiptown,oshipzip,oshipstate,oshipcountry "
      End If
      sqlAdd = sqlAdd & ") VALUES("
      sqlAdd = sqlAdd & Session("custid") & ",'" & Date() & "'," & intTotal
      sqlAdd = sqlAdd & "," & Request.Form("totalWeight") & "," & CCur(Request.Form("ssl_salestax")) & " "
      If Not Request.Form("shipaddress")="" then
            sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("shipaddress")) & "'"
            sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("shiptown")) & " '"
            sqlAdd = sqlAdd & ",'" & Request.Form("shipzip") & " '"
            sqlAdd = sqlAdd & ",'" & Request.Form("shipstate") & " '"
            sqlAdd = sqlAdd & ",'" & Request.Form("shipcountry") & " '"
      End If
      sqlAdd = sqlAdd & ")"
  'response.write sqlAdd
  'response.end

      call openConn()
      dbc.execute sqlAdd, intAffected

      if dbc.Errors.count > 0 then
            call closeConn()
            Response.Redirect "error.asp?msg=" & server.URLEncode("Error occurred sending info to Database. Please contact us.")
      elseif intAffected = 1 then
            Dim oid, sqlo
            sqlo = "SELECT max(orderID) FROM orders"
            Set rso = dbc.Execute(sqlo)
            oid = Cint(rso(0))
            rso.Close

            If oid < 1 Then
                  call closeConn()
                  Response.Redirect "error.asp?msg=" & Server.URLEncode ("Error: No order id.")
            Else
                  'insert order items into oitems table
                  For i = 1 To scartItem
                        sqlOItem = "INSERT INTO oitems(orderid,catalogid,numitems) VALUES("
                        sqlOItem = sqlOItem & oid
                        sqlOItem = sqlOItem & "," & arrCart(cProductid,i)
                        sqlOItem = sqlOItem & "," & arrCart(cQuantity,i)
                        sqlOItem = sqlOItem & ")"
                        dbc.execute sqlOItem
                  Next
                  If dbc.Errors.Count > 0 then
                        call closeConn()
                        Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
                  else
                        'send mail to merchant, use function mailMerchant
                        blnMail =  mailMerchant("ciss@bellsouth.net",oid,nosmtp)
                        if blnMail = false then
                              call closeConn()
                              Response.Redirect "error.asp?msg=" & Server.URLEncode ("Could not send mail to merchant.")
                        end if
                  end if
            End if
      else
            call closeConn()
            Response.Redirect "error.asp?msg=" & Server.URLEncode ("Order information could not be sent to database. Please try again later.")
      end if
            If dbc.Errors.Count > 0 then
                  dbc.Close
                  set dbc = nothing
                  Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
            Else
                  dbc.close
                  set dbc = nothing
                  'Response.Redirect "thanks.asp"
            End If

function mailMerchant(merchantmail,orderid,smtpServer)
      'get client info from DB
      set cmd = server.CreateObject("ADODB.Command")
      cmd.ActiveConnection = dbc
      cmd.CommandText = "qryOrderInfo"
      cmd.CommandType = adCmdStoredProc
      set param = cmd.CreateParameter("oid",adInteger,adParamInput,4)
      cmd.Parameters.Append param
      cmd("oid") = orderid

      'build message body strBody
      set rs = server.CreateObject("ADODB.recordset")
      set rs = cmd.Execute
      if not rs.eof then
            strBody = "Online order by Millennium Health Products on " & rs("odate") & vbCrLf & vbCrLf
            strBody = strBody & "Customer info:" & vbCrLf
            strBody = strBody & rs("cfirstname") & vbCrLf
            strBody = strBody & rs("clastname") & vbCrLf
            strBody = strBody & rs("cemail") & vbCrLf
            strBody = strBody & rs("caddress") & " - " & rs("caddress2") & vbCrLf
            strBody = strBody & rs("ctown") & vbCrLf
            strBody = strBody & rs("czip") & vbCrLf
            strBody = strBody & rs("cstate") & vbCrLf
            strBody = strBody & rs("ccountry") & vbCrLf
            strBody = strBody & rs("cphone") & vbCrLf & vbCrLf

          strBody = strBody & "Ordered items:" & vbCrLf
          strBody = strBody & "Code" & vbTab & vbTab & "|" &"Item" & vbTab & vbTab & "|"  & "No." & vbTab & "|" & "Price" & vbCrLf
          strBody = strBody & "-------------------------------------------------------" & vbCrLf
          dblOrderTotal = 0
          while not rs.EOF
               strBody = strBody & rs("ccode") & vbTab & "|" & rs("cname") & vbTab & "|"
               lineTotal = rs("cprice")*rs("numitems")
               strBody = strBody & rs("numitems") & vbTab & "|" & FormatCurrency(lineTotal,2) & vbCrLf
               dblOrderTotal = dblOrderTotal + lineTotal
               rs.MoveNext
          wend
          strBody = strBody & "-------------------------------------------------------" & vbCrLf
          strBody = strBody & "Total: " & FormatCurrency(dblOrderTotal,2) & vbCrLf
          strBody = strBody & vbCrLf & vbCrLf

