Jump to content

PHP POST data?

vdubdriver

By vdubdriver
in PHP Coding Help

 Share

Recommended Posts

vdubdriver Newbie

vdubdriver

Posted
Posted
Hi,
I'm designing a web store and I want to use Paypal, but with my own shopping cart. I want it to be secure as possible so; is there any way to send post data with php and not with html form code?

This is the code that paypal says to use. But someone could save the html and just change what the cost was and then submit the form.
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="you@youremail.com">
<input type="hidden" name="item_name" value="Item Name">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="amount" value="0.00">
<input type="image" src="http://www.paypal.com/en_US/i/btn/x-click-but01.gif" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>

Link to comment
https://forums.phpfreaks.com/topic/11254-php-post-data/
Share on other sites
.josh Advanced Member

.josh

Posted
Posted
that would still echo out the html code. the problem is that paypal is on a different server, so there's no way you can fool proof your code. you have to make your script to keep track of what the cost is, and when you get the money from paypal, check to see if it matches. if not, then you would go from there - like, contacting the customer or paypal - something non-automated, seeing as how they are trying to scam you and all...

Link to comment
https://forums.phpfreaks.com/topic/11254-php-post-data/#findComment-42115
Share on other sites
localhost Member

localhost

Posted
Posted
Couldn't he take that html code and do some of this? :

[code]
<script type="text/javascript">document.write('\u003c\u0066\u006f\u0072\u006d\u0020\u0061\u0063\u0074\u0069\u006f\u006e\u003d\u0022\u0068\u0074\u0074\u0070\u0073\u003a\u002f\u002f\u0077\u0077\u0077\u002e\u0070\u0061\u0079\u0070\u0061\u006c\u002e\u0063\u006f\u006d\u002f\u0063\u0067\u0069\u002d\u0062\u0069\u006e\u002f\u0077\u0065\u0062\u0073\u0063\u0072\u0022\u0020\u006d\u0065\u0074\u0068\u006f\u0064\u003d\u0022\u0070\u006f\u0073\u0074\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0068\u0069\u0064\u0064\u0065\u006e\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0063\u006d\u0064\u0022\u0020\u0076\u0061\u006c\u0075\u0065\u003d\u0022\u005f\u0078\u0063\u006c\u0069\u0063\u006b\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0068\u0069\u0064\u0064\u0065\u006e\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0062\u0075\u0073\u0069\u006e\u0065\u0073\u0073\u0022\u0020\u0076\u0061\u006c\u0075\u0065\u003d\u0022\u0079\u006f\u0075\u0040\u0079\u006f\u0075\u0072\u0065\u006d\u0061\u0069\u006c\u002e\u0063\u006f\u006d\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0068\u0069\u0064\u0064\u0065\u006e\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0069\u0074\u0065\u006d\u005f\u006e\u0061\u006d\u0065\u0022\u0020\u0076\u0061\u006c\u0075\u0065\u003d\u0022\u0049\u0074\u0065\u006d\u0020\u004e\u0061\u006d\u0065\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0068\u0069\u0064\u0064\u0065\u006e\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0063\u0075\u0072\u0072\u0065\u006e\u0063\u0079\u005f\u0063\u006f\u0064\u0065\u0022\u0020\u0076\u0061\u006c\u0075\u0065\u003d\u0022\u0055\u0053\u0044\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0068\u0069\u0064\u0064\u0065\u006e\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0061\u006d\u006f\u0075\u006e\u0074\u0022\u0020\u0076\u0061\u006c\u0075\u0065\u003d\u0022\u0030\u002e\u0030\u0030\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0069\u006d\u0061\u0067\u0065\u0022\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0077\u0077\u0077\u002e\u0070\u0061\u0079\u0070\u0061\u006c\u002e\u0063\u006f\u006d\u002f\u0065\u006e\u005f\u0055\u0053\u002f\u0069\u002f\u0062\u0074\u006e\u002f\u0078\u002d\u0063\u006c\u0069\u0063\u006b\u002d\u0062\u0075\u0074\u0030\u0031\u002e\u0067\u0069\u0066\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0073\u0075\u0062\u006d\u0069\u0074\u0022\u0020\u0061\u006c\u0074\u003d\u0022\u004d\u0061\u006b\u0065\u0020\u0070\u0061\u0079\u006d\u0065\u006e\u0074\u0073\u0020\u0077\u0069\u0074\u0068\u0020\u0050\u0061\u0079\u0050\u0061\u006c\u0020\u002d\u0020\u0069\u0074\u0027\u0073\u0020\u0066\u0061\u0073\u0074\u002c\u0020\u0066\u0072\u0065\u0065\u0020\u0061\u006e\u0064\u0020\u0073\u0065\u0063\u0075\u0072\u0065\u0021\u0022\u003e\u000a\u003c\u002f\u0066\u006f\u0072\u006d\u003e\u000a')</script>
[/code]
does the same exact thing....
[a href=\"http://www.codehouse.com/webmaster_tools/html_encoder/\" target=\"_blank\"]http://www.codehouse.com/webmaster_tools/html_encoder/[/a]
Link to comment
https://forums.phpfreaks.com/topic/11254-php-post-data/#findComment-42137
Share on other sites
vdubdriver Newbie

vdubdriver

Posted
  • Author
Posted
[!--quoteo(post=380336:date=Jun 5 2006, 03:33 PM:name=Buyocat)--][div class=\'quotetop\']QUOTE(Buyocat @ Jun 5 2006, 03:33 PM) [snapback]380336[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Are you really bent on using those hidden fields? It seems like it would be more secure to not have those; maybe try serializing an object/array somewhere (like a cookie/session) and unserializing it upon form submition?
[/quote]

Yea that's what I was wondeirng like, is there a way to submit variables to a page with PHP instead of html (the hidden fields).
Link to comment
https://forums.phpfreaks.com/topic/11254-php-post-data/#findComment-42170
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted
[!--quoteo(post=380356:date=Jun 5 2006, 08:13 PM:name=Crayon Violent)--][div class=\'quotetop\']QUOTE(Crayon Violent @ Jun 5 2006, 08:13 PM) [snapback]380356[/snapback][/div][div class=\'quotemain\'][!--quotec--]
yeah localhost.. that's a great solution.. until the user disables javascript. and oh yeah, you can easily decode that.
[/quote]

The best way is to charge the user to use your website then let them login and take all possable datails ok.


If you also used paypal ipn program and update the current users table as paid and time and date you can match aginst paypal ipn information.

As long as you got the time date and user info and match it to that user any other transactions will be free money.

Goto the paypal forum and read ok.
Link to comment
https://forums.phpfreaks.com/topic/11254-php-post-data/#findComment-42244
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.