0

Hey Guys,

I have a quick question. I want to make sure I am doing this right, according to my understanding of the PHP manual. Here's my question:

If I have an "address" input field for my form and a user inputs their address and then this information is passed to other php files to validate then sent to authorize.net... would this be the correct way to do it?

<input name="address" type="text"  size="40" maxlength="60" value="<? print $_REQUEST['address']; ?>">
2
Contributors
4
Replies
5
Views
7 Years
Discussion Span
Last Post by drewpark88
0

Yeah that makes sense. So how would you go about this?

avoid $_REQUEST if possible as it picks up all matter of data besides form (post) variables. This form could be compromised via the querystring, e.g.

http://www.example.com/formhandler.php?address=mybadstring

If you're passing data to a third party site which sounds as though it's processing payment - your data must be secure.

Edited by drewpark88: n/a

1

The site you're passing info to should have a heap of info on this. I couldn't begin to tell you which fields / level of security req'd.

Perhaps I got the wrong end of the stick, actually, thinking about it. As your form isn't passed directly to the 3rd party and hasn't undergone any validation - perhaps not too much of a problem. Forms aren't immune from 'cloning'/spoofing either, so the problem doesn't disappear with the use of $_POST as opposed to $_REQUEST. Some think that using $_SERVER variables can detect a bogus form, but I think http headers can be spoofed too.

Anyway, I'm beginning to ramble... check out the vendor's site for advice.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.