[ic] Payment gateway : how to update database without clicking?
Kevin Walsh
interchange-users@icdevgroup.org
Wed Jul 10 19:13:00 2002
>
> I searched the archives, and found a suggestion from Joachim (see
> below). However, he's using "mv_order_receipt" as a trigger to save
> into the transactions, userdb and orderlines tables. By this point
> of time, I do not need to re-save all these info again, instead I
> only want to update the "wp_payment_status" field to "Success". Is
> there a way I can do that?
>
> I've tried this code in my receipt page:
>
> [sql interpolate=1]
> update transactions set wp_payment_status='Success' where
> code=='[value my_order_number]'
> [/sql]
>
> where my_order_number is returned by the payment gateway (passed from
> my checkout page).
>
How about something like this?
[tag flag write]transactions[/tag]
[query table="transactions" sql=|
UPDATE transactions
SET wp_payment_status = 'Success'
WHERE code = '[value my_order_number]'
|][/query]
Also note the single '=' in the WHERE clause.
>
> I tested the above codes separately without going through WorldPay,
> and it worked. But when called from WorldPay as a callback, it
> seemed to be running from WorldPay (url still pointing to WorldPay),
> thus couldn't work (ie, table not updated). I printed out
> [value my_order_number] on that page, and the value is correctly
> returned from WorldPay. Looks as if mysql is rejecting updates from
> servers other than mine(?) Just my deduction, any pointers?
>
What will you be doing to stop unauthorised use of your 'success'
callback page. Will your customers be prevented from ordering goods
and then calling the success page themselves?
If someone wanted to be extra-nasty, they could write some code to
loop through all order numbers from 1 through 100,000 and call your
success page for each one.
--
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ kevin@cursor.biz
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/