I am very very confused about encrypting form values when posting a form to submit payment.

Please don't turn off when I mention PayPal. I am genuinely confused.

I have to submit form values via an HTTPS connection to PayPal and PayPal have advised me to encrypt my form fields (This is where I'm confused).

From everything I've read I cannot encrypt the html <input type="hidden" name="total" value="10.00"/>, so when someone clicks view source they can see the form values.

Can the form be hacked and the values be changed before the form is sent? <form action="https://paypaletcetc">

Please help me clear my head.....

3 Years
Discussion Span
Last Post by paulkd

From what I remember this has to do with the openSSL module installed on most linux servers. This may point you in the right direction....

(openssl documentation)

As for hiding submitted form values, why not use php form validation instead of javascript/html set values. (i.e. I have a website that counts every word typed in and calculates the total price via javascript for display to the user. Once submitted I recalculate everything by pulling it out of the form and revalidate using PHP)

Edited by PsychicTide

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.