I need some help and concept of PayPal payment integration. I have following to send order / payment data to PayPal:
Dim sString As String
sString = "https://www.paypal.com/cgi-bin/webscr?"
sString += "cmd=_xclick"
sString += "&business=" & BusinessEmail
sString += "&email=" & UserEmail
sString += "&address_override=1"
sString += "¤cy_code=" & CurrencyCode
sString += "&invoice=" & InvoiceNumber
sString += "&item_name=" & PlanName
sString += "&item_number=" & ItemNumber
sString += "&quantity=1"
sString += "&amount=" & TotalAmount
sString += "&handling=0"
sString += "&display=1"
sString += "&first_name=" & Firstname
sString += "&last_name=" & LastName
sString += "&address1=" & AddressLine1
sString += "&address2=" & AddressLine2
sString += "&city=" & CityTitle
sString += "&state=" & State
sString += "&zip=" & Postcode
sString += "&lc=" & CountryISO
sString+= "¬ify_url=" & notify_url
Response.Redirect(sString)
This is working OK but as it is passing as query-string it reveals all parameters, is there anyway I can encrypt this?
Can anyone suggest a better way to integrate PayPal?
How can I get payment confirmation?
Many thanks for help
is there anyway I can encrypt this?
You should encrypt the query string, but PayPal URL is https so it is protected.
Can anyone suggest a better way to integrate PayPal?
You need default protocol to be TLS 1.2 due to PayPal requirement. I also would like to suggest you to use StringBuilder.
StringBuilder builder = new StringBuilder();
builder.Append("https://www.paypal.com/cgi-bin/webscr?");
....
// PayPal requires TLS 1.2
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
Response.Redirect(builder.ToString());
How can I get payment confirmation?
PayPal will send confirmation email to you after the payment is received.
Related
I am trying to insert some fields into the local ms access database using webmethod(services) and website. I have tried looking up but cannot seem to spot where I've gone wrong. Can anyone tell me if I am doing it right. The code below does not add new data into the database nor does it direct me back to the page requested.
Services Webmethod:
[WebMethod]
public void AddNewPosts(string postUserName, string postTitle, DateTime postMessagepostDateTime, int subTopicId, string postMessage)
{
//Connection string for the datbase
string database = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|/Forum.accdb;Persist Security Info=True";
OleDbConnection myConn = new OleDbConnection(database);
//Execute the query
string queryStr = "Insert into Posts (TopicId, PostTitle, PostUserName, PostDateTime) VALUES (" + subTopicId + ",'" + postTitle + "','" + postUserName + "'," + postMessagepostDateTime + ")";
// Create a command object
OleDbCommand myCommand = new OleDbCommand(queryStr, myConn);
// Open the connection
myCommand.Connection.Open();
myCommand.ExecuteNonQuery();
myCommand.Connection.Close();
}
Calling the above method from my website:
protected void btnSubmit_Click(object sender, EventArgs e)
{
//string postUserName = Page.User.Identity.Name;
string postUserName = "tom123";
string postTitle = txtTitle.Text;
string postMessage = txtMessage.Text;
DateTime postDateTime = DateTime.Now;
int subTopicId = int.Parse(Request.QueryString["id"]);
Service fs = new Service();
fs.AddNewPosts(postUserName, postTitle, postDateTime, subTopicId, postMessage);
//Redirect back to the SubTopic page
Response.Redirect("SubTopic.aspx?id=" + subTopicId.ToString());
}
Can you try with quotes around the date time
string queryStr = "Insert into Posts (TopicId, PostTitle, PostUserName, PostDateTime) VALUES (" + subTopicId + ",'" + postTitle + "','" + postUserName + "','" + postMessagepostDateTime + "')";
I am working with the paypal using express checkout to get a billing agreement id.
I was following this guide:
https://www.x.com/developers/paypal/documentation-tools/how-authorize-and-run-reference-transaction-express-checkout
In the first step when i do "SetExpressCheckout":
The following is the code
public string SetExpressCheckout(string Amount)
{
string returnURL = "http://localhost:50325/ReviewOrder.aspx" + "?amount=" + Amount + "&PAYMENTREQUEST_0_CURRENCYCODE=USD";
string cancelURL = returnURL.Replace("ReviewOrder", "ExpCheckOut");
string strCredentials = "USER=" + strUsername + "&PWD=" + strPassword + "&SIGNATURE=" + strSignature;
string strNVP = strCredentials;
strNVP += "&PAYMENTREQUEST_0_PAYMENTACTION=AUTHORIZATION&&PAYMENTREQUEST_0_AMT=25" + "&L_BILLINGTYPE0=MerchantInitiatedBilling" + "&RETURNURL=" + returnURL;
strNVP += "&CANCELURL=" + cancelURL;
strNVP += "&METHOD=SetExpressCheckout&VERSION=" + strAPIVersion + "&DESC=test EC payment" +"&NOSHIPPING=0" ;
//Create web request and web response objects, make sure you using the correct server (sandbox/live)
HttpWebRequest wrWebRequest = (HttpWebRequest)WebRequest.Create(strNVPSandboxServer);
//Set WebRequest Properties
wrWebRequest.Method = "POST";
// write the form values into the request message
StreamWriter requestWriter = new StreamWriter(wrWebRequest.GetRequestStream());
requestWriter.Write(strNVP);
requestWriter.Close();
// Get the response.
