pass Form data into PHP array

[strangedenial]

Hi all,

 

I've been away from PHP and web developing for the last 7 years. Now I'm designing my own website for my own company.

 

There will be a 'kind of'  payment page. Which will get basic information from a form and redirect the user to a safe payment site.

 

I've been dying to figure out what I am doing wrong for the past 3 hours. I've asked unlce google every possible question I can think of for the right answer, but, alas, all is left to ask it in a forum, and just sit and hope...

 

I've got this code : 

<?
setlocale( LC_TIME, 'ru_RU.UTF-8', 'russian' );

$thisDay = strftime("%B %Y"); 

$private_key = "*************************";
$public_key = "i************";
	
$amount = $_POST["amount"];
$comments =  $_POST["comments"];
	
$results = array(

	'version'		=>	3,
	'action'		=>	'pay',
	'public_key'	        =>	$public_key,
	'amount'		=>	"500", (this works)
	'currency'		=>	'UAH',
	'description'	        =>	"test", (this works)
	'type'			=>	'buy',
	'language'		=>	'ru'

);
	
$data = base64_encode(json_encode($results));

$signiture = base64_encode( sha1( $private_key . $data . $private_key, 1 ) ); 

?>

which then uses this form to pass the data to the site : 

<form method="POST" accept-charset="utf-8" action="https://xxxxxxxxxxxxxxxxxxx" />
 
<input type="hidden" name="data" value="<? echo $data; ?>" />

<input type="hidden" name="signature" value="<? echo $signiture; ?>" />

<input type="text" name="clientNo" style="width:30px;" />

<input type="text" name="clientName" style="width:300px;" />

<input name="amount"  type="text" style="width:50px; text-align:center;" />

<input type="text" name="comments" style="width:300px; text-align:center;" />

<input type="image" src="images/payment-01.png" name="btn_text" /> 

</form>


</div>

this works well but the array I use is just the data I entered myself. I have to get the Amount and Description

 

But when I change the php code to this it just does not get the data from the form :

<?
setlocale( LC_TIME, 'ru_RU.UTF-8', 'russian' );

$thisDay = strftime("%B %Y"); 

$private_key = "*************************";
$public_key = "i************";
	
$amount = $_POST["amount"];
$comments =  $_POST["comments"];
	
$results = array(

	'version'		=>	3,
	'action'		=>	'pay',
	'public_key'	        =>	$public_key,
	'amount'		=>	$amount, (this does not work)
	'currency'		=>	'UAH',
	'description'	        =>	$comments, (this does not work)
	'type'			=>	'buy',
	'language'		=>	'ru'

);
	
$data = base64_encode(json_encode($results));

$signiture = base64_encode( sha1( $private_key . $data . $private_key, 1 ) ); 

?>

I am pretty sure that it is so simple that I look stupid. But.. I can not resolve this problem on my own.. 

I tried this : 

<?
setlocale( LC_TIME, 'ru_RU.UTF-8', 'russian' );

$thisDay = strftime("%B %Y"); 

$private_key = "*************************";
$public_key = "i************";

if (isset($_POST["amount"]))  / (this does not work)

{
	
$amount = $_POST["amount"];
$comments = $_POST["comments"];
    
$results = array(

    'version'        =>    3,
    'action'        =>    'pay',
    'public_key'     =>    $public_key,
    'amount'        =>    $amount, (this does not work)
    'currency'        =>    'UAH',
    'description'     =>    $comments, (this does not work)
    'type'            =>    'buy',
    'language'        =>    'ru'

);
	
$data = base64_encode(json_encode($results));

$signiture = base64_encode( sha1( $private_key . $data . $private_key, 1 ) ); 

}

?>

Not working...

 

Please help!

 

Thanks in advance !!!

Edited October 31, 2016 by strangedenial

[requinix]

Compare $data between the working and non-working versions to find out what the difference is.

[strangedenial]

thanks for the quick reply!

The working data contains the values as given "500" and "test" .  The non working data return just null - empty

Edited October 31, 2016 by strangedenial

[Jacques1]

Open the network tab of your browser to see what is and what isn't being sent from your form page to the target script.

 

There are definitely problems:

• The HTML syntax is screwed up, because you're using the self-closing notation on the opening form tag (i. e. <form />). This is not only nonsensical (you don't want to immediately close the form), it's actually invalid in and will send the browser into error recovery mode – which may or may not work out. I strongly recommend you get rid of those old XHTML mannerisms like self-closing tags, use plain old HTML and validate the markup before jumping to any PHP code. The Mozilla Developer Network also has a great HTML crash course.
• There's no validation or error handling of any kind. You just hope for the best. As you can see, that's a huge problem when there actually are errors. You need to add proper feedback for you and your users(!).
• You're using short PHP tags (i. e. <?) all over the place, which will be a problem in the future (they're turned off on many systems).

The second point is particularly important: Don't assume that everything will always work out as expected. It won't. You need to validate every step so that you have a chance to detect and fix problems:

<?php

/* ---- the receiving script ---- */

// First validation step: Was the request even a POST request? Maybe somebody accidentally just opened the script.
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
    // Second validation step: Did we receive all the expected parameters?
    $missing_params = [];

    $required_params = [
        'amount',
        'comments',
    ];
    foreach ($required_params as $param)
    {
        if (!isset($_POST[$param]))
        {
            $missing_params[] = $param;
        }
    }

    if ($missing_params)
    {
        echo 'Missing parameters: '.implode(', ', $missing_params);
    }

    // Add further validation if necessary (e. g. number parameters should in fact consist of digits)

    // *Now* you're ready to process the input
}