correct use of cfhttp

ColdFusion 9
Reading materials reviewed:

Problem in brief: I'm trying to use CFHTTP to display a payment page on

<cfhttp method="Post" url="">

But it doesn't work; the form processes correctly, but returns to the same form page instead of the page.

The CHTTP tag "Generates an HTTP request and handles the response from the server." But I think I am not using the tag correctly, or am not putting the tag in the correct place in my form. Or I have mishandled things entirely.

How can I get an payment page to display using the CFHTTP code, above?

Thank you for any advice. The relevant code is below. =)


Name:        RegisterConference.cfm
Author:      EB / _agx_
Description: 1) process information for conference registrants; 2) populate payment page with data entered in the registration form
Created:     July 2014
Revised: August 2014
ColdFusion Version 9
MS SQL Server 2012

<!--- stuff--->

<cfset paymentConfirmed="">

<cfhttp method="Post" url="">

	<!--- the API Login ID and Transaction Key must be done with valid values --->
	<cfhttpparam type="Formfield" name="x_login" value="xxxxxxxx">
	<cfhttpparam type="Formfield" name="x_tran_key" value="yyyyyyy">
    <cfparam name="form.cardNumber" default="">
    <cfparam name="form.cardDate" default="">
    <cfparam name="form.cardCCV" default="">
    <cfparam name="form.totalBilled" default="">
    <cfparam name="form.salesDescription" default="">
    <cfparam name="form.x_cust_id" default="">
    <cfparam name="form.invoiceNumber" default="">
    <cfparam name="form.x_company" default="">
    <cfparam name="form.x_first_name" default="">
    <cfparam name="form.x_last_name" default="">
    <cfparam name="form.cardAddress" default="">
    <cfparam name="form.cardCity" default="">
    <cfparam name="form.cardState" default="">
    <cfparam name="form.cardZip" default="">
    <cfparam name="form.cardCountry" default="">
    <cfparam name="form.emailAddress" default="">
    <cfparam name="" default="">
    <cfparam name="form.qbLineItem" default="">
	<cfhttpparam type="Formfield" name="x_delim_data" value="TRUE">
	<cfhttpparam type="Formfield" name="x_delim_char" value="|">
	<cfhttpparam type="Formfield" name="x_relay_response" value="FALSE">
	<cfhttpparam type="Formfield" name="x_duplicate_window" value="30">
	<cfhttpparam type="Formfield" name="x_type" value="AUTH_CAPTURE">
	<cfhttpparam type="Formfield" name="x_method" value="CC">
	<cfhttpparam type="Formfield" name="x_card_num" value=#cardNumber#>
	<cfhttpparam type="Formfield" name="x_exp_date" value=#cardDate#>
	<cfhttpparam type="Formfield" name="x_card_code" value=#cardCCV#>

	<cfhttpparam type="Formfield" name="x_amount" value=#totalBilled#>
	<cfhttpparam type="Formfield" name="x_description" value=#salesDescription#>
	<cfhttpparam type="Formfield" name="x_cust_id" value=#x_cust_id#>
	<cfhttpparam type="Formfield" name="x_invoice_num" value=#invoiceNumber#>
	<cfhttpparam type="Formfield" name="x_company" value=#x_company#>
	<cfhttpparam type="Formfield" name="x_first_name" value=#x_first_name#>
	<cfhttpparam type="Formfield" name="x_last_name" value=#x_last_name#>
	<cfhttpparam type="Formfield" name="x_address" value=#cardAddress#>
	<cfhttpparam type="Formfield" name="x_city" value=#cardCity#>
	<cfhttpparam type="Formfield" name="x_state" value=#cardState#>
	<cfhttpparam type="Formfield" name="x_zip" value=#cardZip#>
	<cfhttpparam type="Formfield" name="x_country" value=#cardCountry#>
	<cfhttpparam type="Formfield" name="x_email" value=#emailAddress#>
	<cfhttpparam type="Formfield" name="x_phone" value=#phone#>
	<cfhttpparam type="Formfield" name="x_line_item" value=#qbLineItem#>

deprecated code from; this is omitted

<cfset post_response=(cfhttp.filecontent, "||", "|null|", "all")>
<cfset post_response=(post_response, "||", "|null|", "all")>
<cfset response_array=ListToArray(post_response, "|")>


