Now we're getting somewhere...but one thing is a little weird

[Brent White]

I got this code from the web service site (but of course they have no
kind of implied warranty on it) that builds a URL with a querystring
and sends it. Naturally, the parameters (of which there are a ton, no
idea why they don't want XML input, but I digress) are separated by &
signs. I know if you try to encode a string with an & character in a
URL, it comes out as %26 to prevent improper parsing.

However, this code seems to be encoding the variable delimiters (&) as
well (encoding it at &amp, causing the request to be refused. This
is the code:

Imports System.Web.Services
Imports System.Web.Services.Protocols
Imports System.ComponentModel

<System.Web.Services.WebService(Namespace:="http://badger.com/")> _
<System.Web.Services.WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)>
_
<ToolboxItem(False)> _
Public Class Service1
Inherits System.Web.Services.WebService
<WebMethod()> _
Public Function AuthorizeAPI(ByVal Input1 As InformationToPass) As
String
Dim rp As New ReturnParams
Dim currentDomain As AppDomain = AppDomain.CurrentDomain
'for regular unhandled stuff
AddHandler currentDomain.UnhandledException, AddressOf
MYExceptionHandler
'for threads behind forms
'AddHandler Application.ThreadException, AddressOf
MYThreadHandler
Dim whr
Dim data
Dim WWW_OR_DEVELOPER As String = "Developer"
whr = CreateObject("WinHTTP.Winhttprequest.5.1")
whr.settimeouts(0, 0, 120000, 240000)
whr.Open("POST", "https://" & WWW_OR_DEVELOPER &
".skipjackic.com/scripts/evolvcc.dll?Authorize", False)
data = ""
' SET REQUEST HEADER
whr.SetRequestHeader("Content-Type", "application/x-www-form-
urlencoded")

' A STRING TO STORE THE VARIABLES TO POST
Dim qString
qString = ""

'Return "Hi, this page is served by Brent White's own system
and can be looked at " & Input1.SecondParam & " times."
'Return Input1.SerialNumber
qString = qString & "SerialNumber=" &
Server.UrlEncode(Input1.SerialNumber) & Chr(26)
'Return Input1.Dev_SerialNumber
qString = qString & "DeveloperSerialNumber=" &
Input1.Dev_SerialNumber & "&amp;"
qString = qString & "SJName=" & Input1.SJName & "&"
qString = qString & "Email=" & Input1.Email & "&"
qString = qString & "StreetAddress=" & Input1.BillStreet & "&"
qString = qString & "StreetAddress2=" & Input1.BillStreet2 &
"&"
qString = qString & "StreetAddress3=" & Input1.BillStreet3 &
"&"
qString = qString & "StreetAddress4=" & Input1.BillStreet4 &
"&"
qString = qString & "City=" & Input1.BillCity & "&"
qString = qString & "State=" & Input1.BillState & "&"
qString = qString & "Zip=" & Input1.BillZip & "&"
qString = qString & "Country=" & Input1.BillCountry & "&"
qString = qString & "Phone=" & Input1.BillPhone & "&"
qString = qString & "Fax=" & Input1.BillFax & "&"
qString = qString & "ShipToStreetAddress=" & Input1.ShipStreet
& "&"
qString = qString & "ShipToStreetAddress2=" &
Input1.ShipStreet2 & "&"
qString = qString & "ShipToStreetAddress3=" &
Input1.ShipStreet3 & "&"
qString = qString & "ShipToStreetAddress4=" &
Input1.ShipStreet4 & "&"
qString = qString & "ShipToCity=" & Input1.ShipCity & "&"
qString = qString & "ShipToState=" & Input1.ShipState & "&"
qString = qString & "ShipToZip=" & Input1.ShipZip & "&"
qString = qString & "ShipToCountry=" & Input1.ShipCountry &
"&"
qString = qString & "ShipToPhone=" & Input1.ShipPhone & "&"
qString = qString & "ShipToFax=" & Input1.ShipFax & "&"
qString = qString & "OrderNumber=" & Input1.OrderNumber & "&"
qString = qString & "AccountNumber=" & Input1.AccountNumber &
"&"
qString = qString & "Month=" & Input1.MonthExpr & "&"
qString = qString & "Year=" & Input1.YearExpr & "&"
qString = qString & "CVV2=" & Input1.CVV2 & "&"
qString = qString & "TransactionAmount=" &
Input1.TransactionAmount & "&"
qString = qString & "CustomerTax=" & Input1.SalesTax & "&"
qString = qString & "CustomerCode=" & Input1.CustomerCode &
"&"
qString = qString & "PurchaseOrderNumber=" & Input1.PONumber &
"&"
qString = qString & "ShippingAmount=" & Input1.ShippingAmount
& "&"
qString = qString & "SummaryCommodityCode=" &
Input1.SummaryCommodityCode & "&"
qString = qString & "orderstring_lvl3=" &
Input1.OrderString_lvl3
'rp.SJName = Input1.SJName
'rp.Email = Input1.Email
'Return Input1.BillStreet
'Return Input1.BillStreet2
'Return Input1.BillStreet3
'Return Input1.BillStreet4
'Return Input1.BillCity
'Return Input1.BillState
'Return Input1.BillZip
'Return Input1.BillCountry
'Return Input1.BillPhone
'Return Input1.BillFax
'Return Input1.ShipName
'Return Input1.ShipStreet
'Return Input1.ShipStreet2
'Return Input1.ShipStreet3
'Return Input1.ShipStreet4
'Return Input1.ShipCity
'Return Input1.ShipState
'Return Input1.ShipZip
'Return Input1.ShipCountry
'Return Input1.ShipPhone
'Return Input1.ShipFax
'Return Input1.AccountNumber
'Return Input1.MonthExpr
'Return Input1.YearExpr
'Return Input1.CVV2
'rp.TransactionAmount = Val(5 * Input1.TransactionAmount)
'Return Input1.TransactionAmount
'Return Input1.SalesTax
'Return Input1.CustomerCode
'Return Input1.PONumber
'Return Input1.ShippingAmount
'Return Input1.SummaryCommodityCode
'Return Input1.OrderString_lvl3
On Error Resume Next
whr.send(qString)
whr.waitforresponse()
On Error Resume Next
data = data & whr.responsetext

