Post a form from code and send the user "there"

Tom Ruby

Tom Ruby

Aug 5 2015 11:10 AM
Working on some asp.net credit card processing code. Scary, eh? I'm actually more of an SQL server guy than an asp.net guy.
The processing company says to just put this html on the page and let the user click the button:

<form action="https://I'mnotgoingtoshowyouthis.com" method ="POST">

<input type="hidden" name="HostedKey" id="HostedKey" value="somebunchofgibberish" />

<input type="hidden" name="Gateway_ID" id="Gateway_ID" value="abigoldnumber" />

<input type="hidden" name="IndustryCode" id="IndustryCode" value="2" />

<input type="hidden" name="Amount" id="Amount" value="2743658.05" />

<input type="hidden" name="RecurringType" id="RecurringType" value="M" />

<input type="hidden" name="RecurringAmount" id="RecurringAmount" value="" />

<input type="hidden" name="RURL" id="RURL" value="http://aredactedurlIllhide" />

<input type="hidden" name="CURL" id="CURL" value="anotherurlthat'sbestnotrevealed" />

<input type="hidden" name="AVSRequired" id="AVSRequired" value="Y"/>

<input type="hidden" name="CVV2Required" id="CVV2Required"value="Y"/>

<input type="hidden" name="EmailRequired" id="EmailRequired" value="Y"/>

<input type="hidden" name="PostRspMsg" id="PostRspMsg" value="N"/>

<input type="Submit" name="Submit" id="Submit" value="Pay With Credit Card" />


This brings up the form where the user enters their credit card info and the transaction takes place and the money goes to the account and everybody's happy.
This has me shaking in my boots! Somebody could just view source, copy/paste this into any editor and do all sorts of mischief. I asked the company, and their response was "You can use our sample code that I provided using PHP with Java Script. Otherwise you can develop it however you would like if you do not want to use our sample php code."
So, can I have .net code actually submit this form and send the user there to enter his info so I never expose all the gory details? 

Answers (4)