Forum Moderators: coopster
I am fairly new to PHP but have had a good deal of programming experience. I am attempting to complete a project were a user is purchasing a product, and is then transported to a credit card processor's gateway, Elavon or Nova's Virtual Merchant. Their developer instructions say to create a form and pass certain fields as hidden fields, like your merchant account ID. However, they then say "All sensitive merchant data, including transaction amount and your Virtual Merchant credentials, should be placed in server side code, rather than of just hidden value fields on an HTML form."
So, how do I use a form to submit this but use PHP to pass this sensitive data rather than just a hidden field?
Thanks for any and all help!
You submit the form without that confidential data to your processing script, then in that PHP you add all that data to your variables array and then you POST all that data to your Merchant's URL. cURL is one of the many options to achieve that.
CURL [php.net]
You can use the Class provided by some user on the above url to start with.
[edited by: Anyango at 7:06 am (utc) on Nov. 27, 2008]
So if I am following this correctly, I submit the info the user submitted (ie, their name, address, phone number) from the form to this processing script. Then, the processing script adds the merchant data, and posts it to the credit card processing site.
Thanks!
That fundamentally makes sense, I just have two questions and one concern.
Question 1: Is this method going to actually physically take me to the link it is posing the data to? My site stops after taking their billing info and then posts all the data to the url, but then they complete the transaction at the location the data was posted to. If that makes sense.
2: I am assuming the example you linked to can be modified to get/post as many variables as it needs.
And my major concern, while I understand what need to happen, I do not understand most of the link you provided. Where can I get some alomst step by step or documentation for this being as I know nothing about this CURL stuff and just a little php.
Thanks for all your help!
1. Create a form
2. Set the action of the form to [example.com...]
3. Set the method of the form to POST
4. Add a hidden field with the name ssl_merchant_ID. Set the value to the Virtual Merchant account ID.
5. Add a hidden field with the name ssl_pin. Set the value to the merchant PIN associated with the Virtual Merchant ID.
6. Add a hidden field with the name ssl_amount. Set the value to the desired amount.
7. Add a submit button.
However, the also state:
All sensitive merchant data, including transaction amount and your Virtual Merchant credentials, should be placed in server side code, rather than of just hidden value fields on an HTML form. This will reduce the ability for malicious users to edit and use this data for their own fraudulent purposes.
Once I pass the form action to that site, the user has to be directed there so they can input their credit card info. MY site just takes their name, address, ect... not their credit card stuff.
Thanks!
[edited by: eelixduppy at 4:41 pm (utc) on Nov. 27, 2008]
[edit reason] example.com [/edit]