            rs.Close
            set rs = nothing
            set cmd = nothing

      '*******************************************
      'code for sending email.  This will one work on windows 2000 or windows xp.
      Dim iMsg
      Set iMsg = CreateObject("CDO.Message")
      Dim iBp
      Dim Flds
      Dim iConf
      Set iConf = CreateObject("CDO.Configuration")
      Set Flds = iConf.Fields
      Flds(cdoSendUsingMethod)  = cdoSendUsingPort
      Flds(cdoSMTPServer)       = "mail.bellsouth.net"
      Flds(cdoSMTPServerPort)   = 25
      Flds(cdoSMTPAuthenticate)     = cdoAnonymous ' 0
      Flds.Update
      With iMsg
       Set .Configuration = iConf
           .From = "ciss@bellsouth.net"
           .To = "ciss@bellsouth.net"
           .Subject     = "Millennium Health Products"
           .TextBody    = strBody
             .Send
      End With
            if Err.number > 0 then
                  mailMerchant = false
            else
                  mailMerchant = true
            end if

            else

            rs.Close
            set rs = nothing
            set cmd = nothing
            mailMerchant = false
      end if
      '************************************

end function
%>
<%
'--- Create 10-Character Invoice ID Code ---
Function CreateNewInvoiceID
Dim strInvoiceID, intSet, varRndChar
strInvoiceID = ""
Randomize
For i = 1 to 10
intSet = Int((2* Rnd) + 1) 'Generate a random number from 1 - 2 to mix up InvoiceID between letters and numbers
Select Case intSet
Case "1"
varRndChar = Chr(Int(10 * Rnd) + 48) 'Creates a random character between number 0 and 9
Case "2"
varRndChar = Chr(Int(26 * Rnd) + 65) 'Creates a random character between number A and Z
End Select
strInvoiceID = strInvoiceID + varRndChar
Next
CreateNewInvoiceID = "MHP" & strInvoiceID
End Function
%>
<html>
<body onload="document.forms[0].submit();">
<form action="https://www.viaKLIX.com/process.asp" method=post>
    <INPUT type="hidden" name="ssl_merchant_id" value="TT8784">
    <INPUT type="hidden" name="ssl_user_id" value="YT1056">
    <INPUT type="hidden" name="ssl_pin" value="5HJLJ0">
    <INPUT type="hidden" name="ssl_salestax" value="<%=lshippingCost%>">
    <INPUT type="hidden" name="ssl_invoice_number" value="<%=CreateNewInvoiceID%>">
    <INPUT type="hidden" name="ssl_amount" value="<%= formatCurrency(intTotal)%>">
</form>
</body>
</html>
0
 
LVL 14

Expert Comment

by:huji
ID: 13431494
Hi again
Thanks for showing interest to my efforts to explain everything. :o)

If salestax is not sent it means this line:
 <INPUT type="hidden" name="ssl_salestax" value="<%=lshippingCost%>">
is giving an output like:
 <INPUT type="hidden" name="ssl_salestax" value="">

which means lshippingCost variable contains an empty string, or contains nothing. Now, based on your code, this is true! You've never set a value for lshippingCost variable in the code you posted to me.

Solution: I guess you need to modfy that line to such:
 <INPUT type="hidden" name="ssl_salestax" value="<%=Request.Form("ssl_salestax")%>">
but I'm not sure.

Finally: Your code is not a long one man! Don't worry. Even when facing a big big code, I simply copy-paste it in Dreamweaver or anything, and then I have better control over it! The only disadvantage is this page needs more time to load, every time I visit it! ;o)

Wish I can help
Huji
0
 

Author Comment

by:nigerman
ID: 13431692
Wow, that did the trick!!

I can write the database and the information gets sent to viaklix.

This is wonderful, thanks so so so very much.

I wish that someday, I can have the understanding of asp like you and another gentleman that has helped me so many, many times -peh803.

 I have final request.

I need to format the email so that infor contained in it is readable.

For instance, the way I have it laid out is:

product code    product name   qty   unit price


Total Price.

This is fine as long as customer is purchasing one item but if the customer is purchasing more than one item, everything is confusing to read.

I can add extra points here or open up a new thread.

I would prefer to get it all done here because the email program is already on the code I posted, and besides, you already understand what is going on here.

Please help.

Thanks again for all the help.
0
 
LVL 14

Expert Comment

by:huji
ID: 13431831
EE suggest opening each question in a new thread. Beyond that, is the fact that EE works when some people try to help other people. I don't care if you increase the points or not. I just post my idea to you here:

I suggest this formatting for your email:
A for loop will create the following two lines:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
product code prductname qty unit price

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

and yes! The second line is empty! This makes things more readable. The final resutl will be like:

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
product code prductname qty unit price

product code prductname qty unit price

product code prductname qty unit price

product code prductname qty unit price

total price
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

or you may prefer to change my idea a bit to achieve this:

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
product code
prductname
qty
unit price

product code
prductname
qty
unit price

product code
prductname
qty
unit price

total price
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Wish I can help
Huji
0
 

Author Comment

by:nigerman
ID: 13432394
Ok,
I will just close this and open a new one.

I can't thank you enough for your assistance in this thread.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently read an article which suggested that 60% of businesses in the U.S. that process credit card details online in order to accept payment for goods or services were not Payment Card Industry security standards (PCI) compliant. This statement …
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question