[ic] Payment gateway : how to update database without clicking?

ffire interchange-users@icdevgroup.org
Sat Jul 13 15:22:01 2002 

On Thursday 11 July 2002 07:12, you wrote:
> How about something like this?
>
>     [tag flag write]transactions[/tag]
>     [query table="transactions" sql=|
>         UPDATE  transactions
>         SET     wp_payment_status = 'Success'
>         WHERE   code = '[value my_order_number]'
>
>     |][/query]
>
> Also note the single '=' in the WHERE clause.

It just seemed like, whenever the <WPDISPLAY ITEM=cartId> gets inside 
an IC tag, it doesn't get interpreted properly at all.  How can we go 
around that?


Your code worked, but only for local var, not for WP returned values.
WP returns values in 

<WPDISPLAY ITEM=cartId> format, 
where cartId is the returned field

What I've tested include:

[seti my_order_number]<WPDISPLAY ITEM=cartId>[/seti]
wpdisplay cartId = (<WPDISPLAY ITEM=cartId>)
my_order_number = ([scratch my_order_number])

Also tested with just "set" instead of "seti".
I update the database with your codes:

     [query table="transactions" sql=|
        UPDATE  transactions
        SET     wp_payment_status = 'Success'
        WHERE   code = '[scratch my_order_number]'
    |][/query]

...as well as replacing this code:
        WHERE   code = '[scratch my_order_number]'
with:
        WHERE   code = '<WPDISPLAY ITEM=cartId>'


I've tested all cases with single quotes, ', and without.

In the case of:
        WHERE   code = '[scratch my_order_number]'

The query was not interpolated at all, ie search made on 
[scratch my_order_number]

I've also tried adding "interpolate=1" to "query", and tried all 
combinations with "seti" to set the WP values to my local var, etc.

Also tried to
$Scratch->{a} .= "update transactions set wp_payment_status = 
'Success' where code = '<WPDISPLAY ITEM=cartId>'";
(both with and without single quote) before putting [scratch a] into 
the query code.

All just didn't work  :(

Any clues?

> What will you be doing to stop unauthorised use of your 'success'
> callback page.  Will your customers be prevented from ordering
> goods and then calling the success page themselves?
>
> If someone wanted to be extra-nasty, they could write some code to
> loop through all order numbers from 1 through 100,000 and call your
> success page for each one.

This is not a critical page, just to update the payment status, which 
is not very necessary, since WorldPay also generates an email to my 
client, and that's quite enough for now.  It just irks me to find 
such simple updating not working  ;P