nigerman
asked on
Submitting to db before posting to payment gateway provider
I have a working page called process.asp where data from checkout.asp used to be posted to.
Before, when you click on "Click to complete your order" on checkout.asp page, all values are sent to process.asp via the post method.
What this process.asp page will do is process all data posted to it, submit them to the db and then send client an email giving details of customer purchase.
This was working fine.
But now, we are posting to payment gateway provider called viaklix like
<form method=post action = "https://viaklix/process.asp">
as a result, what is happening now is customer makes a purchase, viaklix sends an email to client notifying client of total amount, s & h, credit card number and expiration date.
So there is no way for the client to know who the customer is, and what products the customer purchased.
If we can get it now to write to the db before posting to payment provider, then the client will receive email here giving name of client, products pruchased etc.
I have both checkout.asp and process.asp files.
I will be more than happy to make any or both available if and when asked.
Thanks very much
Before, when you click on "Click to complete your order" on checkout.asp page, all values are sent to process.asp via the post method.
What this process.asp page will do is process all data posted to it, submit them to the db and then send client an email giving details of customer purchase.
This was working fine.
But now, we are posting to payment gateway provider called viaklix like
<form method=post action = "https://viaklix/process.asp">
as a result, what is happening now is customer makes a purchase, viaklix sends an email to client notifying client of total amount, s & h, credit card number and expiration date.
So there is no way for the client to know who the customer is, and what products the customer purchased.
If we can get it now to write to the db before posting to payment provider, then the client will receive email here giving name of client, products pruchased etc.
I have both checkout.asp and process.asp files.
I will be more than happy to make any or both available if and when asked.
Thanks very much
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi
See, when you finally redirect the user to viaklix web site, you only send them to the preocess.asp page on their site WITHOUT any POST or GET data. So that site will do nothing with this user!
When the form's action was set to that site, all the INPUTs values where sent via POST to that site. Now when the pages are first sent to you, these data are sent to YOU, and Response.Redirect will not send them again. But viakilx needs that data to react correctly.
Now the solution:
1) If you can send the data via GET to that site too (you should ask that site's admin and confirm that you can send data via GET), AND you are sure that the data can be placed on GET (which means be shown in the address bar) then try to send it via get: instead of what you have at the end, right now, try this:
Response.Redirect "https://www.viaKLIX.com/process.asp?ssl_user_id=" & Request("ssl_user_id") &_
"&ssl_pin=" & Request("ssl_pin") & "&ssl_salestax=" & Request("ssl_salestax") & "&ssl_number=" & Request("ssl_number") &_
"&ssl_amount=" & Request("ssl_amount")
Second choice: If their process.asp page can NOT read querystrings, then you have one other way:
Don't redirect them! Instead, follow this strategy: When the user clicks on submit, do all processes you've coded above, but instead of the response.redirect part, response.write some lines of html like this:
<html>
<body onload="document.forms[0].
<form action="https://www.viaKLIX.com/process.asp" method=post>
<INPUT type="hidden" name="ssl_user_id" value="<%=Request("ssl_use
<INPUT type="hidden" name="ssl_pin" value="<%=Request("ssl_pin
<INPUT type="hidden" name="ssl_salestax" value="<%=Request("ssl_sal
<INPUT type="hidden" name="ssl_number" value="<%=Request("ssl_num
<INPUT type="hidden" name="ssl_amount" value="<%=Request("ssl_amo
</form>
</body>
</html>
What does it do? It sends a form to the user, and submits it just as the page is loaded in his browser. No user intertaction needed.
The only disadvantage: If user presses Cancel when this page is loaded, before the form is automatically submitted, then you have added records to your DB, but viaKLIX has not recieved the related data.
Solution: It would be great to find a way with vaiKLIX admins, to let YOUR SITE to make GET (querystring) request. Specially, it would be a good idea to manage it somehow, that you can send your querystring scrambeled (obfuscated), so that user can not simply modify it.
Wish I can help
Huji
See, when you finally redirect the user to viaklix web site, you only send them to the preocess.asp page on their site WITHOUT any POST or GET data. So that site will do nothing with this user!
When the form's action was set to that site, all the INPUTs values where sent via POST to that site. Now when the pages are first sent to you, these data are sent to YOU, and Response.Redirect will not send them again. But viakilx needs that data to react correctly.
Now the solution:
1) If you can send the data via GET to that site too (you should ask that site's admin and confirm that you can send data via GET), AND you are sure that the data can be placed on GET (which means be shown in the address bar) then try to send it via get: instead of what you have at the end, right now, try this:
Response.Redirect "https://www.viaKLIX.com/process.asp?ssl_user_id=" & Request("ssl_user_id") &_
"&ssl_pin=" & Request("ssl_pin") & "&ssl_salestax=" & Request("ssl_salestax") & "&ssl_number=" & Request("ssl_number") &_
"&ssl_amount=" & Request("ssl_amount")
Second choice: If their process.asp page can NOT read querystrings, then you have one other way:
Don't redirect them! Instead, follow this strategy: When the user clicks on submit, do all processes you've coded above, but instead of the response.redirect part, response.write some lines of html like this:
<html>
<body onload="document.forms[0].
<form action="https://www.viaKLIX.com/process.asp" method=post>
<INPUT type="hidden" name="ssl_user_id" value="<%=Request("ssl_use
<INPUT type="hidden" name="ssl_pin" value="<%=Request("ssl_pin
<INPUT type="hidden" name="ssl_salestax" value="<%=Request("ssl_sal
<INPUT type="hidden" name="ssl_number" value="<%=Request("ssl_num
<INPUT type="hidden" name="ssl_amount" value="<%=Request("ssl_amo
</form>
</body>
</html>
What does it do? It sends a form to the user, and submits it just as the page is loaded in his browser. No user intertaction needed.
The only disadvantage: If user presses Cancel when this page is loaded, before the form is automatically submitted, then you have added records to your DB, but viaKLIX has not recieved the related data.
Solution: It would be great to find a way with vaiKLIX admins, to let YOUR SITE to make GET (querystring) request. Specially, it would be a good idea to manage it somehow, that you can send your querystring scrambeled (obfuscated), so that user can not simply modify it.
Wish I can help
Huji
Oops, I posted it twice. Excuse me.
Huji
Huji
ASKER
thank you huji for your good suggestions.
Some really good asp programmers have suggested similar solutions, especially the html solution (your second solution).
My big concern with those is that someone with mischevious intent can write a sniffer code and get some infor about my client.
I don't want that to happen.
