Member Avatar for 68thorby68

I am very very confused about encrypting form values when posting a form to submit payment.

Please don't turn off when I mention PayPal. I am genuinely confused.

I have to submit form values via an HTTPS connection to PayPal and PayPal have advised me to encrypt my form fields (This is where I'm confused).

From everything I've read I cannot encrypt the html <input type="hidden" name="total" value="10.00"/>, so when someone clicks view source they can see the form values.

Can the form be hacked and the values be changed before the form is sent? <form action="https://paypaletcetc">

Please help me clear my head.....

  • 3 Contributors
  • 2 Replies
  • 199 Views
  • 1 Hour Discussion Span
  • Latest Post Latest Post by paulkd

Recommended Answers

All 2 Replies

Member Avatar for PsychicTide

From what I remember this has to do with the openSSL module installed on most linux servers. This may point you in the right direction....
http://www.stellarwebsolutions.com/en/articles/paypal_button_encryption_php.php

(openssl documentation)
http://php.net/manual/en/function.openssl-encrypt.php

As for hiding submitted form values, why not use php form validation instead of javascript/html set values. (i.e. I have a website that counts every word typed in and calculates the total price via javascript for display to the user. Once submitted I recalculate everything by pulling it out of the form and revalidate using PHP)

Edited by PsychicTide
Member Avatar for paulkd

Which type of PayPal payment are you using?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.