Hey Guys,
I have a quick question. I want to make sure I am doing this right, according to my understanding of the PHP manual. Here's my question:
If I have an "address" input field for my form and a user inputs their address and then this information is passed to other php files to validate then sent to authorize.net... would this be the correct way to do it?
<input name="address" type="text" size="40" maxlength="60" value="<? print $_REQUEST['address']; ?>">
avoid $_REQUEST if possible as it picks up all matter of data besides form (post) variables. This form could be compromised via the querystring, e.g.
http://www.example.com/formhandler.php?address=mybadstring
If you're passing data to a third party site which sounds as though it's processing payment - your data must be secure.
Yeah that makes sense. So how would you go about this?
avoid $_REQUEST if possible as it picks up all matter of data besides form (post) variables. This form could be compromised via the querystring, e.g.
http://www.example.com/formhandler.php?address=mybadstring
If you're passing data to a third party site which sounds as though it's processing payment - your data must be secure.
The site you're passing info to should have a heap of info on this. I couldn't begin to tell you which fields / level of security req'd.
Perhaps I got the wrong end of the stick, actually, thinking about it. As your form isn't passed directly to the 3rd party and hasn't undergone any validation - perhaps not too much of a problem. Forms aren't immune from 'cloning'/spoofing either, so the problem doesn't disappear with the use of $_POST as opposed to $_REQUEST. Some think that using $_SERVER variables can detect a bogus form, but I think http headers can be spoofed too.
Anyway, I'm beginning to ramble... check out the vendor's site for advice.
Ok sounds good thanks
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.