Although, as a temporary solution, I think I will try that because coming up with this solution has taken on an urgent significance,
giving the fact that a customer could potentially be making a purchase on the site now and there is no way for my client to know what items they have purchased.
Some people have suggested using XMLHTTP but I know nothing about that.
I doubt that we can send data via the GET method because it is a secure site and information being sent to it must follow a certain spec.
Some really good asp programmers have suggested similar solutions, especially the html solution (your second solution).
My big concern with those is that someone with mischevious intent can write a sniffer code and get some infor about my client.
I don't want that to happen.
Although, as a temporary solution, I think I will try that because coming up with this solution has taken on an urgent significance,
giving the fact that a customer could potentially be making a purchase on the site now and there is no way for my client to know what items they have purchased.
Some people have suggested using XMLHTTP but I know nothing about that.
I doubt that we can send data via the GET method because it is a secure site and information being sent to it must follow a certain spec.
Hi again
1) No matter the method used to send information is GET or POST, unless you are protected with SSL or similar methods, the whole query can be simply "read" by a person with malcious intent. But if both your site, and the site you are redirecting to are secure sites (https://...) then there should be no worry about it.
About XMLHTTP, well we can focus on it now, but I doubt it would really help more than the other method (GET method).
Look at these links:
http://www.example-code.com/asp/xmlHttp.asp (only the section above the line with ********************)
http://www.4guysfromrolla.com/webtech/110100-1.shtml
The above examples show how XMLHTTP works. In brief, XMLHTTP gives you a means, by use of which, you simulate a user sitting at your server, opening internet explorer, browsing to a web site that you define, and getting all the HTML returned by that site. Now, instead of showing that in internet explorer window(!) it gives the HTML to you, in a variable. So you can show it to your user for example. But you need to modify that HTML before sending it to your user....
Why don't we simply paste this obtained HTML to the HTML of our page? Becuase, that HTML contains many items, which should be set again, to have a meaning! (Bad explanation!!) Let's give an example:
You connect to www.viaKLIX.com web site, and in return, it gives you this html:
<html>
...
<body>
...
<img src="logo.gif">
...
When this page is actually seen as a part of a page fro viaKLIX.com the browser "translates" the IMG line of code to such:
<img src="http://www.viaKILX.com/logo.gif">
So it requests that image from viaKLIX web server, and downloads it, and shows it. OK? Now suppose that you've got that HTML in a variable. If you simply paste it inside your response to your user, then the IMG line is translated to:
<img src="http://www.yourSite.com/logo.gif">
And the image file doesn't exist and... things mess up! The same thing happens to links (<a href="....) and this means you have to modify all image sources, link hrefs, etc, before showing it to the user. This is one part of the story which needs some hard work. (Not indeed!! I'm working on a simliar thing now myself, and I can help you, if you decide to use XMLHTTP.)
There are minor things left:
Suppose that you've fixed the abvoe bug. After all, the page is shown as a page in YOUR SITE. When links are from your site to viaKLIX site, their pages may not react correctly. You see, some security issues force financial sites to have a complete control of what they recieve. One security solution is to check if all data sent to their page is actually sent from another page in THEIR site. You must be aware of this, before shifting to XMLHTTP method.
Second, when you use XMLHTTP, it means, that, if viaKLIX.com stores anything in SESSION variable, it is stroed for that simulatory user at your server, and not for the real user sitting somewhere in the world, connecting to your site. Thus, the next click made by that user, can mean a user without required session ID, for viaKLIX web site, and things can again mess up! Same issue with cookies!
Third, when you use XMLHTTP, all requests for the process.asp page at their site, will be recorded to be sent from YOUR SERVER, and if they store IP adresses, etc, they will store your server's. So this can be a potential problem, in rare cases.
Fifth, if they make change to their web design (at viaKLIX) you may need to reconfigure your XMLHTTP and ASP codes. Some hours (or probably days) of delay in understanding such a case has happened, can make your users dissatisfied, or can even result in big financial problems.
After ALL, I recommend you avoid using XMLHTTP. The BEST solution is even to avoid the HTML method I mentioned (the second method of my above post.) If they can support GET, and they are secured, then you can simply redirect. Otherwise, your site, and their site, should integrate somehow.
Not-the-last note: As I stated above, it is an excellent idea to somehow cipher/scramble the things you send as the querystring to their site. For example a querystring like this:
?CreditCardNo=123-3808-403
can be scrambeled to such:
?sender=yourSite&data=1kj2
Now, the process.asp page at viaKLIX.com web site can check for a "sender=yourSite" and as it understands the querystring is sent from your site, it can run a piece of code, which "decodes" that interesting data(!), to meaningful information.
Finalizing: Well, if all financial parts of the story are going to be done at viaKLIX.com site, and if this site belongs to a "big enough" company, then I, as a user, prefer things to be like this:
I go to your site, select an item, press "cash your cart" button, I'm sent to a SSL secured site named viaKLIX.com. There is some text there, and some links, which can help me ensure that this site is valid, secure, and trustful. The page also shows me what I'm going to pay for, how much I'm going to pay, so I fill in the forms, submit it, and then I'm redirected to your site again, and see a message like "thank you!"
Have you thought of requesting viaKLIX to provide you a mechanism to send the user back to your site?
Wish I can help
Huji
PS:Excuse me for writing this much! I'm trying to make things easier to understand.... or I'm hoping to! ;o)
1) No matter the method used to send information is GET or POST, unless you are protected with SSL or similar methods, the whole query can be simply "read" by a person with malcious intent. But if both your site, and the site you are redirecting to are secure sites (https://...) then there should be no worry about it.
About XMLHTTP, well we can focus on it now, but I doubt it would really help more than the other method (GET method).
Look at these links:
http://www.example-code.com/asp/xmlHttp.asp (only the section above the line with ********************)
http://www.4guysfromrolla.com/webtech/110100-1.shtml
The above examples show how XMLHTTP works. In brief, XMLHTTP gives you a means, by use of which, you simulate a user sitting at your server, opening internet explorer, browsing to a web site that you define, and getting all the HTML returned by that site. Now, instead of showing that in internet explorer window(!) it gives the HTML to you, in a variable. So you can show it to your user for example. But you need to modify that HTML before sending it to your user....
Why don't we simply paste this obtained HTML to the HTML of our page? Becuase, that HTML contains many items, which should be set again, to have a meaning! (Bad explanation!!) Let's give an example:
You connect to www.viaKLIX.com web site, and in return, it gives you this html:
<html>
...
<body>
...
<img src="logo.gif">
...