If Not IsNothing(whr) Then
whr = Nothing
End If
Return qString
'Return data
'rp.SJName = data
'Return rp
End Function
Private Sub MYExceptionHandler(ByVal sender As Object, ByVal e As
UnhandledExceptionEventArgs)
Dim EX As Exception
EX = e.ExceptionObject
Console.WriteLine(EX.StackTrace)
End Sub

Private Sub MYThreadHandler(ByVal sender As Object, ByVal e As
Threading.ThreadExceptionEventArgs)
Console.WriteLine(e.Exception.StackTrace)
End Sub
End Class

Public Class InformationToPass
Public SerialNumber As String = {private} 'Removed actual value
from pasted code
Public Dev_SerialNumber As String = {private} 'Removed actual
value from pasted code
Public SJName As String
Public Email As String
Public BillStreet As String
Public BillStreet2 As String
Public BillStreet3 As String
Public BillStreet4 As String
Public BillCity As String
Public BillState As String
Public BillZip As String
Public BillCountry As String
Public BillPhone As String
Public BillFax As String
Public ShipName As String
Public ShipStreet As String
Public ShipStreet2 As String
Public ShipStreet3 As String
Public ShipStreet4 As String
Public ShipCity As String
Public ShipState As String
Public ShipZip As String
Public ShipCountry As String
Public ShipPhone As String
Public ShipFax As String
Public OrderNumber As String
Public AccountNumber As String
Public MonthExpr As String
Public YearExpr As String
Public CVV2 As String
Public TransactionAmount As String
Public SalesTax As String
Public CustomerCode As String
Public PONumber As String
Public ShippingAmount As String
Public SummaryCommodityCode As String
Public OrderString_lvl3 As String
End Class

Public Class ReturnParams
Public SJName As String
Public Email As String
Public TransactionAmount As String
End Class



The "&" characters keep getting picked up as &amp; (except in the
first parameter, which shows it as #x1A;

When the request gets passed to the service, it treats each field as
blank.

Why is this not working? It seems to run counter to every example
I've seen on the internet.

 

[=?ISO-8859-1?Q?G=F6ran_Andersson?=]

I got this code from the web service site (but of course they have no
kind of implied warranty on it) that builds a URL with a querystring
and sends it. Naturally, the parameters (of which there are a ton, no
idea why they don't want XML input, but I digress) are separated by &
signs. I know if you try to encode a string with an & character in a
URL, it comes out as %26 to prevent improper parsing.

However, this code seems to be encoding the variable delimiters (&) as
well (encoding it at &amp, causing the request to be refused. This
is the code:

Comments below in the code.

