Riparian Posted July 7, 2008 Share Posted July 7, 2008 Scenario PayPal payment requires posted variables for IPN transactions Many sites have something like "if not re-directed in xx click here " This uses href link with GET variables GET variables in this case are very insecure.... How can I submit posted variables to PayPal using a href link ??? Thanks heaps Brian Quote Link to comment https://forums.phpfreaks.com/topic/113507-solved-help-with-post-and-get/ Share on other sites More sharing options...
PseudoEvolution Posted July 7, 2008 Share Posted July 7, 2008 Well, you can't submit POST variables with a link as far as I know. Why would you need the timed redirect? Why not just post them directly to PayPal? Quote Link to comment https://forums.phpfreaks.com/topic/113507-solved-help-with-post-and-get/#findComment-583204 Share on other sites More sharing options...
Riparian Posted July 7, 2008 Author Share Posted July 7, 2008 Thanks for the response but I think the problem (when it exists) is that the header redirect did not work in their browser in the first place which is what creates the problem Cheers Quote Link to comment https://forums.phpfreaks.com/topic/113507-solved-help-with-post-and-get/#findComment-583213 Share on other sites More sharing options...
PseudoEvolution Posted July 7, 2008 Share Posted July 7, 2008 Sorry I edited my previous post, not sure if you got it. I think you could probably post the variables to the "redirect" page, which creates hidden fields and submits the form after x seconds using javascript. But then people with javascript disabled could just edit the hidden fields. IDK Quote Link to comment https://forums.phpfreaks.com/topic/113507-solved-help-with-post-and-get/#findComment-583217 Share on other sites More sharing options...
DarkWater Posted July 7, 2008 Share Posted July 7, 2008 POST and GET values are equally susceptible to being tampered with, so I'm not too sure what you're talking about. Quote Link to comment https://forums.phpfreaks.com/topic/113507-solved-help-with-post-and-get/#findComment-583221 Share on other sites More sharing options...
darkfreaks Posted July 7, 2008 Share Posted July 7, 2008 you need something like $_REQUEST Quote Link to comment https://forums.phpfreaks.com/topic/113507-solved-help-with-post-and-get/#findComment-583237 Share on other sites More sharing options...
PseudoEvolution Posted July 7, 2008 Share Posted July 7, 2008 POST and GET values are equally susceptible to being tampered with, so I'm not too sure what you're talking about. How could anyone alter POST variables? I know people can intercept them if they aren't encrypted, but tamper? Quote Link to comment https://forums.phpfreaks.com/topic/113507-solved-help-with-post-and-get/#findComment-583238 Share on other sites More sharing options...
DarkWater Posted July 7, 2008 Share Posted July 7, 2008 @PseudoEvolution: Anyone who wants to can change the POST variables being sent to a web page. Which is why tons of validation is always necessary. (For the record, darkfreaks is being completely sarcastic, because $_REQUEST is a failure. At life.) Quote Link to comment https://forums.phpfreaks.com/topic/113507-solved-help-with-post-and-get/#findComment-583239 Share on other sites More sharing options...
PseudoEvolution Posted July 7, 2008 Share Posted July 7, 2008 You just repeated yourself. Sure anyone can change locked or hidden form fields, but to alter the variables directly? I have never heard of such a thing. Anyway, if PayPal requires variables to be posted, there must be a secure way to do it (using POST). To say they both are not secure doesn't really solve anything. Quote Link to comment https://forums.phpfreaks.com/topic/113507-solved-help-with-post-and-get/#findComment-583242 Share on other sites More sharing options...
darkfreaks Posted July 7, 2008 Share Posted July 7, 2008 http://savride.wordpress.com/2008/06/22/secure-parphp-variables-_get-_post-wrapper-function/ Quote Link to comment https://forums.phpfreaks.com/topic/113507-solved-help-with-post-and-get/#findComment-583244 Share on other sites More sharing options...
Riparian Posted July 8, 2008 Author Share Posted July 8, 2008 Hi Guys... Thanks for the debate but is there someone that can assist with the how this re-direct is done Cheers Quote Link to comment https://forums.phpfreaks.com/topic/113507-solved-help-with-post-and-get/#findComment-584247 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.