I am very very confused about encrypting form values when posting a form to submit payment.

Please don't turn off when I mention PayPal. I am genuinely confused.

I have to submit form values via an HTTPS connection to PayPal and PayPal have advised me to encrypt my form fields (This is where I'm confused).

From everything I've read I cannot encrypt the html <input type="hidden" name="total" value="10.00"/>, so when someone clicks view source they can see the form values.

Can the form be hacked and the values be changed before the form is sent? <form action="https://paypaletcetc">

Please help me clear my head.....

From what I remember this has to do with the openSSL module installed on most linux servers. This may point you in the right direction....

(openssl documentation)

As for hiding submitted form values, why not use php form validation instead of javascript/html set values. (i.e. I have a website that counts every word typed in and calculates the total price via javascript for display to the user. Once submitted I recalculate everything by pulling it out of the form and revalidate using PHP)

Which type of PayPal payment are you using?