0

I am very very confused about encrypting form values when posting a form to submit payment.

Please don't turn off when I mention PayPal. I am genuinely confused.

I have to submit form values via an HTTPS connection to PayPal and PayPal have advised me to encrypt my form fields (This is where I'm confused).

From everything I've read I cannot encrypt the html <input type="hidden" name="total" value="10.00"/>, so when someone clicks view source they can see the form values.

Can the form be hacked and the values be changed before the form is sent? <form action="https://paypaletcetc">

Please help me clear my head.....

3
Contributors
2
Replies
34
Views
3 Years
Discussion Span
Last Post by paulkd
0

From what I remember this has to do with the openSSL module installed on most linux servers. This may point you in the right direction....
http://www.stellarwebsolutions.com/en/articles/paypal_button_encryption_php.php

(openssl documentation)
http://php.net/manual/en/function.openssl-encrypt.php

As for hiding submitted form values, why not use php form validation instead of javascript/html set values. (i.e. I have a website that counts every word typed in and calculates the total price via javascript for display to the user. Once submitted I recalculate everything by pulling it out of the form and revalidate using PHP)

Edited by PsychicTide

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.