When this page is actually seen as a part of a page fro viaKLIX.com the browser "translates" the IMG line of code to such:
<img src="http://www.viaKILX.com/logo.gif">
So it requests that image from viaKLIX web server, and downloads it, and shows it. OK? Now suppose that you've got that HTML in a variable. If you simply paste it inside your response to your user, then the IMG line is translated to:
<img src="http://www.yourSite.com/logo.gif">
And the image file doesn't exist and... things mess up! The same thing happens to links (<a href="....) and this means you have to modify all image sources, link hrefs, etc, before showing it to the user. This is one part of the story which needs some hard work. (Not indeed!! I'm working on a simliar thing now myself, and I can help you, if you decide to use XMLHTTP.)
There are minor things left:
Suppose that you've fixed the abvoe bug. After all, the page is shown as a page in YOUR SITE. When links are from your site to viaKLIX site, their pages may not react correctly. You see, some security issues force financial sites to have a complete control of what they recieve. One security solution is to check if all data sent to their page is actually sent from another page in THEIR site. You must be aware of this, before shifting to XMLHTTP method.
Second, when you use XMLHTTP, it means, that, if viaKLIX.com stores anything in SESSION variable, it is stroed for that simulatory user at your server, and not for the real user sitting somewhere in the world, connecting to your site. Thus, the next click made by that user, can mean a user without required session ID, for viaKLIX web site, and things can again mess up! Same issue with cookies!
Third, when you use XMLHTTP, all requests for the process.asp page at their site, will be recorded to be sent from YOUR SERVER, and if they store IP adresses, etc, they will store your server's. So this can be a potential problem, in rare cases.
Fifth, if they make change to their web design (at viaKLIX) you may need to reconfigure your XMLHTTP and ASP codes. Some hours (or probably days) of delay in understanding such a case has happened, can make your users dissatisfied, or can even result in big financial problems.
After ALL, I recommend you avoid using XMLHTTP. The BEST solution is even to avoid the HTML method I mentioned (the second method of my above post.) If they can support GET, and they are secured, then you can simply redirect. Otherwise, your site, and their site, should integrate somehow.
Not-the-last note: As I stated above, it is an excellent idea to somehow cipher/scramble the things you send as the querystring to their site. For example a querystring like this:
?CreditCardNo=123-3808-403
can be scrambeled to such:
?sender=yourSite&data=1kj2
Now, the process.asp page at viaKLIX.com web site can check for a "sender=yourSite" and as it understands the querystring is sent from your site, it can run a piece of code, which "decodes" that interesting data(!), to meaningful information.
Finalizing: Well, if all financial parts of the story are going to be done at viaKLIX.com site, and if this site belongs to a "big enough" company, then I, as a user, prefer things to be like this:
I go to your site, select an item, press "cash your cart" button, I'm sent to a SSL secured site named viaKLIX.com. There is some text there, and some links, which can help me ensure that this site is valid, secure, and trustful. The page also shows me what I'm going to pay for, how much I'm going to pay, so I fill in the forms, submit it, and then I'm redirected to your site again, and see a message like "thank you!"
Have you thought of requesting viaKLIX to provide you a mechanism to send the user back to your site?
Wish I can help
Huji
PS:Excuse me for writing this much! I'm trying to make things easier to understand.... or I'm hoping to! ;o)
ASKER
I really appreciate your hep, Huji.
Don't worry about the long text, the longer, the more information that I get, the better off I am.
Right now, I am using the html method and it seems to work fine except *one* thing - the salestax is not being posted to the viaklix site.
I did response.write, it is writing to our database but I can't get it to post to viaklix.
Please forgive but I am posting the entire code.
Can you see if you can figure out why, please.
I feel a lot of pressure right now because the site is already live and any customer purchase today will bring alot of confusion because there is no way for my client to know what products are being purchased.
I can either get that to work, or I can add that to my email program so that client see the salestax.
Once again, sorry for the long code I am posting.
Everything hidden html form is the same as on the checkout.asp page and it worked when it was from checkout straight to viaklix.
<!-- #include file="db.asp" -->
<!-- #include file="functions.asp" -->
<!--METADATA TYPE="typelib" UUID="CD000000-8B95-11D1-8
NAME="CDO for Windows XP Library" -->
<%
Response.Buffer = true
%>
<%
'=========================
'Shopping Shart
'(c) 2004 KeNig, Inc
'=========================
For Each key in Request.Form
strname = key
strvalue = Request.Form(key)
Session(strname) = strvalue
Next
Dim arrCart, scartItem
arrCart = Session("MyCart")
scartItem = Session("cartItem")
if scartItem = 0 then
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Or your session has expired, or you tried to re-submit the form.")
end if
'totalWeight = request.form("totalWeight"
'response.write totalWeight
'response.end
strTotal = CCur(Request.Form("ssl_amo
intTotal = Replace(strTotal,",",".")
'On error resume next
sqlAdd = "INSERT INTO orders(ocustomerid,odate,o
If Not Request.Form("shipaddress"
sqlAdd = sqlAdd & ",oshipaddress,oshiptown,o
End If
sqlAdd = sqlAdd & ") VALUES("
sqlAdd = sqlAdd & Session("custid") & ",'" & Date() & "'," & intTotal
sqlAdd = sqlAdd & "," & Request.Form("totalWeight"
If Not Request.Form("shipaddress"
sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("s
sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("s
sqlAdd = sqlAdd & ",'" & Request.Form("shipzip") & " '"
sqlAdd = sqlAdd & ",'" & Request.Form("shipstate") & " '"
sqlAdd = sqlAdd & ",'" & Request.Form("shipcountry"
End If
sqlAdd = sqlAdd & ")"
'response.write sqlAdd
'response.end
call openConn()
dbc.execute sqlAdd, intAffected
if dbc.Errors.count > 0 then
call closeConn()
Response.Redirect "error.asp?msg=" & server.URLEncode("Error occurred sending info to Database. Please contact us.")
elseif intAffected = 1 then
'Dim oid, sqlo
sqlo = "SELECT max(orderID) FROM orders"
Set rso = dbc.Execute(sqlo)
oid = Cint(rso(0))
rso.Close
If oid < 1 Then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Error: No order id.")