HttpWebResponse hwrWebResponse = (HttpWebResponse)wrWebRequest.GetResponse();
StreamReader responseReader = new StreamReader(wrWebRequest.GetResponse().GetResponseStream());
// and read the response
string responseData = responseReader.ReadToEnd();
responseReader.Close();
return responseData;
}
The response is:
TOKEN=EC-09082530FY878870B&
TIMESTAMP=2013-03-25T00:45:56Z&
CORRELATIONID=3d33037174d55&
ACK=SuccessWithWarning&
VERSION=86&
BUILD=5479129&
L_ERRORCODE0=11452&
L_SHORTMESSAGE0=Merchant not enabled for reference transactions&
L_LONGMESSAGE0=Merchant not enabled for reference transactions&
L_SEVERITYCODE0=Warning
How to to get a BillingAgreeentd in Step 3:
Code for step 3 is:
public string GetBillingAgreementID()
{
string returnURL = "http://localhost:50325/ReviewOrder.aspx" + "?amount=" + Amount + "¤cy=USD";
string cancelURL = returnURL.Replace("ReviewOrder", "ExpCheckOut");
string strCredentials = "USER=" + strUsername + "&PWD=" + strPassword + "&SIGNATURE=" + strSignature;
string strNVP = strCredentials;
strNVP += "&RETURNURL=" + returnURL;
strNVP += "&CANCELURL=" + cancelURL;
strNVP += "&METHOD=CreateBillingAgreement&VERSION=" + strAPIVersion + "&TOKEN=" + Session["Token"];
//Create web request and web response objects, make sure you using the correct server (sandbox/live)
HttpWebRequest wrWebRequest = (HttpWebRequest)WebRequest.Create(strNVPSandboxServer);
//Set WebRequest Properties
wrWebRequest.Method = "POST";
// write the form values into the request message
StreamWriter requestWriter = new StreamWriter(wrWebRequest.GetRequestStream());
requestWriter.Write(strNVP);
requestWriter.Close();
// Get the response.
HttpWebResponse hwrWebResponse = (HttpWebResponse)wrWebRequest.GetResponse();
StreamReader responseReader = new StreamReader(wrWebRequest.GetResponse().GetResponseStream());
// and read the response
string responseData = responseReader.ReadToEnd();
responseReader.Close();
return responseData;
}
Response is:
TIMESTAMP=2013-03-25T00:51:34Z&
CORRELATIONID=854e6beed1e82&
ACK=Failure&
VERSION=86&
BUILD=5479129&
L_ERRORCODE0=11455&
L_SHORTMESSAGE0=Buyer did not accept billing agreement&
L_LONGMESSAGE0=Buyer did not accept billing agreement&
L_SEVERITYCODE0=Error
How to get a BillingAgreemntId?
Is that because of "L_SHORTMESSAGE0=Merchant not enabled for reference transactions" this message from "SetExpressCheckout" am i not able to get BillingAgreementID?
Please help me on this. Thanks.
You would need to contact PayPal and request this to be enabled on the account, if this is for a live account. If you are needing it enabled on the sandbox, you would need to contact PayPal MTS and have this enabled on your sandbox account.
I have built a custom validator,
I have a sql query like this:
protected void custom_serverValidate(object sender, ServerValidateEventArgs e)
{
connect();
string strSQL = "select EmailAddress from Accounts_Users where EmailAddress=" + REmailTextBox.Text;
SqlCommand cmd = new SqlCommand(strSQL, objConnection);
if (e.Value.ToString() == cmd.ExecuteScalar().ToString())
{
e.IsValid = false;
}
else
e.IsValid = true;
disConnect();
}
when I execute my code in the browser and an email address and submit it , I get the error mentioned in the title. how to fix it ?
