Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers

Webmaster Forum / ASP / Database Access / May 2008


Tip: Looking for answers? Try searching our database.

Form posting

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Jezza - 28 Apr 2008 16:01 GMT
Hi
I am new to ASP and would like to know whether this is the right forum
to post to. If not please advise what would the best group to post to.

My problem is a mailing asp file when it loads up in the browser the
page is blank. There are no error messages.

1) I fill in a form with my details - OK

2) This then passes me on to another form to fill in my payment details
on a secure server. - OK

3) This is then supposed to pass the payment details on to an ASP script
but when this ASP script is loaded, the page is blank where I'd be
expecting a thank-you message or an error message saying I'd not
completed the form correctly...any help gratefully received.

Regards
Jeremy

script:

<%
        On Error resume Next
        Dim TBdy
        Dim MyCDO
        CR = Chr(13)
        Set MyCDO = Server.CreateObject("CDONTS.NewMail")
        If IsObject (MyCDO) Then
            MyCDO.From = "Joe Bloggs"
            MyCDO.To = "email@mydomain.co.uk"
            MyCDO.Subject = "***URGENT PAYMENT***"
            TBdy = &" Card Type : " &Request.Form("cardtype")&vbCrLf &vbCrLf &"
Card Number : " &Request.Form("cardnumber")&vbCrLf &vbCrLf &" Card Type
: " &Request.Form("cardtype")&vbCrLf &vbCrLf &" Card Number : "
&Request.Form("cardnumber")&vbCrLf &vbCrLf &" Expiry Date : "
&Request.Form("expirydate")&vbCrLf &vbCrLf &" Security Code : "
&Request.Form("security")&vbCrLf &vbCrLf &" Card Holders Name : "
&Request.Form("cardholdersname")&vbCrLf &vbCrLf &" Billing Address : "
&Request.Form("billingaddress")&vbCrLf &vbCrLf &" Post Code : "
&Request.Form("postcode")&vbCrLf &vbCrLf &" Country : "
&Request.Form("country")&vbCrLf &vbCrLf &" Tel : "
&Request.Form("tel")&vbCrLf &vbCrLf &" Fax : "
&Request.Form("fax")&vbCrLf &vbCrLf
            TBdy = TBdy & "Thank you."
            MyCDO.Body = TBdy
            MyCDO.Importance = 2
            MyCDO.value("Reply-to")=Request.Form("cardtype")
            MyCDO.Send
            Set MyCDO = nothing
        if Mailer.SendMail then
Response.Redirect("http://www.mydomain.co.uk/test/thanks.htm")
else

Response.Write("Please make sure you fill in all the required fields in
the form. Click on the 'Back' button on your browser to try again please")

end if
%>
Reply to this Message
roger - 28 Apr 2008 19:29 GMT
> Hi
> I am new to ASP and would like to know whether this is the right forum
[quoted text clipped - 20 lines]
> <%
> On Error resume Next

If you comment or delete the above line, perhaps you will see what the
problem is.

You are sending credit card details in an email?

Signature

roger

> Dim TBdy
> Dim MyCDO
[quoted text clipped - 31 lines]
> end if
> %>
Reply to this Message
Jezza - 28 Apr 2008 23:35 GMT
>> Hi
>> I am new to ASP and would like to know whether this is the right forum
[quoted text clipped - 25 lines]
>
> You are sending credit card details in an email?

Yes, but this is going through a secure server.....

I am able to see errors now.... getting error:
Error Type:
Sun ONE ASP VBScript runtime (0x800A01A8)
Object required: 'Mailer'
mail1.asp, line 17
=============================

<%
        Dim TBdy
        Dim MyCDO
        CR = Chr(13)
        Set MyCDO = Server.CreateObject("CDONTS.NewMail")
        If IsObject (MyCDO) Then
            MyCDO.From = "webreading@mydomain.co.uk"
            MyCDO.To = "info@mydomain.co.uk"
            MyCDO.Subject = "***URGENT PAYMENT***"
            TBdy = " Card Type : " &Request.Form("cardtype")&vbCrLf &vbCrLf &"
Card Number : " &Request.Form("cardnumber")&vbCrLf &vbCrLf &" Card Type
: " &Request.Form("cardtype")&vbCrLf &vbCrLf &" Card Number : "
&Request.Form("cardnumber")&vbCrLf &vbCrLf &" Expiry Date : "
&Request.Form("expirydate")&vbCrLf &vbCrLf &" Security Code : "
&Request.Form("security")&vbCrLf &vbCrLf &" Card Holders Name : "
&Request.Form("cardholdersname")&vbCrLf &vbCrLf &" Billing Address : "
&Request.Form("billingaddress")&vbCrLf &vbCrLf &" Post Code : "
&Request.Form("postcode")&vbCrLf &vbCrLf &" Country : "
&Request.Form("country")&vbCrLf &vbCrLf &" Tel : "
&Request.Form("tel")&vbCrLf &vbCrLf &" Fax : "
&Request.Form("fax")&vbCrLf &vbCrLf
            TBdy = TBdy & "Thank you."
            MyCDO.Body = TBdy
            MyCDO.Importance = 2
            MyCDO.value("Reply-to")=Request.Form("cardtype")
            MyCDO.Send
            Set MyCDO = nothing
        if Mailer.SendMail then
Response.Redirect("thanks.htm")
else

Response.Write("Please make sure you fill in all the required fields in
the form. Click on the 'Back' button on your browser to try again please")

end if
end if
%>
Reply to this Message
Mike Brind [MVP] - 29 Apr 2008 20:32 GMT
> I am able to see errors now.... getting error:
> Error Type:
[quoted text clipped - 8 lines]
> CR = Chr(13)
> Set MyCDO = Server.CreateObject("CDONTS.NewMail")

CDONTS was deprecated about 8 or 9 years ago.  It's unlikely to be installed
on the server you are using.  Use CDO instead:
Reply to this Message
Mike Brind [MVP] - 29 Apr 2008 20:33 GMT
> Set MyCDO = Server.CreateObject("CDONTS.NewMail")

...and the rest of my reply....

http://classicasp.aspfaq.com/email/how-do-i-send-e-mail-with-cdo.html

--
Mike Brind
Microsoft MVP ASP/ASP.NET
Reply to this Message
Jezza - 29 Apr 2008 22:23 GMT
Mike

Thanks for your reply! Most helpful, however the hosting company does
not support CDO and has requested I use CDONTS.

Regards

Jeremy

>> Set MyCDO = Server.CreateObject("CDONTS.NewMail")
>
[quoted text clipped - 5 lines]
> Mike Brind
> Microsoft MVP ASP/ASP.NET
Reply to this Message
Mike Brind [MVP] - 30 Apr 2008 07:29 GMT
>>> Set MyCDO = Server.CreateObject("CDONTS.NewMail")
>>
[quoted text clipped - 9 lines]
> Thanks for your reply! Most helpful, however the hosting company does not
> support CDO and has requested I use CDONTS.

Then you need to find another host.  CDO replaced CDONTS from Win2k onwards.
So they must be running NT4 or something.

OTOH, are you sure you/they have got it the right way round?  Your error
message suggests the reverse of what you believe they told you.  Try the CDO
code to see if it works.

--
Mike Brind
Microsoft MVP - ASP/ASP.NET
Reply to this Message
Daniel Crichton - 30 Apr 2008 12:46 GMT
Jezza wrote  on Mon, 28 Apr 2008 23:35:29 +0100:

>>> Hi
>>> I am new to ASP and would like to know whether this is the right
>>> forum to post to. If not please advise what would the best group to
>>> post to.

>>> My problem is a mailing asp file when it loads up in the browser the
>>> page is blank. There are no error messages.

>>> 1) I fill in a form with my details - OK

>>> 2) This then passes me on to another form to fill in my payment
>>> details on a secure server. - OK

>>> 3) This is then supposed to pass the payment details on to an ASP
>>> script but when this ASP script is loaded, the page is blank where
>>> I'd be expecting a thank-you message or an error message saying I'd
>>> not completed the form correctly...any help gratefully received.

>>> Regards
>>> Jeremy

>>> script:

>>> <%
>>> On Error resume Next

>> If you comment or delete the above line, perhaps you will see what
>> the problem is.

>> You are sending credit card details in an email?

> Yes, but this is going through a secure server.....

Ye gads! I hope you encrypt the email first.

> I am able to see errors now.... getting error:
> Error Type:
> Sun ONE ASP VBScript runtime (0x800A01A8)
> Object required: 'Mailer'
> mail1.asp, line 17 =============================

Ok, so line 17 is the problem

I see you don't encrypt the card details - can you send the URL of this site
so I can make sure to add it to my list of blocked sites.

> MyCDO.Send
> Set MyCDO = nothing
> if Mailer.SendMail then
> Response.Redirect("thanks.htm") else

What is Mailer? You don't have a Mailer object in your code. What you'd
probably need to change this to is

MyCDO.Send
Set MyCDO = nothing
if Err.Number = 0 then
Response.Redirect("thanks.htm") else

At a guess, Sun ONE doesn't support CDO, only CDONTS. And I guess if there's
an error in the ASP at runtime with Sun ONE, it just gives up at that point
but hides the error, otherwise you should have seen the "Please make sure
you fill in all the required fields in the form. Click on the 'Back' button
on your browser to try again please" message instead of just a blank page -
unless your HTML is badly formatted.

Signature

Dan

Reply to this Message
Captain Paralytic - 06 May 2008 14:30 GMT
> >> Hi
> >> I am new to ASP and would like to know whether this is the right forum
[quoted text clipped - 27 lines]
>
> Yes, but this is going through a secure server.....

But none of the places the email will travel through will be!
Reply to this Message
Jezza - 09 May 2008 10:20 GMT
>>>> Hi
>>>> I am new to ASP and would like to know whether this is the right forum
[quoted text clipped - 19 lines]
>
> But none of the places the email will travel through will be!

Surely if the details are "emailed" via a secure server to Paypal via
their payments system (and nowhere else) then this data is safe? Or am I
just kidding myself?

Thanks for your reply!

Regards
Jeremy
Reply to this Message
Daniel Crichton - 09 May 2008 14:42 GMT
Jezza wrote  on Fri, 09 May 2008 10:20:45 +0100:

>>>>> Hi
>>>>> I am new to ASP and would like to know whether this is the right
[quoted text clipped - 18 lines]
>>>> You are sending credit card details in an email?
>>> Yes, but this is going through a secure server.....

>> But none of the places the email will travel through will be!

> Surely if the details are "emailed" via a secure server to Paypal via
> their payments system (and nowhere else) then this data is safe? Or am
> I  just kidding myself?

> Thanks for your reply!

> Regards
> Jeremy

Why are you emailing to Paypal? Why aren't you using their API? For that
matter, why are you even taking card details if you're accepting Paypal
payments, why not just let Paypal do all the work?

By creating an email you are opening up the details to a potential risk. By
taking card details you need to be following the PCI DSS which requires you
to ensure card details are secured, and by creating plain text emails you
are breaking that requirement. It doesn't matter if you think it's secure
because it's going from one server to another, any system along the route
between the sending and receiving SMTP servers (and more if it gets routed
to a backup mail server elsewhere) has the potential to get at that data.

Signature

Dan

Reply to this Message
Jezza - 20 May 2008 23:03 GMT
> Jezza wrote  on Fri, 09 May 2008 10:20:45 +0100:
>
[quoted text clipped - 46 lines]
> between the sending and receiving SMTP servers (and more if it gets routed
> to a backup mail server elsewhere) has the potential to get at that data.

Hi....thanks for your input..appreciated!!!!!... this is a site that I'd
taken over from another company and was hoping to fix the current submit
form. I have taken on board what you have said & will be using the
Paypal API instead as it is safer and less hassle to get working
correctly.....thanks a lot

Rgds
Jeremy
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.