<!--- new code via _agx_ --->
<cfset response_array=ListToArray(cfhttp.filecontent, "|", true)>

<cfparam name=response_array[1] default="">
<cfparam name=response_array[3] default="">

<cfset errorNetCardNumber="">
<cfset errorNetCardCCV="">
<cfset errorNetExpiration="">
<cfset errorNetCardAddress="">

<cfif response_array[1] is "1">
	<cfset errorpayment="0">
	<cfset paymentConfirmed="paymentConfirmed">
	<cfset errorPaymentMessage="">
	<cfset errorpayment="1">
	<cfset paymentConfirmed="declined">
	<cfset errorPaymentMessage="<h3>Your Credit Card has been declined. Please check your information and correct any errors.</h3>">
	<!--create card error messages-->
	<cfif response_array[3] is "6" or response_array[3] is "37">
		<cfset errorNetCardNumber="<h3>Your credit card number is invalid.</h3>">
	<cfif response_array[3] is "7" or response_array[3] is "8">
		<cfset errorNetCardNumber="<h3>Please check your card number, expiration, CCV, and address.</h3>">
	<cfif response_array[3] is "11" >
		<cfset errorPaymentMessage="<h3>This submission of your Credit Card has been declined because it is a duplicate entry. Please wait a few moments before resubmitting it.</h3>">
	<cfif  response_array[3] is "45" or response_array[3] is "65" >
		<cfset errorNetCardNumber="<h3>Please check your card number, expiration, CCV, and address, one at least does not match.</h3>">
		<cfset errorNetCardNumber="<h3>Please check your card number, expiration, CCV, and address, they don't match what is on file.</h3>">
	<cfif response_array[3] is "27">
		<cfset errorNetCardNumber="<h3>There is an error in your card information. Please check your card number, expiration, CCV, or address.</h3>">

<!--- / stuff --->

<!--- now, set up the conference registration form --->

<!--- set a default value "" for RegisterID in scope URL --->
<cfparam name="url.RegisterID" default="">

<!--- define the RegisterID in scope FORM, then set form.RegisterID equal to the RegisterID passed in the URL --->
<cfparam name="form.RegisterID" default="#url.RegisterID#">

<!--- set default values for other user-editable fields --->
<cfparam name="form.Title" default="">
<cfparam name="form.FirstName" default="">
<cfparam name="form.MiddleInitial" default="">
<cfparam name="form.LastName" default="">
<cfparam name="form.Credentials" default="">
<cfparam name="form.Organization" default="">
<cfparam name="form.Address" default="">
<cfparam name="form.City" default="">
<cfparam name="form.State" default="">
<cfparam name="form.ZIP" default="">
<cfparam name="form.Country" default="">
<cfparam name="form.TelephoneHome" default="">
<cfparam name="form.TelephoneWork" default="">
<cfparam name="form.TelephoneMobile" default="">
<cfparam name="form.FAX" default="">
<cfparam name="form.UserEmail" default="">
<cfparam name="form.AltUserEmail" default="">
<cfparam name="form.SpecialRequirements" default="">
<cfparam name="form.DateCreated" default="">
<cfparam name="form.DateModified" default="">

     <!--- set default values for radio buttons --->
     <cfparam name="form.ConferenceFeeType" default="">
<!--- in user-editable fields, set up protection against XSS  --->
    <cfloop collection="#FORM#" item="field">
      <cfset FORM[ field ] = ReReplaceNoCase (FORM[ field ], "<script.*?>.*?</script>", "", "all")>

<!---- begin CFTRY; catch errors ---->
<!---- populate cftry with error message ---->
<cfset variables.error = ""> 
<!--- BEGIN: Save action --->

<!--- begin form.doSave --->

<cfif IsDefined("FORM.doSave")>

 <!--- in this query select NOTHING from table #request.RegisterTable#, and simply check if UserEmail exists --->
 <cfquery datasource="#APPLICATION.dataSource#" name="CheckUserEmail">
  SELECT 'Nothing' FROM #request.RegisterTable#
  WHERE UserEmail = <CFQUERYPARAM CFSQLTYPE="cf_sql_varchar" VALUE="#form.UserEmail#">
  AND  RegisterID <> <cfqueryparam cfsqltype="cf_sql_integer" value="#val(form.RegisterID)#">


