We're just upgrading to form v3.0 and whilst doing so, refactoring our code.
Whilst doing so, we noticed that when using http_build_query which takes an associative array and converts it into an RFC1738 valid URL, that SagePay fails with the following error:
The SuccessURL format is invalid
The form submitting to the SagePay endpoint has an enctype of application/x-www-form-urlencoded.
However... If we manually build the string to encrypt by doing:
$tmp = '';
foreach ($crypt_store as $key => $value) {
$tmp .= sprintf('&%s=%s', $key, $value);
}
It works...
Now as I understand RFC1738, if an url exists within an url, it should be encoded, i.e.
RFC1738:
&VendorTxCode=Test&SuccessUrl=http%3A%2F%2Fwww.stackoverflow.com%3Fa%3Da%26b%3Db&FailureUrl...
SagePay:
&VendorTxCode=Test&SuccessUrl=http://www.stackoverflow.com?a=a&b=b&FailureUrl...
Surely if SagePay are following RFC1738, encoding the URL should work? Or is it because the string is encrypted which means it doesn't really matter?
Any thoughts?
Thanks
Gavin
You are correct. Because the Success / Failure URLs are encrypted within the Crypt field, there is no need to encode them.