Forwarding a form

[graham23s]

Hi Guys,

 

on my ecommerce site i send the customer to a redirect.php to grab and store variables i need to track the order, i then ask them to click a button to be sent to worlpay to complete the payment transaction, is there any way i can auto forward them instead of asking them to click the button?

 

code:

 

<?php
session_start();

// include the database connection
include("inc/inc-dbconnection.php"); 

// redirect for the storing in the database sake...
// grab the post data...
$wp_instillation_id = $_POST['instId'];
$wp_cart_id         = $_POST['cartId'];
$wp_currency        = $_POST['currency']; 
$wp_owed            = $_POST['amount']; 
$wp_inst_status     = $_POST['testMode']; 
  
foreach($_POST['hidden_product_id'] as $k => $product_id)
{
   //print("$v<br />");
   
   // get the product ids ready for insertion   
   $q = $_POST['hidden_qty_id'][$k];
   $c = $_POST['customer_id']; 
   
   // we need an insertion for the transaction id alone
   $q_insertion = mysql_query("INSERT INTO `fcp_orders_pre_completed` (`ID`,`CART_ID`,`PRODUCT_ID`,`QUANTITY`,`CUSTOMER_ID`,`DATE_ADDED`) VALUES ('','$wp_cart_id','$product_id','$q','$c',NOW())");
   
} 

// ABOVE CODE NEEDED FOR TRACKING //




    // if it went ok redirect to worldpay
   if ($q_insertion)
   {
     //header("Location: https://select.worldpay.com/wcc/purchase");
     print '<h2 align="center">PLEASE DO NOT REFRESH YOUR BROWSER</h2>';
     
     if (!isset($wp_inst_status))
     {
     
     print   '<div align="center"><form action="https://select.worldpay.com/wcc/purchase" method="POST">';
     
     } else {
     
     print   '<div align="center">';
     print   '<form action="https://select-test.worldpay.com/wcc/purchase" method="POST">'; 
     print   '<input type="hidden" name="testMode" value="100">';    
     
     }
     
     print '  <input type="hidden" name="instId" value="210905">
              <input type="hidden" name="cartId" value="'.$wp_cart_id.'">
              <input type="hidden" name="amount" value="'.$wp_owed.'">
              <input type="hidden" name="currency" value="GBP">
              <input type="submit" name="submit" value="PRESS TO FINALISE YOUR ORDER!" style="font-weight: bold; font-size: 120%;">
              </form></div>';

   }
?>

 

thanks guys

 

Graham

[DarkWater]

See, the thing about storing values in a hidden form input is that they can EASILY be changed.  This is where you'd want to use sessions and a simple header() redirect.

[discomatt]

See, the thing about storing values in a hidden form input is that they can EASILY be changed.  This is where you'd want to use sessions and a simple header() redirect.

 

Why worry about the user modifying data they've defined themselves?

[DarkWater]

Whenever the words "payment" or "transaction" occur in a question about PHP, you hardly want to use forms to transfer data.

[discomatt]

How else do you transfer client data to the server?

 

I would store them in a session because it's a waste of bandwidth to have the data bouncing to and from the client... not because they can be modified. Once again, why would a user want to modify their own data?

 

Forms are fine... if it's sensitive, use SSL/HTTPS

[DarkWater]

Because he does a MySQL query before displaying the values and having them redirect to the payment portal, at which time they can change the values and pay less than was inserted into the database.

[graham23s]

but then we get the SOB's in the "orders pending" panel in the admin lol

 

food for thought though

 

cheers

 

Graham