Else
'insert order items into oitems table
For i = 1 To scartItem
sqlOItem = "INSERT INTO oitems(orderid,catalogid,n
sqlOItem = sqlOItem & oid
sqlOItem = sqlOItem & "," & arrCart(cProductid,i)
sqlOItem = sqlOItem & "," & arrCart(cQuantity,i)
sqlOItem = sqlOItem & ")"
dbc.execute sqlOItem
Next
If dbc.Errors.Count > 0 then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
else
'send mail to merchant, use function mailMerchant
blnMail = mailMerchant("ciss@bellsou
if blnMail = false then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Could not send mail to merchant.")
end if
end if
End if
else
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Order information could not be sent to database. Please try again later.")
end if
If dbc.Errors.Count > 0 then
dbc.Close
set dbc = nothing
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
Else
dbc.close
set dbc = nothing
'Response.Redirect "thanks.asp"
End If
strTotal = CCur(Request.Form("ssl_amo
intTotal = Replace(strTotal,",",".")
'On error resume next
sqlAdd = "INSERT INTO orders(ocustomerid,odate,o
If Not Request.Form("shipaddress"
sqlAdd = sqlAdd & ",oshipaddress,oshiptown,o
End If
sqlAdd = sqlAdd & ") VALUES("
sqlAdd = sqlAdd & Session("custid") & ",'" & Date() & "'," & intTotal
sqlAdd = sqlAdd & "," & Request.Form("totalWeight"
If Not Request.Form("shipaddress"
sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("s
sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("s
sqlAdd = sqlAdd & ",'" & Request.Form("shipzip") & " '"
sqlAdd = sqlAdd & ",'" & Request.Form("shipstate") & " '"
sqlAdd = sqlAdd & ",'" & Request.Form("shipcountry"
End If
sqlAdd = sqlAdd & ")"
'response.write sqlAdd
'response.end
call openConn()
dbc.execute sqlAdd, intAffected
if dbc.Errors.count > 0 then
call closeConn()
Response.Redirect "error.asp?msg=" & server.URLEncode("Error occurred sending info to Database. Please contact us.")
elseif intAffected = 1 then
Dim oid, sqlo
sqlo = "SELECT max(orderID) FROM orders"
Set rso = dbc.Execute(sqlo)
oid = Cint(rso(0))
rso.Close
If oid < 1 Then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Error: No order id.")
Else
'insert order items into oitems table
For i = 1 To scartItem
sqlOItem = "INSERT INTO oitems(orderid,catalogid,n
sqlOItem = sqlOItem & oid
sqlOItem = sqlOItem & "," & arrCart(cProductid,i)
sqlOItem = sqlOItem & "," & arrCart(cQuantity,i)
sqlOItem = sqlOItem & ")"
dbc.execute sqlOItem
Next
If dbc.Errors.Count > 0 then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
else
'send mail to merchant, use function mailMerchant
blnMail = mailMerchant("ciss@bellsou
if blnMail = false then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Could not send mail to merchant.")
end if
end if
End if
else
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Order information could not be sent to database. Please try again later.")
end if
If dbc.Errors.Count > 0 then
dbc.Close
set dbc = nothing
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
Else
dbc.close
set dbc = nothing
'Response.Redirect "thanks.asp"
End If
function mailMerchant(merchantmail,
'get client info from DB
set cmd = server.CreateObject("ADODB
cmd.ActiveConnection = dbc
cmd.CommandText = "qryOrderInfo"
cmd.CommandType = adCmdStoredProc
set param = cmd.CreateParameter("oid",
cmd.Parameters.Append param
cmd("oid") = orderid
'build message body strBody
set rs = server.CreateObject("ADODB
set rs = cmd.Execute
if not rs.eof then
strBody = "Online order by Millennium Health Products on " & rs("odate") & vbCrLf & vbCrLf
strBody = strBody & "Customer info:" & vbCrLf
strBody = strBody & rs("cfirstname") & vbCrLf
strBody = strBody & rs("clastname") & vbCrLf
strBody = strBody & rs("cemail") & vbCrLf
strBody = strBody & rs("caddress") & " - " & rs("caddress2") & vbCrLf
strBody = strBody & rs("ctown") & vbCrLf
strBody = strBody & rs("czip") & vbCrLf
strBody = strBody & rs("cstate") & vbCrLf
strBody = strBody & rs("ccountry") & vbCrLf
strBody = strBody & rs("cphone") & vbCrLf & vbCrLf
strBody = strBody & "Ordered items:" & vbCrLf
strBody = strBody & "Code" & vbTab & vbTab & "|" &"Item" & vbTab & vbTab & "|" & "No." & vbTab & "|" & "Price" & vbCrLf
strBody = strBody & "-------------------------
dblOrderTotal = 0
while not rs.EOF
strBody = strBody & rs("ccode") & vbTab & "|" & rs("cname") & vbTab & "|"
lineTotal = rs("cprice")*rs("numitems"
strBody = strBody & rs("numitems") & vbTab & "|" & FormatCurrency(lineTotal,2
dblOrderTotal = dblOrderTotal + lineTotal
rs.MoveNext
wend
strBody = strBody & "-------------------------
strBody = strBody & "Total: " & FormatCurrency(dblOrderTot
strBody = strBody & vbCrLf & vbCrLf
rs.Close
set rs = nothing
set cmd = nothing
'*************************
'code for sending email. This will one work on windows 2000 or windows xp.
Dim iMsg
Set iMsg = CreateObject("CDO.Message"
Dim iBp
Dim Flds
Dim iConf
Set iConf = CreateObject("CDO.Configur
Set Flds = iConf.Fields
Flds(cdoSendUsingMethod) = cdoSendUsingPort
Flds(cdoSMTPServer) = "mail.bellsouth.net"
Flds(cdoSMTPServerPort) = 25
Flds(cdoSMTPAuthenticate) = cdoAnonymous ' 0
Flds.Update
With iMsg
Set .Configuration = iConf
.From = "ciss@bellsouth.net"
.To = "ciss@bellsouth.net"
.Subject = "Millennium Health Products"
.TextBody = strBody
.Send
End With
if Err.number > 0 then
mailMerchant = false
else
mailMerchant = true
end if
else
rs.Close
set rs = nothing
set cmd = nothing
mailMerchant = false
end if
'*************************
end function
%>
<%
'--- Create 10-Character Invoice ID Code ---
Function CreateNewInvoiceID
Dim strInvoiceID, intSet, varRndChar
strInvoiceID = ""
Randomize
For i = 1 to 10
intSet = Int((2* Rnd) + 1) 'Generate a random number from 1 - 2 to mix up InvoiceID between letters and numbers
Select Case intSet
Case "1"
varRndChar = Chr(Int(10 * Rnd) + 48) 'Creates a random character between number 0 and 9
Case "2"
varRndChar = Chr(Int(26 * Rnd) + 65) 'Creates a random character between number A and Z
End Select
strInvoiceID = strInvoiceID + varRndChar
Next
CreateNewInvoiceID = "MHP" & strInvoiceID
End Function
%>
<html>
<body onload="document.forms[0].
