Chris,
Thanks for your generosity. I'll give your suggestions a whirl.
Bob
On 11/9/06, Christopher Schultz <[EMAIL PROTECTED]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert,
Robert Harrison wrote:
> Here is a truncated version of makeparms.
>
> String separator = new String("&");
> StringBuffer parms = new StringBuffer();
> String desc = props.getString("credit.card.description");
> String cost = props.getString("credit.card.amount");
>
> parms.append("vendor_id=" + vendor_id + separator);
> parms.append("ret_addr=" + ret_addr + separator);
> parms.append("first_name=" + firstName + separator);
> parms.append("ret_mode=post" + separator);
> parms.append("post_back_on_error=1" + separator);
> parms.append("lookup=xid"); // Last item
Just a quick note on style, etc.: if you are going to use the + operator
to concatenate Strings, why are you using a StringBuffer? Since you've
already got the SB, go ahead and use it. Also, there's no need for
'separator' to create a 'new String' out of an existing string.
It does not appear that you use the locals 'desc' and 'cost', although
you might use them later, as you mentioned that this is a truncated
version of the method.
Several things stick out as potential sticking points in this code, as
well as the cost you posted before (that uses this code):
1. You are not encoding any of your data. You should be using
URLEncoder.encode(string, charset) on all unknown data to
protect against things like spaces and other illegal
url-encoded characters (particularly the ret_addr).
2. You are not using a well-known Content-Type when sending your
request. You should either explicitly use something like UTF-8
or ISO-8859-1 (the default).
3. You are not passing the Content-Length header to the server.
HTTP/1.1 does not mandate this field, but it's good form to include
it.
May I suggest the following changes:
// In your makeparms method:
String charset = "UTF-8";
char separator = '&';
StringBuffer parms = new StringBuffer();
parms.append("vendor_id=")
.append(URLEncode.encode(vendor_id, charset))
.append(separator);
parms.append("ret_addr=")
.append(URLEncode.encode(ret_addr, charset))
.append(separator);
.
.
.
// In your code that calls makeparm:
StringBuffer parms = makeParms(userVO, creditCardForm, props);
byte[] contentBytes = parms.toString().getBytes("UTF-8");
URL url = new URL(props.getString("credit.card.vendor.url"));
URLConnection c = url.openConnection();
if(!(c instanceof HttpURLConnection))
throw new RuntimeException("Expected HttpURLConnection, got "
+ c.getClass());
HttpURLConnection conn = (HttpURLConnection)c;
conn.setDoOutput(true); // Read-write
conn.setDoInput(true); // Read-write
conn.setUseCaches(false);
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Type",
"application/x-www-form-urlencoded; charset=UTF-8");
conn.setRequestProperty("Content-length",
String.valueOf(contentBytes.length));
conn.setInstanceFollowRedirects(true); // Optional
conn.connect(); // Make the connection
OutputStream out = conn.getOutputStream();
out.write(contentBytes);
out.flush();
out.close();
// Do whatever you want with the response. Don't forget
// to appropriately detect the response's character encoding,
// HTTP status, etc. If there's a problem, read from the
// error stream, not from the "input stream". Otherwise, you'll
// get an exception.
InputStream in = conn.getInputStream();
// Whatever
in.close();
I use this code in a component that I wrote to either GET or POST (this
is the POST code) to a "fulfillment server" which creates records in a
database for me.
It works perfectly for me, although I haven't given you 100% of the code
I've written (especially the part about reading the response).
Hope this helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFU0/09CaO5/Lv0PARAs5ZAJ0TCG+C8BftGIqRtS6FI5ArHPPoNgCfejsN
z7rmVDvdwQrz/xTh18+F+to=
=QQVm
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
