Coupon Discount

Hi all,

Ok I have a form that charges credit cards. However, I would like to add an option to allow people to enter a "code" I send them to get -$20 off their purchase.

Has anyone done something like that, that I could use for guidance? I'm thinking about setting up a table with various codes, and the have CF check if the code is valid to give them the discount, if it is, it invalidates that code after use, so it cannot be used twice.

Anyway, I would like to know if I'm on the right track as to how I want to do this, or if there is a better more efficient way.

Any bits of sample code would be greatly appreciated.

Thanks for our help.

You are asking for code of which nobody will provide. You should start implementing your logic and ask for help when you get stuck:

http://www.easycfm.com/coldfusion/f...=12&Topic=14383

Well you have to store the coupon codes somewhere, so that you can validate them. Which basically means using a database, or using an algorithm of your own choosing that must be met for the coupon to be valid. The database is more reliable. Just generate a set of codes and match the coupon against the database, marking it as used once a customer has used it.

I'm not really sure what kind of "sample code" you want, since what you're doing is specific to your use case. I would think it would be quite straightforward to implement.

Ok here is what I got. Thoughts?

That will probably work all right, though I wouldn't put the values in the FORM scope since then someone could try posting bad form values and potentially spoof you. It should work just setting them into the VARIABLES scope.

what do you mean? They are submitting a form, so I'm taking those values to enter. What else can I take?

Help?

something like



and then refer form vars like:

Exactly.

Thank you for our help, however I don't really understand how that helps. I mean how does it help protect my database?

Would you mind giving me a quick explanation, or point me to something to read that explains it.

Thank you in advance.

The form scope is something the user can mess with, because it is submitted by the user. The variables scope is local to the template, so only things you put into it can go into it. So it is generally safer to take the form data, inspect it and scrub it, and then place it into the variables scope.

Ok so my code should look like this then?

<!--- Start Coupon Checker --->
<cfset variables.formData = structCopy(form)>
<cfif FORM.coupon neq "">
<cfquery name="qCoupon" datasource="#APPLICATION.dataSource#" maxrows="1">
SELECT *
FROM Coupon
WHERE Coupon = <cfqueryparam value="#variables.formData.Coupon#" cfsqltype="cf_sql_char">
ORDER BY Date DESC
</cfquery>

<cfif qCoupon.recordcount eq 0>
<cfoutput><META HTTP-EQUIV="refresh" content="0;URL=WebinarSeries2009Q3.cfm?error=1&WrongCode=#FORM.Coupon#"></cfoutput>
<cfabort>
<cfelseif qCoupon.recordcount neq 0>
<cfoutput query="qCoupon">
<cfif Status eq "U">
<META HTTP-EQUIV="refresh" content="0;URL=WebinarSeries2009Q3.cfm?error=2&WrongCode=#FORM.Coupon#">
<cfabort>
<cfelseif Status eq "A">
<cfset FORM.CouponID = <cfqueryparam value="#variables.formData.CouponID#" cfsqltype="cf_sql_integer">>
<cfset FORM.CouponUser = <cfqueryparam value="#variables.formData.name#" cfsqltype="cf_sql_char">>
<cfset FORM.DateUsed = <cfqueryparam value="#variables.formData.DateFormat(Now(),'mm/dd/yy')#" cfsqltype="cf_sql_date">>
<cfset FORM.Status = <cfqueryparam value="U" cfsqltype="cf_sql_char">>
<cflock type="exclusive" timeout="60">
<cfupdate datasource="#APPLICATION.dataSource#" tablename="Coupon" formfields="CouponID,DateUsed,CouponUser,Status">
</cflock>
<cfset GiveDiscount = "yes">
</cfif>
</cfoutput>
</cfif>
</cfif>
<!--- End Coupon Checker --->

No. CFQUERYPARAM is used in a CFQUERY tag to create bind variables. If you want to do this, you need to remove the CFUPDATE tag and write your own update statement using SQL and CFQUERY (and CFQUERYPARAM), and then you aren't limited to only using form variables (which CFUPDATE forces you to do).

CFUPDATE is a very old tag that was introduced to help people who couldn't write SQL, but it is not used nowadays for numerous reasons, mainly the lack of control over what happens.