<form action="https://www.viaKLIX.com/process.asp" method=post>
<INPUT type="hidden" name="ssl_merchant_id" value="TT8784">
<INPUT type="hidden" name="ssl_user_id" value="YT1056">
<INPUT type="hidden" name="ssl_pin" value="5HJLJ0">
<INPUT type="hidden" name="ssl_salestax" value="<%=lshippingCost%>"
<INPUT type="hidden" name="ssl_invoice_number" value="<%=CreateNewInvoice
<INPUT type="hidden" name="ssl_amount" value="<%= formatCurrency(intTotal)%>
</form>
</body>
</html>
Don't worry about the long text, the longer, the more information that I get, the better off I am.
Right now, I am using the html method and it seems to work fine except *one* thing - the salestax is not being posted to the viaklix site.
I did response.write, it is writing to our database but I can't get it to post to viaklix.
Please forgive but I am posting the entire code.
Can you see if you can figure out why, please.
I feel a lot of pressure right now because the site is already live and any customer purchase today will bring alot of confusion because there is no way for my client to know what products are being purchased.
I can either get that to work, or I can add that to my email program so that client see the salestax.
Once again, sorry for the long code I am posting.
Everything hidden html form is the same as on the checkout.asp page and it worked when it was from checkout straight to viaklix.
<!-- #include file="db.asp" -->
<!-- #include file="functions.asp" -->
<!--METADATA TYPE="typelib" UUID="CD000000-8B95-11D1-8
NAME="CDO for Windows XP Library" -->
<%
Response.Buffer = true
%>
<%
'=========================
'Shopping Shart
'(c) 2004 KeNig, Inc
'=========================
For Each key in Request.Form
strname = key
strvalue = Request.Form(key)
Session(strname) = strvalue
Next
Dim arrCart, scartItem
arrCart = Session("MyCart")
scartItem = Session("cartItem")
if scartItem = 0 then
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Or your session has expired, or you tried to re-submit the form.")
end if
'totalWeight = request.form("totalWeight"
'response.write totalWeight
'response.end
strTotal = CCur(Request.Form("ssl_amo
intTotal = Replace(strTotal,",",".")
'On error resume next
sqlAdd = "INSERT INTO orders(ocustomerid,odate,o
If Not Request.Form("shipaddress"
sqlAdd = sqlAdd & ",oshipaddress,oshiptown,o
End If
sqlAdd = sqlAdd & ") VALUES("
sqlAdd = sqlAdd & Session("custid") & ",'" & Date() & "'," & intTotal
sqlAdd = sqlAdd & "," & Request.Form("totalWeight"
If Not Request.Form("shipaddress"
sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("s
sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("s
sqlAdd = sqlAdd & ",'" & Request.Form("shipzip") & " '"
sqlAdd = sqlAdd & ",'" & Request.Form("shipstate") & " '"
sqlAdd = sqlAdd & ",'" & Request.Form("shipcountry"
End If
sqlAdd = sqlAdd & ")"
'response.write sqlAdd
'response.end
call openConn()
dbc.execute sqlAdd, intAffected
if dbc.Errors.count > 0 then
call closeConn()
Response.Redirect "error.asp?msg=" & server.URLEncode("Error occurred sending info to Database. Please contact us.")
elseif intAffected = 1 then
'Dim oid, sqlo
sqlo = "SELECT max(orderID) FROM orders"
Set rso = dbc.Execute(sqlo)
oid = Cint(rso(0))
rso.Close
If oid < 1 Then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Error: No order id.")
Else
'insert order items into oitems table
For i = 1 To scartItem
sqlOItem = "INSERT INTO oitems(orderid,catalogid,n
sqlOItem = sqlOItem & oid
sqlOItem = sqlOItem & "," & arrCart(cProductid,i)
sqlOItem = sqlOItem & "," & arrCart(cQuantity,i)
sqlOItem = sqlOItem & ")"
dbc.execute sqlOItem
Next
If dbc.Errors.Count > 0 then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
else
'send mail to merchant, use function mailMerchant
blnMail = mailMerchant("ciss@bellsou
if blnMail = false then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Could not send mail to merchant.")
end if
end if
End if
else
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Order information could not be sent to database. Please try again later.")
end if
If dbc.Errors.Count > 0 then
dbc.Close
set dbc = nothing
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
Else
dbc.close
set dbc = nothing
'Response.Redirect "thanks.asp"
End If
strTotal = CCur(Request.Form("ssl_amo
intTotal = Replace(strTotal,",",".")
'On error resume next
sqlAdd = "INSERT INTO orders(ocustomerid,odate,o
If Not Request.Form("shipaddress"
sqlAdd = sqlAdd & ",oshipaddress,oshiptown,o
End If
sqlAdd = sqlAdd & ") VALUES("
sqlAdd = sqlAdd & Session("custid") & ",'" & Date() & "'," & intTotal
sqlAdd = sqlAdd & "," & Request.Form("totalWeight"
If Not Request.Form("shipaddress"
sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("s
sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("s
sqlAdd = sqlAdd & ",'" & Request.Form("shipzip") & " '"
sqlAdd = sqlAdd & ",'" & Request.Form("shipstate") & " '"
sqlAdd = sqlAdd & ",'" & Request.Form("shipcountry"
End If
sqlAdd = sqlAdd & ")"
'response.write sqlAdd
'response.end
call openConn()
dbc.execute sqlAdd, intAffected
if dbc.Errors.count > 0 then
call closeConn()
Response.Redirect "error.asp?msg=" & server.URLEncode("Error occurred sending info to Database. Please contact us.")
elseif intAffected = 1 then
Dim oid, sqlo
sqlo = "SELECT max(orderID) FROM orders"
Set rso = dbc.Execute(sqlo)
oid = Cint(rso(0))
rso.Close
If oid < 1 Then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Error: No order id.")
