logo
g Text Version
Beauty & Self
Books & Music
Career
Computers
Education
Family
Food & Wine
Health & Fitness
Hobbies & Crafts
Home & Garden
Money
News & Politics
Relationships
Religion & Spirituality
Sports
Travel & Culture
TV & Movies

dailyclick
Bored? Games!
Nutrition
Postcards
Take a Quiz
Rate My Photo

new
European Travel
Action Movies
Bible Basics
Houseplants
Romance Movies
Creativity
Family Travel


dailyclick
All times in EST

Full Schedule
g
g ASP Site

BellaOnline's ASP Editor

g

Mimicing a Form Post with ASP


Sending information in a URL by using & and ? certainly works - but it is not very secure! If you have your ASP code POST instead, you help prevent hackers from affecting your code.

For example, this is very important when creating PayPal buttons. Yes, if you have just one button you can use the PayPal button factory to create a completely secure (coded) button. However, often when you're using ASP it's because you're creating dynamic pages. You can't pre-code all of your buttons ahead of time in the button factory.

The solution is to use a combination of cookies and a form post. First, you need to get all of the necessary information from your order page to your processing page. On the page where the "buy" button is located, store all important information - the price, item code, etc. - into cookies. Have the buy button point to YOUR process.asp page, where you will create the necessary links to go to PayPal. That way your end user can't hit "view source" and see exactly what information you're giving PayPal.

Now, in your process.asp, you're going to have code that looks like this:

DestURL = "http://www.paypal.com/etc."
SendString = "NOTE-PAYPAL-VARS-GO-HERE"

set xmlhttp = CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "POST", url, false
xmlhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xmlhttp.send SendString
Response.write xmlhttp.responseText
set xmlhttp = nothing

The DestURL is set to whatever you normally have your PayPal form submit to. PayPal will tell you that value. The SendString will need to be a string that contains the variables to pass along to PayPal. This will look something like this:

SendString="cmd=_xclick&no_shipping=1&amount=" & Price & _
"&item_number=" & ItemNo & _
"&business=" & PayPalAcct & _

and so on. Everything that you normally would have supplied in your PayPal form, simply include it appropriately in this send string. You get the values for Price, ItemNo etc. from the cookies you set on the previous page.

The beauty of this is that the end user never sees any of those values. That way they can't hack into your system by knowing the return page code, and just going there directly. With everything hidden from view, you help to make your PayPal transaction - or any transaction that uses forms to pass information - more secure.
Add Mimicing+a+Form+Post+with+ASP to Twitter Add Mimicing+a+Form+Post+with+ASP to Facebook Add Mimicing+a+Form+Post+with+ASP to MySpace Add Mimicing+a+Form+Post+with+ASP to Del.icio.us Digg Mimicing+a+Form+Post+with+ASP Add Mimicing+a+Form+Post+with+ASP to Yahoo My Web Add Mimicing+a+Form+Post+with+ASP to Google Bookmarks Add Mimicing+a+Form+Post+with+ASP to Stumbleupon Add Mimicing+a+Form+Post+with+ASP to Reddit




RSS | Related Articles | Editor's Picks Articles | Top Ten Articles | Previous Features | Site Map


For FREE email updates, subscribe to the ASP Newsletter


Past Issues


print
Printer Friendly
bookmark
Bookmark
tell friend
Tell a Friend
forum
Forum
email
Email Editor


Content copyright © 2014 by Lisa Shea. All rights reserved.
This content was written by Lisa Shea. If you wish to use this content in any manner, you need written permission. Contact Lisa Shea for details.

g


g features
Archives | Site Map

forum
Forum
email
Contact

Past Issues
memberscenter


vote
Poetry
Daily
Weekly
Monthly
Less than Monthly



BellaOnline on Facebook
g


| About BellaOnline | Privacy Policy | Advertising | Become an Editor |
Website copyright © 2014 Minerva WebWorks LLC. All rights reserved.


BellaOnline Editor