You are missing quotes around your email address. However - this is a SQL injection attack waiting to happen. Please switch to using a parameter.
string strSQL = "select EmailAddress from Accounts_Users where EmailAddress = #EmailAddress"
...
cmd.Parameters.AddWithValue("#EmailAddress", REmailTextBox.Text);
You forgot to use the single quotes. Use:
string commandText = "select EmailAddress from Accounts_Users where EmailAddress=#EmailAttress";
SqlCommand cmd = new SqlCommand(commandText, conn);
cmd.Parameters.Add("#EmailAddress", REmailTextBox.Text);
there are loads of resources that show how to use global.ascx global error event handler to capture un-managed errors in the web application but i am yet to find a good sample of code to include in this method that will report on major topics like error message, an output of stack trace, page that generated the error, the user-name/ role that generated the error... and the such.
has anyone used, have, or come across a nice code spinet for this purpose?
thanks in advance.
Your best best it to do nothing. ASP.NET Health Monitoring will write an event to the event log containing most of the data you could need.
If that's not enough information for you, then you should look into wrapping certain of your exceptions in an outer exception which includes the additional data. For instance:
string fileSpec = " ... ";
try
{
using (var stream = new FileStream(fileSpec))
{
// Something
}
}
catch (IOException ex)
{
throw new Exception(String.Format("Error processing {0}", fileSpec), ex);
}
Here's what we're using though we may now want to switch to Health Monitoring seeing the other answers to this question.
public static void LogErrorWithStackTrace(String message, Exception exception,
EventLogEntryType entryType)
{
var context = HttpContext.Current;
var session = context.Session;
var request = context.Request;
var errorMessage =
String.Format(
#"Message: {0}
Error in: {1}
Referer: {2}
Agent: {3}
IP: {4}
Request type: {5}",
message, request.Url, request.UrlReferrer,
request.UserAgent, request.UserHostAddress, request.RequestType);
errorMessage += "\rQuery string variables:";
errorMessage = request.QueryString.Keys.Cast<string>().Aggregate(errorMessage,
(current, key) =>
current +
"\r " + key + " = " +
request.QueryString[
key]);
errorMessage += "\rForm variables:";
errorMessage = request.Form.Keys.Cast<string>().Aggregate(errorMessage,
(current, key) =>
current + "\r " + key +
" = " +
request.Form[key]);
errorMessage += "\rCookies:";
errorMessage = request.Cookies.Keys.Cast<string>().Aggregate(errorMessage,
(current, key) =>
current + "\r " + key +
" = " +
request.Cookies[key]);
if (session != null)
{
errorMessage += "\rISession:";
var sess = (ISession) session["session"];
errorMessage += sess.ToString();
errorMessage += "\rSession:";
errorMessage = session.Keys.Cast<string>().Aggregate(errorMessage,
(current, sessionKey) =>
current +
"\r " + sessionKey + ": " +
session[sessionKey]);
}
errorMessage += "\rStack Trace:";
errorMessage += exception.StackTrace;
WriteEntry(errorMessage, entryType);
if (!QuietTypes.Contains(exception.GetType()))
SendExceptionEmail(errorMessage);
}
This is some VB code we use, it provides enougth info for us to diagnose most problems. Only downside with emailing errors like this is when there is a major failure you can end up with thousands of messages in your mailbox :(
Dim e As Exception
If System.Web.HttpContext.Current.Request.IsLocal Then Exit Sub
e = System.Web.HttpContext.Current.Server.GetLastError
If e IsNot Nothing Then
If TypeOf e Is HttpException Then
Dim he As HttpException = DirectCast(e, HttpException)
If he.GetHttpCode=404 Then
System.Web.HttpContext.Current.Server.ClearError()
Response.Redirect("/")
Exit Sub
End If
End If
MsgBody += "Exception: " & e.Message & vbCrLf & vbCrLf
MsgBody += e.ToString & vbCrLf & vbCrLf & vbCrLf
Else
MsgBody += "Unknown Error" & vbCrLf & vbCrLf & vbCrLf
End If
If System.Web.HttpContext.Current.Request.Url Is Nothing Then
MsgBody += "URL: ?" & vbCrLf & vbCrLf
Else
MsgBody += "URL: " & System.Web.HttpContext.Current.Request.Url.ToString & vbCrLf
If System.Web.HttpContext.Current.Request.RawUrl IsNot Nothing Then MsgBody += System.Web.HttpContext.Current.Request.RawUrl & vbCrLf