Else
'insert order items into oitems table
For i = 1 To scartItem
sqlOItem = "INSERT INTO oitems(orderid,catalogid,n
sqlOItem = sqlOItem & oid
sqlOItem = sqlOItem & "," & arrCart(cProductid,i)
sqlOItem = sqlOItem & "," & arrCart(cQuantity,i)
sqlOItem = sqlOItem & ")"
dbc.execute sqlOItem
Next
If dbc.Errors.Count > 0 then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
else
'send mail to merchant, use function mailMerchant
blnMail = mailMerchant("ciss@bellsou
if blnMail = false then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Could not send mail to merchant.")
end if
end if
End if
else
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Order information could not be sent to database. Please try again later.")
end if
If dbc.Errors.Count > 0 then
dbc.Close
set dbc = nothing
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
Else
dbc.close
set dbc = nothing
'Response.Redirect "thanks.asp"
End If
function mailMerchant(merchantmail,
'get client info from DB
set cmd = server.CreateObject("ADODB
cmd.ActiveConnection = dbc
cmd.CommandText = "qryOrderInfo"
cmd.CommandType = adCmdStoredProc
set param = cmd.CreateParameter("oid",
cmd.Parameters.Append param
cmd("oid") = orderid
'build message body strBody
set rs = server.CreateObject("ADODB
set rs = cmd.Execute
if not rs.eof then
strBody = "Online order by Millennium Health Products on " & rs("odate") & vbCrLf & vbCrLf
strBody = strBody & "Customer info:" & vbCrLf
strBody = strBody & rs("cfirstname") & vbCrLf
strBody = strBody & rs("clastname") & vbCrLf
strBody = strBody & rs("cemail") & vbCrLf
strBody = strBody & rs("caddress") & " - " & rs("caddress2") & vbCrLf
strBody = strBody & rs("ctown") & vbCrLf
strBody = strBody & rs("czip") & vbCrLf
strBody = strBody & rs("cstate") & vbCrLf
strBody = strBody & rs("ccountry") & vbCrLf
strBody = strBody & rs("cphone") & vbCrLf & vbCrLf
strBody = strBody & "Ordered items:" & vbCrLf
strBody = strBody & "Code" & vbTab & vbTab & "|" &"Item" & vbTab & vbTab & "|" & "No." & vbTab & "|" & "Price" & vbCrLf
strBody = strBody & "-------------------------
dblOrderTotal = 0
while not rs.EOF
strBody = strBody & rs("ccode") & vbTab & "|" & rs("cname") & vbTab & "|"
lineTotal = rs("cprice")*rs("numitems"
strBody = strBody & rs("numitems") & vbTab & "|" & FormatCurrency(lineTotal,2
dblOrderTotal = dblOrderTotal + lineTotal
rs.MoveNext
wend
strBody = strBody & "-------------------------
strBody = strBody & "Total: " & FormatCurrency(dblOrderTot
strBody = strBody & vbCrLf & vbCrLf
rs.Close
set rs = nothing
set cmd = nothing
'*************************
'code for sending email. This will one work on windows 2000 or windows xp.
Dim iMsg
Set iMsg = CreateObject("CDO.Message"
Dim iBp
Dim Flds
Dim iConf
Set iConf = CreateObject("CDO.Configur
Set Flds = iConf.Fields
Flds(cdoSendUsingMethod) = cdoSendUsingPort
Flds(cdoSMTPServer) = "mail.bellsouth.net"
Flds(cdoSMTPServerPort) = 25
Flds(cdoSMTPAuthenticate) = cdoAnonymous ' 0
Flds.Update
With iMsg
Set .Configuration = iConf
.From = "ciss@bellsouth.net"
.To = "ciss@bellsouth.net"
.Subject = "Millennium Health Products"
.TextBody = strBody
.Send
End With
if Err.number > 0 then
mailMerchant = false
else
mailMerchant = true
end if
else
rs.Close
set rs = nothing
set cmd = nothing
mailMerchant = false
end if
'*************************
end function
%>
<%
'--- Create 10-Character Invoice ID Code ---
Function CreateNewInvoiceID
Dim strInvoiceID, intSet, varRndChar
strInvoiceID = ""
Randomize
For i = 1 to 10
intSet = Int((2* Rnd) + 1) 'Generate a random number from 1 - 2 to mix up InvoiceID between letters and numbers
Select Case intSet
Case "1"
varRndChar = Chr(Int(10 * Rnd) + 48) 'Creates a random character between number 0 and 9
Case "2"
varRndChar = Chr(Int(26 * Rnd) + 65) 'Creates a random character between number A and Z
End Select
strInvoiceID = strInvoiceID + varRndChar
Next
CreateNewInvoiceID = "MHP" & strInvoiceID
End Function
%>
<html>
<body onload="document.forms[0].
<form action="https://www.viaKLIX.com/process.asp" method=post>
<INPUT type="hidden" name="ssl_merchant_id" value="TT8784">
<INPUT type="hidden" name="ssl_user_id" value="YT1056">
<INPUT type="hidden" name="ssl_pin" value="5HJLJ0">
<INPUT type="hidden" name="ssl_salestax" value="<%=lshippingCost%>"
<INPUT type="hidden" name="ssl_invoice_number" value="<%=CreateNewInvoice
<INPUT type="hidden" name="ssl_amount" value="<%= formatCurrency(intTotal)%>
</form>
</body>
</html>
Hi again
Thanks for showing interest to my efforts to explain everything. :o)
If salestax is not sent it means this line:
<INPUT type="hidden" name="ssl_salestax" value="<%=lshippingCost%>"
is giving an output like:
<INPUT type="hidden" name="ssl_salestax" value="">
which means lshippingCost variable contains an empty string, or contains nothing. Now, based on your code, this is true! You've never set a value for lshippingCost variable in the code you posted to me.
Solution: I guess you need to modfy that line to such:
<INPUT type="hidden" name="ssl_salestax" value="<%=Request.Form("ss
but I'm not sure.
Finally: Your code is not a long one man! Don't worry. Even when facing a big big code, I simply copy-paste it in Dreamweaver or anything, and then I have better control over it! The only disadvantage is this page needs more time to load, every time I visit it! ;o)
Wish I can help
Huji
Thanks for showing interest to my efforts to explain everything. :o)
If salestax is not sent it means this line:
<INPUT type="hidden" name="ssl_salestax" value="<%=lshippingCost%>"
is giving an output like:
<INPUT type="hidden" name="ssl_salestax" value="">
which means lshippingCost variable contains an empty string, or contains nothing. Now, based on your code, this is true! You've never set a value for lshippingCost variable in the code you posted to me.
Solution: I guess you need to modfy that line to such:
<INPUT type="hidden" name="ssl_salestax" value="<%=Request.Form("ss
but I'm not sure.
Finally: Your code is not a long one man! Don't worry. Even when facing a big big code, I simply copy-paste it in Dreamweaver or anything, and then I have better control over it! The only disadvantage is this page needs more time to load, every time I visit it! ;o)
Wish I can help
Huji
ASKER
Wow, that did the trick!!