   <!--- if UserEmail exists, display error; refuse record insert --->
	<cfif CheckUserEmail.recordcount GT 0>
		   <cfthrow message="That email address is already in use. Did you already register for the NNVAWI conference? Please contact NNVAWI at">


<!--- query to insert new record into registration table --->
			<cfquery name="InsertPage" datasource="#application.datasource#" result="newRegistrant">
				 INSERT INTO #REQUEST.RegisterTable#
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.Title,50))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.FirstName,255))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.MiddleInitial,5))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.LastName,255))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.Credentials,255))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.Organization,255))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.Address,255))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.City,255))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.State,255))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.ZIP,255))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.Country,255))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.TelephoneHome,25))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.TelephoneWork,25))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.TelephoneMobile,25))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.FAX,25))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.UserEmail,128))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.AltUserEmail,128))#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Trim(Left(form.SpecialRequirements,255))#">,
<cfqueryparam cfsqltype="cf_sql_integer" value="#val(form.ConferenceFeeTypeID)#">,
<cfqueryparam cfsqltype="cf_sql_timestamp" value="#now()#">

to="(valid email address)"
      subject="New #REQUEST.companyName# conference registration ready for your review as of #DateFormat(Now())#, #TimeFormat(Now())#"
      SpoolEnable="Yes">Greetings, #REQUEST.companyName#. There is a new #REQUEST.companyName# conference registration ready for your review. Please check the #REQUEST.companyName# registration control panel.</cfmail>

<!--- use the result attribute value (newRegistrant) to set form field value --->
      <cfset form.RegisterID = newRegistrant.IDENTITYCOL>
<!--- END queries to update or insert database records ---> 

<!--- END: Save action --->

<!--- END form.doSave --->
<!--- END queries to update or insert database records ---> 
<!--- this CFCATCH will trap errors -- the ones you threw or just regular database issues --->
            <cfcatch type="Any">
                 <cfset variables.error = cfcatch.message>

<!--- END CFTRY --->  
<cfinclude template="/SiteHeader.cfm">

<!--- if there an error, display error in readable form --->

<cfif len(variables.error)> 
	    <div class="errorbox">#variables.error#</div>
   <br />

             <div class="center">
               <input type="button" value="Go Back" onclick="history.go(-1)" />

<!--- form begins here --->
<form method="post" enctype="multipart/form-data" name="ebwebworkForm" class="ebwebworkForm">
 <!--- Embed RegisterID (PK) to assign a value to it --->
<input type="hidden" name="RegisterID" value="#form.RegisterID#" />

<legend><h2>Converence Registration</h2></legend>

<p><span class="red"><i class="icon-asterisk"></i></span> <em>indicates a required field.</em></p>

  <label for="Title"><h3>Title (Ms., Mr., Dr. etc.):</h3></label>

<input type="text" name="Title" placeholder="Title" value="" maxlength="255" tabindex="1" size="70" autofocus="true" />
  <label for="FirstName"><h3>First Name:</h3></label>

<input type="text" name="FirstName" placeholder="First Name" value="" maxlength="255" tabindex="2" size="70" required="yes" />
        <span class="form_hint">Enter First Name</span> 

  <label for="MiddleInitial"><h3>Middle Initial:</h3></label>

<input type="text" name="MiddleInitial" placeholder="MI" value="" maxlength="5" tabindex="3" size="1" />

  <label for="LastName"><h3>Last Name:</h3></label>

<input type="text" name="LastName" placeholder="Last Name" value="" maxlength="255" tabindex="4" size="70" required="yes" />
        <span class="form_hint">Enter Last Name</span> 

  ..... more form fields ......


<h2>Payment Options</h2>

<cfquery name="getConferenceTypes" datasource="#application.datasource#"> 
    SELECT ConferenceFeeTypeID, ConferenceFeeTitle, Fee
    FROM #REQUEST.conferenceFeeTable#

<table width="40%" summary="Conference Fee Schedule for NNVAWI Conference, April 9 - 11, 2015">
    <h3>Conference Fees</h3>

<cfloop query="getConferenceTypes">
	<td><input type="radio" name="ConferenceFeeTypeID" value="#getConferenceTypes.ConferenceFeeTypeID#" class="border0"></td>

<div class="submitButton">
   <button name="doSave" type="submit" class="green" tabindex="19">Register for #REQUEST.companyName# Conference</button>


        <cfinclude template="/SiteFooter.cfm">

Open in new window

Eric BourlandAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cfhttp will do either a get or a post, with you are doing a post and returning the values to your form so you can validate if your post was successful or not.