Imports System.Web.Services
Imports System.Web.Services.Protocols
Imports System.ComponentModel

<System.Web.Services.WebService(Namespace:="http://badger.com/")> _
<System.Web.Services.WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)>
_
<ToolboxItem(False)> _
Public Class Service1
Inherits System.Web.Services.WebService
<WebMethod()> _
Public Function AuthorizeAPI(ByVal Input1 As InformationToPass) As
String
Dim rp As New ReturnParams
Dim currentDomain As AppDomain = AppDomain.CurrentDomain
'for regular unhandled stuff
AddHandler currentDomain.UnhandledException, AddressOf
MYExceptionHandler
'for threads behind forms
'AddHandler Application.ThreadException, AddressOf
MYThreadHandler
Dim whr
Dim data
Dim WWW_OR_DEVELOPER As String = "Developer"
whr = CreateObject("WinHTTP.Winhttprequest.5.1")
whr.settimeouts(0, 0, 120000, 240000)
whr.Open("POST", "https://" & WWW_OR_DEVELOPER &
".skipjackic.com/scripts/evolvcc.dll?Authorize", False)
data = ""
' SET REQUEST HEADER
whr.SetRequestHeader("Content-Type", "application/x-www-form-
urlencoded")

' A STRING TO STORE THE VARIABLES TO POST
Dim qString
qString = ""

Use a StringBuilder instead.

'Return "Hi, this page is served by Brent White's own system
and can be looked at " & Input1.SecondParam & " times."
'Return Input1.SerialNumber
qString = qString & "SerialNumber=" &
Server.UrlEncode(Input1.SerialNumber) & Chr(26)

That is not correct. The Chr(26) should be Chr(&H26), or simply "&".

Chr(26) is the end-of-file character used in ASCII text files. Certainly
not a character that goes into url-encoded data.

'Return Input1.Dev_SerialNumber
qString = qString & "DeveloperSerialNumber=" &
Input1.Dev_SerialNumber & "&amp;"

You only html-encode the & character if the url goes into html code.
Change "&amp;" to "&".

Unless the developer serial number is guaranteed to only contain
characters that does not need to be url-encoded, you should url-encode
it, just as with the serial number.

qString = qString & "SJName=" & Input1.SJName & "&"
Url-encode.

qString = qString & "Email=" & Input1.Email & "&"
Url-encode.

qString = qString & "StreetAddress=" & Input1.BillStreet & "&"

Yes, here to.

qString = qString & "StreetAddress2=" & Input1.BillStreet2 &
"&"
Yep.

qString = qString & "StreetAddress3=" & Input1.BillStreet3 &
"&"
Everywhere.

qString = qString & "StreetAddress4=" & Input1.BillStreet4 &
"&"

It goes on.

qString = qString & "City=" & Input1.BillCity & "&"

Yes, sir.

qString = qString & "State=" & Input1.BillState & "&"

Here too.

qString = qString & "Zip=" & Input1.BillZip & "&"
Yowsa.

qString = qString & "Country=" & Input1.BillCountry & "&"

Yet another one.

qString = qString & "Phone=" & Input1.BillPhone & "&"

Ya' know the drill.

qString = qString & "Fax=" & Input1.BillFax & "&"

Keep on encoding.

qString = qString & "ShipToStreetAddress=" & Input1.ShipStreet
& "&"

And encoding.

qString = qString & "ShipToStreetAddress2=" &
Input1.ShipStreet2 & "&"
Et.c.

qString = qString & "ShipToStreetAddress3=" &
Input1.ShipStreet3 & "&"
-"-

qString = qString & "ShipToStreetAddress4=" &
Input1.ShipStreet4 & "&"
-"-

qString = qString & "ShipToCity=" & Input1.ShipCity & "&"
-"-

qString = qString & "ShipToState=" & Input1.ShipState & "&"
-"-

qString = qString & "ShipToZip=" & Input1.ShipZip & "&"
-"-

qString = qString & "ShipToCountry=" & Input1.ShipCountry &
"&"
-"-

qString = qString & "ShipToPhone=" & Input1.ShipPhone & "&"
-"-

qString = qString & "ShipToFax=" & Input1.ShipFax & "&"
-"-

qString = qString & "OrderNumber=" & Input1.OrderNumber & "&"
-"-

qString = qString & "AccountNumber=" & Input1.AccountNumber &
"&"
-"-

qString = qString & "Month=" & Input1.MonthExpr & "&"
-"-

qString = qString & "Year=" & Input1.YearExpr & "&"
-"-

qString = qString & "CVV2=" & Input1.CVV2 & "&"
-"-

qString = qString & "TransactionAmount=" &
Input1.TransactionAmount & "&"