I can write the database and the information gets sent to viaklix.
This is wonderful, thanks so so so very much.
I wish that someday, I can have the understanding of asp like you and another gentleman that has helped me so many, many times -peh803.
I have final request.
I need to format the email so that infor contained in it is readable.
For instance, the way I have it laid out is:
product code product name qty unit price
Total Price.
This is fine as long as customer is purchasing one item but if the customer is purchasing more than one item, everything is confusing to read.
I can add extra points here or open up a new thread.
I would prefer to get it all done here because the email program is already on the code I posted, and besides, you already understand what is going on here.
Please help.
Thanks again for all the help.
I can write the database and the information gets sent to viaklix.
This is wonderful, thanks so so so very much.
I wish that someday, I can have the understanding of asp like you and another gentleman that has helped me so many, many times -peh803.
I have final request.
I need to format the email so that infor contained in it is readable.
For instance, the way I have it laid out is:
product code product name qty unit price
Total Price.
This is fine as long as customer is purchasing one item but if the customer is purchasing more than one item, everything is confusing to read.
I can add extra points here or open up a new thread.
I would prefer to get it all done here because the email program is already on the code I posted, and besides, you already understand what is going on here.
Please help.
Thanks again for all the help.
EE suggest opening each question in a new thread. Beyond that, is the fact that EE works when some people try to help other people. I don't care if you increase the points or not. I just post my idea to you here:
I suggest this formatting for your email:
A for loop will create the following two lines:
=-=-=-=-=-=-=-=-=-=-=-=-=-
product code prductname qty unit price
=-=-=-=-=-=-=-=-=-=-=-=-=-
and yes! The second line is empty! This makes things more readable. The final resutl will be like:
=-=-=-=-=-=-=-=-=-=-=-=-=-
product code prductname qty unit price
product code prductname qty unit price
product code prductname qty unit price
product code prductname qty unit price
total price
=-=-=-=-=-=-=-=-=-=-=-=-=-
or you may prefer to change my idea a bit to achieve this:
=-=-=-=-=-=-=-=-=-=-=-=-=-
product code
prductname
qty
unit price
product code
prductname
qty
unit price
product code
prductname
qty
unit price
total price
=-=-=-=-=-=-=-=-=-=-=-=-=-
Wish I can help
Huji
I suggest this formatting for your email:
A for loop will create the following two lines:
=-=-=-=-=-=-=-=-=-=-=-=-=-
product code prductname qty unit price
=-=-=-=-=-=-=-=-=-=-=-=-=-
and yes! The second line is empty! This makes things more readable. The final resutl will be like:
=-=-=-=-=-=-=-=-=-=-=-=-=-
product code prductname qty unit price
product code prductname qty unit price
product code prductname qty unit price
product code prductname qty unit price
total price
=-=-=-=-=-=-=-=-=-=-=-=-=-
or you may prefer to change my idea a bit to achieve this:
=-=-=-=-=-=-=-=-=-=-=-=-=-
product code
prductname
qty
unit price
product code
prductname
qty
unit price
product code
prductname
qty
unit price
total price
=-=-=-=-=-=-=-=-=-=-=-=-=-
Wish I can help
Huji
ASKER
Ok,
I will just close this and open a new one.
I can't thank you enough for your assistance in this thread.
I will just close this and open a new one.
I can't thank you enough for your assistance in this thread.
ASKER
<INPUT type="hidden" name="ssl_merchant_id" value="4098384">
<INPUT type="hidden" name="ssl_user_id" value="1056">
<INPUT type="hidden" name="ssl_pin" value="58YUU0">
<INPUT type="hidden" name="ssl_salestax" value="<%=lshippingCost%>"
<INPUT type="hidden" name="ssl_number" value="<%=NumID%>">
<INPUT type="hidden" name="ssl_amount" value="<%= formatCurrency(intTotal)%>
>">
As stated previously, we would like to submit our data to our db before posting to viaklix, our payment gateway provider.
A suggestion was given to post to our process page first, then use session to declare the variables we need to pass to viaklix, to declare these fields on process page, then use redirect to send them to viaklix.
Below is my entire code.
I know it is long, sorry but it isn't working.
When I click submit, it redirects to viaklix site but does not send any of the values they are looking for but my email is getting sent.
<!-- #include file="db.asp" -->
<!-- #include file="functions.asp" -->
<!--METADATA TYPE="typelib" UUID="CD000000-8B95-11D1-8
NAME="CDO for Windows XP Library" -->
<%
Response.Buffer = true
%>
<%
Session("ssl_merchant_id")
Session("ssl_user_id") = "musot"
Session("ssl_pin") = "(JYDD")
For Each key in Request.Form
strname = key
strvalue = Request.Form(key)
Session(strname) = strvalue
Next
Dim arrCart, scartItem
arrCart = Session("MyCart")
scartItem = Session("cartItem")
if scartItem = 0 then
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Or your session has expired, or you tried to re-submit the form.")
end if
'totalWeight = request.form("totalWeight"
'response.write totalWeight
'response.end
strTotal = CCur(Request.Form("ssl_amo
intTotal = Replace(strTotal,",",".")
'On error resume next
sqlAdd = "INSERT INTO orders(ocustomerid,odate,o
If Not Request.Form("shipaddress"
sqlAdd = sqlAdd & ",oshipaddress,oshiptown,o
End If
sqlAdd = sqlAdd & ") VALUES("
sqlAdd = sqlAdd & Session("custid") & ",'"&date()&"'," & intTotal
sqlAdd = sqlAdd & "," & Request.Form("totalWeight"
If Not Request.Form("shipaddress"
sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("s
sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("s
sqlAdd = sqlAdd & ",'" & Request.Form("shipzip") & " '"
sqlAdd = sqlAdd & ",'" & Request.Form("shipstate") & " '"
sqlAdd = sqlAdd & ",'" & Request.Form("shipcountry"
End If
sqlAdd = sqlAdd & ")"
'response.write sqlAdd
'response.end
call openConn()
dbc.execute sqlAdd, intAffected
if dbc.Errors.count > 0 then
call closeConn()
Response.Redirect "error.asp?msg=" & server.URLEncode("Error occurred sending info to Database. Please contact us.")
elseif intAffected = 1 then
'Dim oid, sqlo
sqlo = "SELECT max(orderID) FROM orders"
Set rso = dbc.Execute(sqlo)
oid = Cint(rso(0))
rso.Close
If oid < 1 Then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Error: No order id.")
