How to Post Shopping Cart Data to PayPal from VB.NET

I have a VB.NET application that allows users to add items to a data table shopping cart within the program. When they are reday to checkout, I take them to PayPal to perform the actual payment procedure.

The method I have is VERY crude and primitive. I tried several others ways, including UploadData and such, with no luck. I was never able to open/access the cart with the POSTED contents in the web browser.

I am trying to make certain the user never sees the entire cart item URL string so they cannot be tempted to change the price before paying.

Below is my current "cheat" code. Lets see who can come up with the cleanest "true" solution. I would prefer a true POST in a fashion I can use the "hidden" directives used by PayPal. I have searched the web high and low without finding a good solid free solution.


        Dim httpString As String
        For Each oCartItem As DataRow In dtShoppingCart.Rows
            httpString = "&item_number=" & URLEncode(oCartItem(0)) & _
                         "&item_name=" & URLEncode(oCartItem(1)) & _
                         "&amount=" & oCartItem(2) & _
                         "&quantity=" & oCartItem(3) & _
                         "&shipping=5.00" & _
                         "&shipping2=5.00" & _
                         "&on0=" & URLEncode("Added Info") & _
                         "&os0=" & URLEncode(oCartItem(4))
            System.Diagnostics.Process.Start("https://www.paypal.com/cgi-bin/webscr?cmd=_cart&business=test@company.com&add=1&invoice=VBAPP&undefined_quantity=1¤cy_code=USD" & httpString)
        Next

        System.Diagnostics.Process.Start("https://www.paypal.com/cgi-bin/webscr?cmd=_cart&business=test@company.com&display=1")


The URLEncode function simply reformats the data to an acceptable URL format. In a true POST method, this should no longer be needed.

The dtShoppingCart data table is defined as follows:
            dtShoppingCart = New DataTable("ShoppingCart")
            dtShoppingCart.Columns.Add("Item Number", GetType(String))     ' 0
            dtShoppingCart.Columns.Add("Item Name", GetType(String))       ' 1
            dtShoppingCart.Columns.Add("Price Each", GetType(String))      ' 2
            dtShoppingCart.Columns.Add("Quantity", GetType(Integer))       ' 3
            dtShoppingCart.Columns.Add("Added Info", GetType(String))    ' 4
            dtShoppingCart.PrimaryKey = New DataColumn() {dtShoppingCart.Columns("Item Number")}

Thanks,
maknight
maknightAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LacutahCommented:
I think you're problem lays in part in using: System.Diagnostics.Process.Start, where you have no other alternative other than using URL string data.  By using System.Diagnostics.Process.Start, Windows decides what browser to open (be it Internet Explorer, Firefox, Netscape, etc.), and you would have no way to "hide" the data.

Does paypal offer a webservice interface to create a session ahead of time and upload the contents of the cart, then redirect the user to paypal using a unique ID?
0
prakash_prkCommented:
Try this ...
Use the HTTPWeb Request and response to post and get the data
----------------------------------------------------------------------------
        Dim objHTTPRequest As Net.HttpWebRequest
        Dim objRequestStream As IO.Stream
        Dim objHttpResponse As Net.HttpWebResponse
        objHTTPRequest = Net.HttpWebRequest.Create("https://www.paypal.com/cgi-bin/webscr")
       
        Dim httpString As String
        For Each oCartItem As DataRow In dtShoppingCart.Rows
            httpString = "cmd=_cart&business=test@company.com&display=1" & _
                        "&item_number=" & URLEncode(oCartItem(0)) & _
                         "&item_name=" & URLEncode(oCartItem(1)) & _
                         "&amount=" & oCartItem(2) & _
                         "&quantity=" & oCartItem(3) & _
                         "&shipping=5.00" & _
                         "&shipping2=5.00" & _
                         "&on0=" & URLEncode("Added Info") & _
                         "&os0=" & URLEncode(oCartItem(4))
        Next
        Dim ContentData As Byte() = System.Text.Encoding.UTF8.GetBytes(httpString)


