> That's where my "gotcha" exists. I have all the form data, I just > want to get the user to the sci_asp side without *another* intervening > step (where basically all they would do is have to hit another > "submit" button)
Hi Mark, If you have all the form data at this point (i.e. all the data entry was done on a previous page) then on the "checkout" page you can just emit three different <form></form> blocks, each of which contains its own copy of all the relevant form data in hidden fields formatted for that particular payment system. The action= for each form is set to the appropriate offsite page for each payment method. If the user is still entering form data on what you would like to be the "final" checkout page, then you will have to post that data to a page on your site along with the user's payment choice to validate the entries. On that page, if the form data is found to have an error then redisplay the form. If the data is OK then emit a form appropriate to the payment system selected and also emit a javascript block containing document.formname.submit() to auto-submit the form. This redirection page will be invisible to clients with javascript, others will have to "Click to continue" so make sure you also draw a button or image for manual continue. You could use a true http redirect instead of the javascript trick but the downside to that is that you must propagate your parameters in a querystring. The querystring length is limited in some browsers so if you had a lot of baggage data or a lengthy suggested memo, etc. you might not fit everything. This method also might tempt clients to tamper with the fields being submitted to e-gold since they are then visible on the URL line. Note that any tampering can be detected by you in the payment notification you receive, but a botched up order by a "curious" customer is still a pain worth avoiding. (Don't skip out on implementing a backchannel notification page and do not fail to authenticate the message using the V2 hash!). Regards, Ben --- You are currently subscribed to e-gold-tech as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED] Safe web surfing tip: Get in the habit of checking the SSL key/padlock icon in your browser and address/location bar *before* submitting sensitive information like your e-gold passphrase.