Else
'insert order items into oitems table
For i = 1 To scartItem
sqlOItem = "INSERT INTO oitems(orderid,catalogid,n
sqlOItem = sqlOItem & oid
sqlOItem = sqlOItem & "," & arrCart(cProductid,i)
sqlOItem = sqlOItem & "," & arrCart(cQuantity,i)
sqlOItem = sqlOItem & ")"
dbc.execute sqlOItem
Next
If dbc.Errors.Count > 0 then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
else
'send mail to merchant, use function mailMerchant
blnMail = mailMerchant("mydomain.com
if blnMail = false then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Could not send mail to merchant.")
end if
end if
End if
else
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Order information could not be sent to database. Please try again later.")
end if
If dbc.Errors.Count > 0 then
dbc.Close
set dbc = nothing
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
Else
dbc.close
set dbc = nothing
'Response.Redirect "thanks.asp"
End If
strTotal = CCur(Request.Form("ssl_amo
intTotal = Replace(strTotal,",",".")
'On error resume next
sqlAdd = "INSERT INTO orders(ocustomerid,odate,o
If Not Request.Form("shipaddress"
sqlAdd = sqlAdd & ",oshipaddress,oshiptown,o
End If
sqlAdd = sqlAdd & ") VALUES("
sqlAdd = sqlAdd & Session("custid") & ",'" & Date() & "'," & intTotal
sqlAdd = sqlAdd & "," & Request.Form("totalWeight"
If Not Request.Form("shipaddress"
sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("s
sqlAdd = sqlAdd & ",'" & TwoSingleQ(Request.Form("s
sqlAdd = sqlAdd & ",'" & Request.Form("shipzip") & " '"
sqlAdd = sqlAdd & ",'" & Request.Form("shipstate") & " '"
sqlAdd = sqlAdd & ",'" & Request.Form("shipcountry"
End If
sqlAdd = sqlAdd & ")"
'response.write sqlAdd
'response.end
call openConn()
dbc.execute sqlAdd, intAffected
if dbc.Errors.count > 0 then
call closeConn()
Response.Redirect "error.asp?msg=" & server.URLEncode("Error occurred sending info to Database. Please contact us.")
elseif intAffected = 1 then
Dim oid, sqlo
sqlo = "SELECT max(orderID) FROM orders"
Set rso = dbc.Execute(sqlo)
oid = Cint(rso(0))
rso.Close
If oid < 1 Then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Error: No order id.")
Else
'insert order items into oitems table
For i = 1 To scartItem
sqlOItem = "INSERT INTO oitems(orderid,catalogid,n
sqlOItem = sqlOItem & oid
sqlOItem = sqlOItem & "," & arrCart(cProductid,i)
sqlOItem = sqlOItem & "," & arrCart(cQuantity,i)
sqlOItem = sqlOItem & ")"
dbc.execute sqlOItem
Next
If dbc.Errors.Count > 0 then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
else
'send mail to merchant, use function mailMerchant
blnMail = mailMerchant(mydomain.com"
if blnMail = false then
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Could not send mail to merchant.")
end if
end if
End if
else
call closeConn()
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Order information could not be sent to database. Please try again later.")
end if
If dbc.Errors.Count > 0 then
dbc.Close
set dbc = nothing
Response.Redirect "error.asp?msg=" & Server.URLEncode ("Not succeeded. Error: ") & dbc.Error.Description
Else
dbc.close
set dbc = nothing
'Response.Redirect "thanks.asp"
End If
function mailMerchant(merchantmail,
'get client info from DB
set cmd = server.CreateObject("ADODB
cmd.ActiveConnection = dbc
cmd.CommandText = "qryOrderInfo"
cmd.CommandType = adCmdStoredProc
set param = cmd.CreateParameter("oid",
cmd.Parameters.Append param
cmd("oid") = orderid
'build message body strBody
set rs = server.CreateObject("ADODB
set rs = cmd.Execute
if not rs.eof then
strBody = "Online order by Millennium Health Products on " & rs("odate") & vbCrLf & vbCrLf
strBody = strBody & "Customer info:" & vbCrLf
strBody = strBody & rs("cfirstname") & vbCrLf
strBody = strBody & rs("clastname") & vbCrLf
strBody = strBody & rs("cemail") & vbCrLf
strBody = strBody & rs("caddress") & " - " & rs("caddress2") & vbCrLf
strBody = strBody & rs("ctown") & vbCrLf
strBody = strBody & rs("czip") & vbCrLf
strBody = strBody & rs("cstate") & vbCrLf
strBody = strBody & rs("ccountry") & vbCrLf
strBody = strBody & rs("cphone") & vbCrLf & vbCrLf
strBody = strBody & "Ordered items:" & vbCrLf
strBody = strBody & "Code" & vbTab & vbTab & "|" &"Item" & vbTab & vbTab & "|" & "No." & vbTab & "|" & "Price" & vbCrLf
strBody = strBody & "-------------------------
dblOrderTotal = 0
while not rs.EOF
strBody = strBody & rs("ccode") & vbTab & "|" & rs("cname") & vbTab & "|"
lineTotal = rs("cprice")*rs("numitems"
strBody = strBody & rs("numitems") & vbTab & "|" & FormatCurrency(lineTotal,2
dblOrderTotal = dblOrderTotal + lineTotal
rs.MoveNext
wend
strBody = strBody & "-------------------------
strBody = strBody & "Total: " & FormatCurrency(dblOrderTot
strBody = strBody & vbCrLf & vbCrLf
rs.Close
set rs = nothing
set cmd = nothing
'*************************
'code for sending email. This will one work on windows 2000 or windows xp.
Dim iMsg
Set iMsg = CreateObject("CDO.Message"
Dim iBp
Dim Flds
Dim iConf
Set iConf = CreateObject("CDO.Configur
Set Flds = iConf.Fields
Flds(cdoSendUsingMethod) = cdoSendUsingPort
Flds(cdoSMTPServer) = "mail.domainName.com"
Flds(cdoSMTPServerPort) = 25
Flds(cdoSMTPAuthenticate) = cdoAnonymous ' 0
Flds.Update
With iMsg
Set .Configuration = iConf
.From = "mydomain.com"
.To = "clientDomain.net"
.Subject = "Order Details"
.TextBody = strBody
.Send
End With
if Err.number > 0 then
mailMerchant = false
else
mailMerchant = true
end if
else
rs.Close
set rs = nothing
set cmd = nothing
mailMerchant = false
end if
'*************************
end function
Response.redirect "https://www.viaKLIX.com/process.asp"
%>