MsgBody += vbCrLf
End If
If System.Web.HttpContext.Current.Request.UrlReferrer Is Nothing Then
MsgBody += "Referer: <direct>" & vbCrLf & vbCrLf
Else
MsgBody += "Referer: " & System.Web.HttpContext.Current.Request.UrlReferrer.ToString() & vbCrLf & vbCrLf
End If
If User IsNot Nothing Then MsgBody += "User: " & User.Identity.Name & vbCrLf
MsgBody += "User-Agent: " & System.Web.HttpContext.Current.Request.UserAgent & vbCrLf
MsgBody += "User-IP: " & System.Web.HttpContext.Current.Request.UserHostAddress & vbCrLf
MsgBody += "Server: " & System.Environment.MachineName & vbCrLf
MsgBody += vbCrLf & "RequestType: " & System.Web.HttpContext.Current.Request.RequestType() & vbCrLf & vbCrLf
' dump request items
' QueryString, Form, Cookies, ServerVariables
MsgBody += "Querystring Variables ================" & vbCrLf
If Request.QueryString.Count > 0 Then
For Each key As String In Request.QueryString.Keys
MsgBody += key & " = " & Request.QueryString(key) & vbCrLf
Next
Else
MsgBody += "(none)" & vbCrLf
End If
MsgBody += vbCrLf
MsgBody += "Form Variables =======================" & vbCrLf
If Request.Form.Count > 0 Then
For Each key As String In Request.Form.Keys
MsgBody += key & " = " & Request.Form(key) & vbCrLf
Next
Else
MsgBody += "(none)" & vbCrLf
End If
MsgBody += vbCrLf
MsgBody += "Cookies ==============================" & vbCrLf
If Request.Cookies.Count > 0 Then
For Each key As String In Request.Cookies.Keys
MsgBody += key & " = " & Request.Cookies(key).Value & vbCrLf
Next
Else
MsgBody += "(none)" & vbCrLf
End If
MsgBody += vbCrLf
MsgBody += "ServerVariables ======================" & vbCrLf
If Request.ServerVariables.Count > 0 Then
For Each key As String In Request.ServerVariables.Keys
MsgBody += key & " = " & Request.ServerVariables(key) & vbCrLf
Next
Else
MsgBody += "(none)" & vbCrLf
End If
MsgBody += vbCrLf
' we send MsgBody via email using the System.Net.Mail.MailMessage & System.Net.Mail.SmtpClient classes
' we've handled the error
System.Web.HttpContext.Current.Server.ClearError()
' depending on the error we redirect to our homepage /default.aspx unless that is the faulting page then redirect to static /error.html
How can I use Microsoft Access as a database in ASP.NET website? Is it possible?
Yes it possible. You will have to use OLEDB to Access the MS Access Database.
Dim con As New System.Data.OleDb.OleDbConnection
Dim myPath As String
myPath = Server.MapPath("Database1.mdb")
con.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0; Data source=" & myPath & ";"
Dim myCommand As New System.Data.OleDb.OleDbCommand
myCommand.CommandText = "insert into Students(Firstname,Lastname,Address) values('" & txtFirstname.Text & "','" & txtLastname.Text & "','" & txtAddress.Text & "')"
myCommand.Connection = con
con.Open()
myCommand.ExecuteNonQuery()
con.Close()
Taken from: http://www.beansoftware.com/ASP.NET-Tutorials/Connecting-Access-Sql-Server.aspx
It would be the same as SQL Server but you will be using OleDbConnection, OleDbCommand etc
Sure, Access has an oledb connection
Now I would not recommend it unless its a toy app. But yes it can be done.
Yes, It is possible.
Checkout this tutorial.
http://aspalliance.com/429
This isn't online anymore:
http://www.aspfree.com/c/a/Microsoft-Access/Connecting-to-a-Microsoft-Access-database-with-ASPNET/
Yes it's possible, but NOT advisable!
Access was never meant to be used in a highly concurrent environment like the web.
I don't know what type of site you are trying to create, but you're better
of with a real database like SQL Express (Free download on Microsoft)
string strConn ="PROVIDER=Microsoft.Jet.OLEDB.4.0; Data Source=|DataDirectory|referendum-abrogrativo.mdb";
OleDbConnection conn = new OleDbConnection(strConn);
try
{
conn.Open();
string query = "SELECT * FROM User WHERE Email = '" + email + "' AND Password = '" + password + "'";
OleDbCommand cmdE = new OleDbCommand();
cmdE.Connection = conn;
cmdE.CommandText = query;
OleDbDataReader dr;
dr = cmdE.ExecuteReader();
if (dr.Read())
{
_IDUte = dr.GetValue(0).ToString();
_Email = dr.GetValue(3).ToString();
_Password = dr.GetValue(4).ToString();
}
else
{
_Email = "";
_Password = "";
}
dr.Close();
conn.Close();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
finally
{
conn.Close();
}