#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    25
    Rep Power
    0

    Question Hide Payment Informaton form user!


    Greetings everyone on this forum..

    today i need help/suggestion for how to hide payment information from end user

    let me clear my self a bit more by example; now i use following code to handle payment:
    Code:
    <form method = "POST" action = "https://www.moneybookers.com/app/payment.pl" name="frmMB" target="_blank">
    <input name="pay_to_email" value="my@email.com" type="hidden" />
    <input name="recipient_description" value="My Compnay" type="hidden" />
    <input name="return_url" value="My Return URL Here" type="hidden" />
    <input name="return_url_text" value="Return To My Website" type="hidden" />
    <input name="cancel_url" value="My Cancel URL" type="hidden" />
    <input name="status_url" value="mailto:status url/email" type="hidden" />
    <input name="language" value="EN" type="hidden" />
    <input name="logo_url" value="mylog.png" type="hidden" />
    <input name="amount" value="Product Price" type="hidden" />
    <input name="currency" value="USD" type="hidden" />
    <input name="detail1_description" value="Product ID:" type="hidden" />
    <input name="detail1_text" value="Product Name" type="hidden" />
    <input type="image" src="images/MB.png" alt="Pay Through Skrill (Moneybookers)" title="Pay Through Skrill (Moneybookers)" />
    </form>
    but the problem is any expert end user can easily change page source code and miss-use that

    so, what i want. i want to hide those information. when when use click on payment my php script will pass those information as post values and redirect to payment site..

    i hope i m clear. (sorry for my bad English)

    any help would be highly appreciated

    thanks in advance
    best regards
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,925
    Rep Power
    1045
    Hi,

    any user can send any data to any website. There's no way to prevent that.

    But how's that a problem in your case? I don't see any critical data. If a user decides to change the amount or currency, the payment will simply not be valid -- just like it wouldn't be valid if he/she transferred the wrong currency or amount to your bank account.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo