I'm in a little over my head with this...

[Guest]

I am trying to make a payment gateway. The documents provided by the company give hints as to how this can be achieved. There are several detailed methods using a SOAP client, but I can't use that as my server is oddly not configured for it. There is a partial example for XML and one line referrring to using CGI. The headache with name/value pairs is they offer no transfer back. If the information is sent by normal POST it simply displays the response on screen and stops.

After playing around with it a few days. I found something that works, but it is totally outside their reference and when I contacted "tech support" they all but called me a liar.

My setup is this:

I collect the information through normal means(card number, name, address,etc.).

Using php and the 'curl' functions, I read the response of the POST as a variable named '$result'. Then I redirect to another script with '$result' added as the query. It works because the response is in name/value pair form. Then I compare the variables to check status. I could and did make a script to break it down manually into its component pairs, but the redirect is much quicker. All the information is bounced over https (my server to theirs, back to mine, and then again mine). After the initial call to their server the credit card number is XXX'd out and all other customer information is dropped. To the customer this all happens in less than a second, then they are transferred to confirmed.php for a printable invoice.

My question is...

though it works, is it right? Their tech support was useless. I'm sure there is probably a good reason why it shouldn't be done this way, but I don't know what it is.

Any thoughts on this are greatly appreciated.

[Guest OskMedia]

y have not been to active lately .....but grc USE the cURL functions imbedded in to PHP.

google curl its really useful process of sedning xml and stuff in php

[Guest]

OskMedia Posted on May 9 2005, 01:37 PM

USE the cURL functions imbedded in to PHP

Isn't that what he said?

grcdude2 Posted on May 6 2005, 01:48 AM

Using php and the 'curl' functions,

???

[Guest OskMedia]

lol sorry i didnt read the full thing.....pull the result cURL out with XML for you return entry

no need for the extra steps

[Guest]

grc.. if you need help with this still you can email me.. i will be willing to help you out bud

Tony~!

[Guest]

wow osk is back.

[Guest]

Yeah, I could do some XML, but why?

This goes back to the original question. The way the processing site is set up its response is in name/value pair form. When I use curl and query the site, the response I get is like this:

value1=$value1&value2=$value2&value3=$value3,etc.

XML could read the values, but the values are there already, so I just use them.

And that is what has me stumped. Why bother with all the extra coding of XML or using SOAP interface when the answer is right in front of me? My 10 lines of code get the job done. Their "tech support" is useless. I tried contacting them again and although they "do not recommend" they have no reason for not doing it this way. As I stated to them, there is no more inherent risk in using the curl functions than navigating to the site directly and reading the response with my own eyes. Which, by there example is what you do. My concern was with the security of the response, but I guess that is the processing centers problem. Not that I'm not concerned, it's just not within my control.