What it seems you are saying you want to do, is to display something on's site ?

The CFHTTP will return you to your own form, since the transaction is happening under the hood at your site, making calls to authorize.

If you want to display specific info, simply edit your form to either redirect to another page based on response, or output specific content based on response.

I am sure there are a lot of examples of how to customize the look of your response from

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Eric BourlandAuthor Commented:
becraig, thanks very much for your helpful reply. Yeah, I was thinking that. =)

>>>What it seems you are saying you want to do, is to display something on's site ?
Exactly. I'd like to display an payment page, already populated with the user's name and address and the correct amount for the conference fee.

Here is where I am not sure how to proceed:

>>>>If you want to display specific info, simply edit your form to either redirect to another page based on response, or output specific content based on response.

So, it sounds like I should simply use the cflocation tag?

<cflocation url="">

But I don't know if that would work, because the values that the user entered in the form would not appear on the page.

Am I thinking about this in the right way?

Thank you again for your time and help.

best from Eric
Ok so the idea of their plug, is so that you can create your own page and have the user populate the values and you post to them beneath the hood.

So there would  be no real need to go to their page, since once the user fills the values in on your form you will capture them and pass them on to authorize.

So cfhttp will call authorize with values you will present to the endpoint via
<cfhttp method="Post" url="">

The transaction will then happen on their server and they will pass the response values back to you, at which point you can use those values to represent the information you need to the customer.

So the form will always be your form, you just present information to the customer based on response sends you.
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

I'm not that familiar w/their API's but did you take a look at the overviews? They give a pretty good explanation of who handles which piece - by API
.... etc...
Eric BourlandAuthor Commented:

>>>So there would  be no real need to go to their page, since once the user fills the values in on your form you will capture them and pass them on to authorize.

I understand. But I think I do need to display an page -- so that people can enter credit card information. I don't want to store credit card information on my own server. =) I don't want to mess with PCI compliance.

I think I want to remove all of the credit card processing code from my form, and, after the form is submitted, send the user to an page where the user can enter credit card information. Mainly, I just need the page to display the correct amount of the conference fee -- 300.00, 200.00, and so on -- whatever amount the user selected in the form.

Am I thinking about this in the right way?

_agx_: yep, I've been perusing the site. I think the API that I want is Server Integration Method: 

Some specific questions that I have:

1. Is <cfhttp method="Post" url=""> in the correct place in my form?

2. Can I just take out all of the credit card variables from my form:

    <cfparam name="form.cardNumber" default="">
    <cfparam name="form.cardDate" default="">
    <cfparam name="form.cardCCV" default="">

Basically I want the user to fill out the conference registration form, choose a conference fee, submit the form, and see an payment form that is pre-filled with the correct amount of the conference fee.

Is that possible? Or is there a better way to do this?

Thanks again for your time and help.

For PCI compliance you simply need to ENSURE two things.

1. you do not keep a record or copy of anything entered in the form
2. Then ENTIRE process is covered by SSL

The initial entry on your page will not pose any compliance issues - (Simply ensure you have this is an SSL transaction)

Your form will just take the info from the user and pass the values as params in the cfhttp call, nothing will stay on your server. The transaction is happening in the browser at the client end and you are simply taking user encrypted data and passing via ssl encryption to

There are no PCI compliance issues here, unless your site will not be forcing this form to be present only as an https call.
Eric BourlandAuthor Commented:
bcraig -- that makes sense. But there is no https. That's why I want no credit card information here at all. I would like all credit card information to get processed by I think I need to take out all of the credit card variables from my form.

Is this possible? I mean, can I do this:

1) User fills out form, selects conference fee (eg., Members Fee, 300.00), but does not enter CC info
2) User submits form -- and then she sees an payment page -- which is pre-populated with the correct fee amount based on the conference fee that she selected
3) And then she just fills out the form, including CC information

Is that possible?

Thanks again. =)

You need to take a look at this:
Eric BourlandAuthor Commented:
becraig -- yep -- that's what I have been looking at. =) I've been studying that for a while. I'm also looking at the sample code for SIM.

I'll keep working on this and let you know how I fare. I'll try to post a result here this evening.

