Re^2: Using CURL

Well that was the comment I was looking for:

-bash-3.00$ uname -a Linux ns1.netwire-solutions.com 2.6.9-5.EL #1 Wed Jan 5 19:22:18 EST 2005 i686 i686 i386 GNU/Linux

I'm developing a sign up form for a paid membership. After the program takes the desired user information, it will then give the form for the payment information. To connect to the API I need to send XML formated information to the API. It suggests using cURL but gives no sample code on using it. It does describe a sample module that they are supposed to provide, but this merchant account is going through support changes and I can't find support for that other module.

I'm thinking that if security is a big concern with cURL then I should focus more time on installing the other module.

The program only needs to send a single price for a single item from a single person to a seperate API that then handles everything else. I would like to get cURL working before switching to a more secure form of transfering just for my own personal experience... That being said what was the prerequisite again for WWW::CURL

Comment on Re^2: Using CURL

Replies are listed 'Best First'.
Re^3: Using CURL by Asim (Hermit) on May 05, 2006 at 17:17 UTC
I need to send XML formated information to the API. So there's money involved, hmmm? That's going to make it interesting. It's a simple problem, in theory; I concur with others that using LWP is going to be a big win over calling cURL; it may seem simpler at the beginning, but the potential for a muck-up is higher. I suspect they use cURL as an example because you'll find it on most platforms, and the concepts are universal to any HTTP client/server setup. I see someone has given an example already, go you! So I'm deleting mine, but also pointing you to the LWP Cookbook for examples, and I'll keep this "assumptions to watch for" bit, which include: You know the URL to send the XML data to, You either have pre-generated XML payment data, or know how to create it, You realize that cURL, LWP, etc. do not format or create the XML, they only send the raw data, You either know or can find out if they are using a different content-type header than the standard. In short -- this is a good bit of work. And that's before the security stuff... if security is a big concern with cURL then I should focus more time on installing the other module. It's not cURL that's the security problem, per se. Any data you pick up from a user and do anything with can be a problem down the road. One example is our old friend SQL Injection, another is someone sending backticked data to a program on the command line. "Backtick", FYI, is one of the ways you can call a program via Perl with something like `/usr/bin/curl http://www.payment_center.com`. But it is so not recommended. If a bad person tries hard enough, they can likely break your system with the right code, since you're sending text to the command line under your login. Beyond that, checking for errors is tough, and you need to do that, otherwise how do you tell people if their payment goes through, or figure out if the payment center's system is up or down? It's not impossible...but it's much easier in LWP, overall. Does any of this help? What might also be of aid is to read up on CGI and Perl; Ovid's CGI Course is a good place to start. ----Asim, known to some as Woodrow.	[reply] [d/l]
Re^3: Using CURL by Anonymous Monk on May 05, 2006 at 15:59 UTC
WWW::Curl has an awful programming interface. Use libwww-perl instead. Here an example of how complicated it can get at the most: making a HTTP POST request with a custom HTTP header field and XML in the HTTP message body. `#!/usr/bin/perl -T use strict; use diagnostics; use LWP::UserAgent; my $req = HTTP::Request->new( POST => 'http://example.com/webservice', # method and URI ); $req->content_type('application/xml'); $req->content('<hello>world!</hello>'); my $ua = LWP::UserAgent->new; $ua->timeout(5); my $res = $ua->request($req); print $res->content if $res->is_success;` [download]	[reply] [d/l]