I had problems using the general ASP Mail sample code to do the following:
1. Submit information, including credit card info, to a credit card processing site.
2. Determine whether the card was O.K.
3. Return values to the site on which I was developing and send an email.

Sounds easy. It was not.

First, when the values were returned the credit card site brought up the page from their server. Thus HostMySite SendMail permissions were unknown. I had to relay them one more time back to another page at HostMySite.

Second, for next loops didn't work for me. This is the ASP code I used. Maybe it will help someone else.

<%@ LANGUAGE="VBScript" %>
<% option explicit %>
<% Response.ExpiresAbsolute=#May 31,1996 13:30:15# %>
<% ' General Constants %>

<%
'Sends an Email Message
Function SendEmail()
'Response.Write "SendEmail()<br>"

Dim Mailer

Dim strRecipientName
Dim strRecipientEMail
Dim strMailHost
Dim strSenderName
Dim strSenderEMail
Dim strSubject
Dim strBodyText
Dim blnQueue
Dim blnHTML

strRecipientName = "Vern Crews"
strRecipientEMail = "vern@familycarehomes.biz"

strMailHost = "mail.familycarehomes.biz"
strSubject = "Purchase Form Submitted - Attention!"
strSenderName = "Purchase Form for Family Care Homes"
strSenderEMail = "root@familycarehomes.biz"

strSubject = "Purchase made at Family Care Homes"
' attempt to get the passed fields into the text of the body of the email
strBodyText = "Ship the number items based on the amount to:" & vbCrLf & vbCrLf
strBodyText = strBodyText & Request.Form("x_first_name") & " "
strBodyText = strBodyText & Request.Form("x_last_name") & vbCrLf
strBodyText = strBodyText & Request.Form("x_company") & vbCrLf
strBodyText = strBodyText & Request.Form("x_address") & vbCrLf
strBodyText = strBodyText & Request.Form("x_city") & vbCrLf
strBodyText = strBodyText & Request.Form("x_state") & vbCrLf
strBodyText = strBodyText & Request.Form("x_zip") & vbCrLf
strBodyText = strBodyText & Request.Form("x_country") & vbCrLf
strBodyText = strBodyText & Request.Form("x_amount") & vbCrLf & vbCrLf
strBodyText = strBodyText & "End Purchase Form Submission" & vbCrLf

blnQueue = False
blnHTML = False

Set Mailer = Server.CreateObject("SMTPsvg.Mailer")

If blnQueue Then
Mailer.QMessage = True
End If

Mailer.FromName = strSenderName
Mailer.FromAddress = strSenderEMail

Mailer.RemoteHost = strMailHost

Mailer.AddRecipient strRecipientName, strRecipientEMail
Mailer.Subject = strSubject


If blnHTML Then
Mailer.ContentType = "text/html"
End If

Mailer.BodyText = strBodyText

If Mailer.SendMail Then
Response.Write "If True<br>"
Response.Write "Success sending Purchase information"
Else
Response.Write "If False<br>"
Response.Write "Failure of SendMail<br>" & Mailer.Response
End If

'Set Mailer = Nothing
End Function
%>

hm... I saw email and credit card, and automatically I was turned off... but let me see if I can help. Also, just for asking's sake, is this form on a secure page, and is it being transmitted securely also?

ASPMail is VERY straight forward. What you're trying to do is beyond the capabilities of ASPMail, though, and what you're more than likely looking to do is perform a "screen scrape".

ASPMail is by no means ever created to handle credit card processing, or the ability to "screen scrape".

ASPMail did the job for my client (and for me, developer) -- with some help. Yes, we are on a secure site. The credit card information goes to a secure site. The credit card information does NOT come back -- only enough information to fill and order and ship it.

I am, however, interested in learning better ways. I'm new to ASP, usually developing in Cold Fusion, but this is a small site and the client does not want to spend the money to upgrade his program to a Cold Fusion possibility.

It sounds like the submission process is secure, however when ASPmail generates an email message then it becomes fair game to anyone listening in to the conversation. I.e. If I send an email to a friend of mine in California, anyone sniffing packets outside of my router or theirs could intercept the email and read it!

I would suggest something like the following for a low-budget but secure site:

1. Enter the cc information via an HTTPS: link
2. Upon submit send confirmation of order to the client and the vendor, however save the CC information to a database on your websites network (MSSQL or MySQL would be the best, however MS Access would do as well <shudder>)
3. To process the order have a login for the vendor (through HTTPS:) where they can see the cc information.

This would have to be changed to fit your specific needs, of course, however that's a good guideline to follow. The goal is this - that cc information should NEVER be transmitted in anything less than an encrypted or Secure Socket environment.

I have to agree with Jamie on that one. The less you have to send through email and the more you save into the database, the better it would be. You will retain all of the information needed and you would also get the required information to the correct people and you wouldn't in the process compromise any of that sensitive information. If you need someone trusted to have that information, then you can direct him to a secured page where he can access the database and pull up any information from the database that needs to be pulled. That breakdown would take care of all sides. Just let us know if you have any questions.

The ultimate plan would be to not store the cc information AT ALL and just transmit it directly to the cc processing center via https and get a return (yes/no) from them. I shudder when I think about storing customers CC info in a database...

I don't mind so much things like mailing address etc...but CC info is another thing altogether unless you have some kind of encryption/decryption scheme in place as well.

I am just glad to see you are using my mail code.

I have to agree with bobum. If you can help it you should processes as much of the order online as possible and get some number back from your payment gateway. All you need is confirmation from them that the order has been processed and completed for X amount of dollars. Everything else can then be sent in the email.

So you can collect the form values into variables, then run a check on the credit card securely, then add the returned values to the variables, and then finally send the email. More preferably with the last step is to store it in a database that can be accesses at a later time or with a client side program.