Thank you again for your time and patient help.

np I hope all works out well for you.
(no points... becraig already answered your question)

Eric - Sorry to drop out. Putting out fires.  Anyway, I see you guys figured it out from the overviews. ie You need to use a different API :)
Eric BourlandAuthor Commented:
>>>Putting out fires.

It's been that kind of day.

I am making progress with the SIM API. =)

Thanks, _agx_. Hope you are well. E
Haha, so it's not just me ? ;-)  

I'm good thanks, and hope you are too ... and having fun with the SIM API!
Eric BourlandAuthor Commented:
Hmm. I think I got it working. I adapted the SIM sample code, which is in better shape and is more concise than the AIM sample code. After some trial and error, and locating the correct API Login ID and Transaction Key, I am able to fill out a form, submit it, and view the payment page -- where the user can fill in her payment details.

It took me a little while to figure out which API to use, and which sample code. =)

<cfsetting enablecfoutputonly="true">
This sample code is designed to connect to using the SIM method.
For API documentation or additional sample code, please visit:

Most of this page below (and including) this comment can be modified using any
standard html. The parts of the page that cannot be modified are noted in the
comments.  This file can be renamed as long as the file extension remains .cfm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
<HTML lang='en'>
	<TITLE> Sample SIM Implementation </TITLE>

<!-- This section generates the "Submit Payment" button using Coldfusion     -->
<!--- the parameters for the payment can be configured here --->
<!--- the API Login ID and Transaction Key must be replaced with valid values --->
<cfset loginID="xxxxxxx">
<cfset transactionKey="yyyyyy">
<cfset amount="19.99">
<cfset description="Sample Transaction">
<cfset label="Submit Payment"> <!--- This is the label on the 'submit' button --->
<cfset testMode="false">

<cfset posturl="">

<!--- If an amount or description were posted to this page, the defaults are overidden --->
<cfif IsDefined("FORM.amount")>
  <cfset amount=FORM.amount>
<cfif IsDefined("FORM.description")>
  <cfset description=FORM.description>
<!--- also check to see if the amount or description were sent using the GET method --->
<cfif IsDefined("URL.amount")>
  <cfset amount=URL.amount>
<cfif IsDefined("URL.description")>
  <cfset description=URL.description>

<!--- an invoice is generated using the date and time --->
<cfset invoice=DateFormat(Now(),"yyyymmdd") & TimeFormat(Now(),"HHmmss")>

<!--- a sequence number is randomly generated --->
<cfset sequence=RandRange(1, 1000)>

<!--- a timestamp is generated --->
<cfset timestamp=DateDiff("s", "January 1 1970 00:00", DateConvert('local2UTC', Now())) >

<!--- The following lines generate the SIM fingerprint --->
<cf_hmac data="#loginID#^#sequence#^#timestamp#^#amount#^" key="#transactionKey#">
<cfset fingerprint=#digest#>


<!--- Print the Amount and Description to the screen.--->
Amount: #amount# <br />
Description: #description# <br />

<!--- Create the HTML form containing necessary SIM post values --->
<FORM method='post' action='#posturl#' >
<!--- Additional fields can be added here as outlined in the SIM integration
guide at --->
<INPUT type='hidden' name='x_login' value='#loginID#' />
	<INPUT type='hidden' name='x_amount' value='#amount#' />
	<INPUT type='hidden' name='x_description' value='#description#' />
	<INPUT type='hidden' name='x_invoice_num' value='#invoice#' />
	<INPUT type='hidden' name='x_fp_sequence' value='#sequence#' />
	<INPUT type='hidden' name='x_fp_timestamp' value='#timeStamp#' />
	<INPUT type='hidden' name='x_fp_hash' value='#fingerprint#' />
	<INPUT type='hidden' name='x_test_request' value='#testMode#' />
	<INPUT type='hidden' name='x_show_form' value='PAYMENT_FORM' />
	<input type='submit' value='#label#' />
<!-- This is the end of the code generating the "submit payment" button.    -->

<!-- The last line is a necessary part of the coldfusion script -->

Open in new window

Eric BourlandAuthor Commented:
Thanks very much -- bcraig and _agx_.

Have a great evening. =)

best from Eric
Good stuff Eric, enjoy your evening.
Success, great to hear it Eric!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ColdFusion Language

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.