Only digits? Sure? Otherwise... yes you guessed it.

qString = qString & "CustomerTax=" & Input1.SalesTax & "&"
Encode.

qString = qString & "CustomerCode=" & Input1.CustomerCode &
"&"
-"-

qString = qString & "PurchaseOrderNumber=" & Input1.PONumber &
"&"
-"-

qString = qString & "ShippingAmount=" & Input1.ShippingAmount
& "&"

Only digits? Otherwise...

qString = qString & "SummaryCommodityCode=" &
Input1.SummaryCommodityCode & "&"
Yep.

qString = qString & "orderstring_lvl3=" &
Input1.OrderString_lvl3
-"-

'rp.SJName = Input1.SJName
'rp.Email = Input1.Email
'Return Input1.BillStreet
'Return Input1.BillStreet2
'Return Input1.BillStreet3
'Return Input1.BillStreet4
'Return Input1.BillCity
'Return Input1.BillState
'Return Input1.BillZip
'Return Input1.BillCountry
'Return Input1.BillPhone
'Return Input1.BillFax
'Return Input1.ShipName
'Return Input1.ShipStreet
'Return Input1.ShipStreet2
'Return Input1.ShipStreet3
'Return Input1.ShipStreet4
'Return Input1.ShipCity
'Return Input1.ShipState
'Return Input1.ShipZip
'Return Input1.ShipCountry
'Return Input1.ShipPhone
'Return Input1.ShipFax
'Return Input1.AccountNumber
'Return Input1.MonthExpr
'Return Input1.YearExpr
'Return Input1.CVV2
'rp.TransactionAmount = Val(5 * Input1.TransactionAmount)
'Return Input1.TransactionAmount
'Return Input1.SalesTax
'Return Input1.CustomerCode
'Return Input1.PONumber
'Return Input1.ShippingAmount
'Return Input1.SummaryCommodityCode
'Return Input1.OrderString_lvl3
On Error Resume Next

Ouch. Use Try and Catch for proper error handling.

whr.send(qString)
whr.waitforresponse()
On Error Resume Next
Ouch.

data = data & whr.responsetext

If Not IsNothing(whr) Then

That's a pointless check.

whr = Nothing

There is no reason to clear references that aren't used any more.

End If
Return qString
'Return data
'rp.SJName = data
'Return rp
End Function
Private Sub MYExceptionHandler(ByVal sender As Object, ByVal e As
UnhandledExceptionEventArgs)
Dim EX As Exception
EX = e.ExceptionObject
Console.WriteLine(EX.StackTrace)
End Sub

Private Sub MYThreadHandler(ByVal sender As Object, ByVal e As
Threading.ThreadExceptionEventArgs)
Console.WriteLine(e.Exception.StackTrace)
End Sub
End Class

Public Class InformationToPass
Public SerialNumber As String = {private} 'Removed actual value
from pasted code
Public Dev_SerialNumber As String = {private} 'Removed actual
value from pasted code
Public SJName As String
Public Email As String
Public BillStreet As String
Public BillStreet2 As String
Public BillStreet3 As String
Public BillStreet4 As String
Public BillCity As String
Public BillState As String
Public BillZip As String
Public BillCountry As String
Public BillPhone As String
Public BillFax As String
Public ShipName As String
Public ShipStreet As String
Public ShipStreet2 As String
Public ShipStreet3 As String
Public ShipStreet4 As String
Public ShipCity As String
Public ShipState As String
Public ShipZip As String
Public ShipCountry As String
Public ShipPhone As String
Public ShipFax As String
Public OrderNumber As String
Public AccountNumber As String
Public MonthExpr As String
Public YearExpr As String
Public CVV2 As String
Public TransactionAmount As String
Public SalesTax As String
Public CustomerCode As String
Public PONumber As String
Public ShippingAmount As String
Public SummaryCommodityCode As String
Public OrderString_lvl3 As String
End Class

Public Class ReturnParams
Public SJName As String
Public Email As String
Public TransactionAmount As String
End Class



The "&" characters keep getting picked up as &amp; (except in the
first parameter, which shows it as #x1A;

You actually have an #x1A in the first parameter and an &amp; in the
second parameter, other than that the separators looks fine.