        objRequestStream = objHTTPRequest.GetRequestStream()
        objHTTPRequest.Method = "POST"
        objHTTPRequest.ContentType = "application/x-www-form-urlencoded"
        objHTTPRequest.ContentLength = ContentData.Length
        objRequestStream.Write(ContentData, 0, ContentData.Length)
        objRequestStream.Close()
        objHttpResponse = objHTTPRequest.GetResponse()
        Dim objReader As System.IO.StreamReader = New IO.StreamReader(objHttpResponse.GetResponseStream())
        MsgBox(objReader.ReadToEnd())
--------------------------------------------------------------------------------------------------------------

Regards
PRakash
0
prakash_prkCommented:
See this article also..
http://www.netomatix.com/HttpPostData.aspx
regards
prakash
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

maknightAuthor Commented:
Thanks for the quick responses.

I found that it must be done in this order or an exception is generated.
        objHTTPRequest.Method = "POST"
        objHTTPRequest.ContentType = "application/x-www-form-urlencoded"
        objHTTPRequest.ContentLength = ContentData.Length
        objRequestStream = objHTTPRequest.GetRequestStream()
        objRequestStream.Write(ContentData, 0, ContentData.Length)
        objHttpResponse = objHTTPRequest.GetResponse()
        Dim objReader As System.IO.StreamReader = New IO.StreamReader(objHttpResponse.GetResponseStream())
         objRequestStream.Close()

This is basically what I had tried with UploadData (although this is a bit cleaner than what I had), but it is not persistent. I cannot do anything with the cart after the post because it doesn't exist any longer after the response data is returned. If I try to do anything with the returned cart, PayPal just returns that the cart is empty. The returned (response) data shows a properly filled cart, however.

For example, if you create a PayPal cart with the full URL, or through a normal HTML request, you can close your browser, and use "https://www.paypal.com/cgi-bin/webscr?cmd=_cart&business=test@company.com&display=1" to redisplay it until the cart expires after a few days.

How do I maintain persistence? I tried making the stream variable global and keeping it open while I tested it.

maknight
0
prakash_prkCommented:
U couldn't maintian the session state with your application and an external Internet Explorer Application.
Instead of using extrenel browser applicaiton u can try the web browser control in your form.

after u complete the process then navigate the web browser in your form to the paypal site..

Add a web browser control to your Form
then try this...

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  Dim httpString As String
        For Each oCartItem As DataRow In dtShoppingCart.Rows
            httpString = "cmd=_cart&business=test@company.com&display=1" & _
                        "&item_number=" & URLEncode(oCartItem(0)) & _
                         "&item_name=" & URLEncode(oCartItem(1)) & _
                         "&amount=" & oCartItem(2) & _
                         "&quantity=" & oCartItem(3) & _
                         "&shipping=5.00" & _
                         "&shipping2=5.00" & _
                         "&on0=" & URLEncode("Added Info") & _
                         "&os0=" & URLEncode(oCartItem(4))
        Next
       
        Dim DataToPOST As Byte()
        Dim objMissingValue As Object = System.Reflection.Missing.Value

        DataToPOST = System.Text.Encoding.UTF8.GetBytes(httpString)

        Me.AxWebBrowser1.Navigate2("https://www.paypal.com/cgi-bin/webscr", objMissingValue, objMissingValue, DataToPOST, objMissingValue)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
regards
prakash
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
maknightAuthor Commented:
That's what I was trying to figure out! I don't know why that was eluding me so. It was a VERY clean solution. Thank you.

I do have a couple more questions, but they really require a seperate question, I feel, and I may be able to muddle my way through them myself having this much.

Regards,
maknight
0
prakash_prkCommented:
Thank u maknight..

Regards
prakash
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
E-Commerce

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.