Home > Archive > PERL CGI Beginners > January 2005 > another 'POST from perl' question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
another 'POST from perl' question
|
|
|
| Hi,
I've searched for several w s, and I've found code that should allow
me to post from my perl script. I continue to fail, though.
Admittedly, I am not good with OOP (other than VB). I'm trying to post
so as to process credit card info, and authorize.net states that I must
POST with a query string (?), but don't use GET. In short, I've tried:
use CGI; use LWP::UserAgent; use HTTP::Request;
use HTTP::Status; $cgi = new CGI;
my $ua = LWP::UserAgent->new;
my $submit_str = "x_login=$acct_id&x_tran_key=$tran_key";
my $request = new HTTP::Request 'POST', $transaction_server;
$request->content_type('application/x-www-form-urlencoded');
$request->content($submit_str);
my $response = $ua->request($request);
$resp = $response->content;
if ($response->is_success) { print "Success"; }
else { print "Fail"; }
and I've tried a combination of variations:
my $response = $ua->request(POST $transaction_server,
['x_login' => $acct_id, 'x_tran_key' => $tran_key],);
including passing my data as a query_string, but I just can't make it to
is_success. I also can't decipher the hash that LWP appears to return.
I've looked at cpan, perl.com, and my cookbook, but to no avail. Tech
support doesn't support scripts, so they're little help.
Any suggestions or help? I apologize for my ignorance.
Thank you,
-jd
| |
| Sherm Pendley 2005-01-14, 3:55 am |
| comp.lang.perl no longer exists - I've trimmed it from the groups list. This
isn't really a CGI question either, but I don't frequent that group. I'll
leave it to the people who do live there to trim it from the list if they
see fit.
> so as to process credit card info, and authorize.net states that I must
> POST with a query string (?), but don't use GET.
Good advice. When you issue a GET, your form content appears at the end of
the URI - and URIs are logged by web servers. So, whenever you're sending
info that you wouldn't want to see in server logs - such as credit card
numbers - don't use GET.
Hmmm... your script seems incomplete, so I'm assuming it begins with the
usual:
#!/usr/bin/perl
use strict;
use warnings;
> use CGI; use LWP::UserAgent; use HTTP::Request;
> use HTTP::Status; $cgi = new CGI;
> my $ua = LWP::UserAgent->new;
> my $submit_str = "x_login=$acct_id&x_tran_key=$tran_key";
> my $request = new HTTP::Request 'POST', $transaction_server;
> $request->content_type('application/x-www-form-urlencoded');
> $request->content($submit_str);
> my $response = $ua->request($request);
That looks pretty convoluted. Any particular reason you're creating the
HTTP::Request object manually? Using LWP::UserAgent's post() method would
be simpler:
my $ua = LWP::UserAgent->new();
my $response = $ua->post($transaction_server,
{ 'x_login' => $acct_id,
'x_tran_key' => $tran_key
});
Now, judging by your description of their requirements, it appears they want
*both* a query string appended to the URL, and POST-ed form data. That is,
the rough equivalent of what would happen with an HTML form element like
this:
<form action="http://foo.invalid/cgi-bin/hitme.cgi?foo=1;bar=2"
method="POST">
... input elements ...
</form>
That's odd, but not unheard-of. They might, for instance, want to have one
or two specific pieces of information appear in their server logs, without
having *everything* included.
So, to do that with LWP, you need to construct the proper URI to pass to
post() in $transaction_server. That's just a simple string, not an object -
but we can use a URI object to easily encode the values properly and create
the string:
my $uri_object = URI->new('http://foo.invalid/cgi-bin/hitme.cgi');
$uri_object->query_form('foo'=>1, 'bar'=>2);
my $transaction_server = $uri_object->as_string();
> I've looked at cpan, perl.com, and my cookbook, but to no avail. Tech
> support doesn't support scripts, so they're little help.
You should also ask tech support if they don't *support* scripts, or if they
don't *allow* scripts. There's a *huge* difference between the two - the
first simply means you're on your own, but the second could mean they're
checking the user-agent string on the server, or doing some other means of
checking for and denying access to scripts.
sherm--
--
Cocoa programming in Perl: http://camelbones.sourceforge.net
Hire me! My resume: http://www.dot-app.org
| |
|
| Thanks for replying.
Sherm Pendley wrote:
> Hmmm... your script seems incomplete, so I'm assuming it begins with the
> usual:
>
> #!/usr/bin/perl
> use strict;
> use warnings;
Sure, I have that, I posted just a snippet. My script runs, it just
appears to not successfully submit data.
>
> That looks pretty convoluted. Any particular reason you're creating the
> HTTP::Request object manually? Using LWP::UserAgent's post() method would
> be simpler:
I really don't know perl oop, I've just copied examples and tried to
adapt them.
> Now, judging by your description of their requirements, it appears they want
> *both* a query string appended to the URL, and POST-ed form data. That is,
> the rough equivalent of what would happen with an HTML form element
I found it strange, but the instructions from the rep state, "When using
AIM, you will need to post a series of name/value pairs to us, in a
query string format:
https://secure.authorize.net/gatewa...RTRANSACTIONKEY
"AIM is a secure server to secure server connection that uses a string
POST."
I guess I don't really know what a string post is. Their server
responds with a posted pipe-delimited string--not a query_string--but
I'll be able to capture and parse that.
Thanks for your advice and examples. I'll work on it some more.
-jd
| |
| Sherm Pendley 2005-01-14, 3:55 pm |
| JD wrote:
> I found it strange, but the instructions from the rep state, "When using
> AIM, you will need to post a series of name/value pairs to us, in a
> query string format:
> https://secure.authorize.net/gateway
transact.dll?x_login=YOURLOGINID& x_tran_key=YOURTRANSACTIONKEY
>
> "AIM is a secure server to secure server connection that uses a string
> POST."
>
> I guess I don't really know what a string post is.
I had a look at the "AIM Implementation Guide", and you're right - the
support reps is clueless. A "string post" is nonsense the support rep made
up, that's what it is. Ignore the idiot behind the phone and believe the
docs, which state the requirements quite clearly:
To implement AIM, a developer would design a script that does the
following:
1. Securely obtains all of the information needed to process a
transaction.
2. Initiates a secure HTTPS form POST from their server to
https://secure.authorize.net/gateway/transact.dll
...
There's no mention at all of a query_string in the above. Just ignore the
red herring from the clueless support rep, and do an ordinary POST with the
name/value pairs that are listed in AIM_guide.pdf.
sherm--
--
Cocoa programming in Perl: http://camelbones.sourceforge.net
Hire me! My resume: http://www.dot-app.org
|
|
|
|
|