<% if request.form("add") = "yes" then if request.form("freebtn") = "Submit for FREE" then SQLUpdate = "UPDATE Forces_Items SET Paid = 'yes' WHERE ItemID = '"&killchars(request.form("itemid"))&"' " MyConn.execute(SQLUpdate) response.redirect "item-preview.asp?st=done&idst="&request.form("itemid") else GETInfo = "SELECT * FROM Forces_Registrants WHERE AccountID = '"&session("AccountID")&"' " SET RSInfo = MyConn.execute(GETInfo) '** retrieve the information posted from the previous form. ThisVendorTxCode= request.form("itemid") ThisAmount= FormatNumber(request.form("finalprice"),2) ThisCurrency= "GBP" ThisDescription= "Forcesnoticeboards" ThisShoppingBasket="OFF" ThisCustomeremail= RSInfo("Email") ThisCustomerName= RSInfo("FirstName")&" "&RSInfo("LastName") ThisVendoremail= "customerservices@forcesnoticeboards.com" ThisBillingAddress= RSInfo("Location") ThisDeliveryAddress = "" 'ThisBillingAddress ThisBillingPostCode= RSInfo("Location") ThisDeliveryPostCode = "" 'ThisBillingPostCode '** new 2.22 fields ThisContactNumber = RSInfo("TelNo") ThisContactFax = "" ThisAllowGiftAid = "0" ThisApplyAVSCV2 = "" ThisApply3DSecure = "" ' ** Build the crypt string plaintext ** stuff = "VendorTxCode=" & ThisVendorTxCode & "&" stuff = stuff & "Amount=" & ThisAmount & "&" stuff = stuff & "Currency=" & ThisCurrency & "&" stuff = stuff & "Description=" & ThisDescription & "&" stuff = stuff & "SuccessURL=" & MyServer & "completed.asp&" stuff = stuff & "FailureURL=" & MyServer & "notcompleted.asp&" if ThisCustomerEMail<>"" then stuff = stuff & "CustomerEMail=" & ThisCustomerEmail & "&" end if if ThisVendorEMail<>"" then stuff = stuff & "VendorEMail=" & ThisVendorEmail & "&" end if if ThisCustomerName<>"" then stuff = stuff & "CustomerName=" & ThisCustomerName & "&" end if if ThisDeliveryAddress<>"" then stuff = stuff & "DeliveryAddress=" & ThisDeliveryAddress & "&" stuff = stuff & "DeliveryPostCode=" & ThisDeliveryPostCode & "&" end if if ThisBillingAddress<>"" then stuff = stuff & "BillingAddress=" & ThisBillingAddress & "&" stuff = stuff & "BillingPostCode=" & ThisBillingPostCode & "&" end if ' ** new 2.22 fields if ThisContactNumber <> "" then stuff = stuff & "ContactNumber=" & ThisContactNumber & "&" end if if ThisAllowGiftAid <> "" then stuff = stuff & "AllowGiftAid=" & ThisAllowGiftAid & "&" end if if ThisApplyAVSCV2 <> "" then stuff = stuff & "ApplyAVSCV2=" & ThisApplyAVSCV2 & "&" end if if ThisApply3DSecure <> "" then stuff = stuff & "Apply3DSecure=" & ThisApply3DSecure & "&" end if stuff = stuff & "EMailMessage=" ' ** Encrypt the plaintext string for inclusion in the hidden field ** crypt = base64Encode(SimpleXor(stuff,EncryptionPassword)) '4929000000006 %> <%end if end if%>

SELL YOUR ITEM

<%if request("st")="done" then%>

Thank you for advertising your item on our noticeboard.

">Click here to view your listing.

<%else Set MyCmd1 = Server.CreateObject("ADODB.Command") MyCmd1.ActiveConnection = MyConn MyCmd1.CommandText = "SELECT * FROM Forces_Items WHERE ItemID = ?" MyCmd1.Parameters.Append MyCmd1.CreateParameter("", 3, 1, , request("id")) Set RSInfo = Server.CreateObject("ADODB.RecordSet") RSInfo.Open MyCmd1 Do While Not RSInfo.EOF%>

Sell your item

"> <%if RSInfo("thumb1") <> "" then%> <%end if%> <%if RSInfo("thumb2") <> "" then%> <%end if%> <%if RSInfo("thumb3") <> "" then%> <%end if%> <%GetFee = "SELECT TOP 1 * FROM Forces_Charges WHERE FromPrice < "&CDbl(RSInfo("Price"))&" ORDER BY ChargeID DESC " 'SET RSFee = MyConn.execute(GetFee) %> <%'if RSFee("Price") = "0" then%> <%'else%> <%'end if%> "> <%'if RSFee("Price") <> "0" then%> <%'end if%>

Category:	<%GETCat = "SELECT * FROM Forces_ItemCategories WHERE CatID = '"&RSInfo("CatID")&"' " SET RSCat = MyConn.execute(GETCat) Do While NOT RSCat.EOF%> <%=RSCat("Category")%> <%RSCat.Movenext Loop%>

Item Title:	<%=RSInfo("Title")%>

Price :	<%=RSInfo("Price")%> in <%=RSInfo("currency")%>

Description:	<%=Replace(RSInfo("Description"),vbCrLf," ")%>

Condition:	<%=RSInfo("Condition")%>

Location:	<%GetLocations = "SELECT * FROM Forces_Locations WHERE LocID = '"&RSInfo("Location")&"' " SET RSLocations = MyConn.execute(GetLocations) Do While NOT RSLocations.EOF%> <%=RSLocations("LocName")%> (<%=RSLocations("Postcode")%>) <%RSLocations.Movenext Loop%>

Telephone No:	<%=RSInfo("telno")%>

Email:	<%=RSInfo("email")%>

Listing Duration:	<%=RSInfo("listingduration")%>

Postage & Packaging details:	<%=Replace(RSInfo("pandp"),"�","£")%>

Image 1:	" width="80" alt="" border="0">

Image 2:	" width="80" alt="" border="0">

Image 3:	" width="80" alt="" border="0">

<%RSInfo.Movenext Loop end if %>