Server Side Posting

We are currently doing a Mweb Safeshop integration (Payment gateway).

In order for a transaction to be processed, our application needs to redirect to a their application.

Currently, we have implemented a form with the neccessary parameters (hidden) in to submit to their url. The problem I see is that user (some intellegent users) will be able to alter the values in the form (even if they are hidden) and thus corrupt the order.

My solutions was to redirect to the mweb safeshop from the server side, the problem at hand is the fact that I have to GET. Via GET the user can still change the parameter in the url.

Is there a was to redirect from php server side and still sending certain parameters via POST?

Simple answer: no.
If they really just offer this way of integration I’d absolutely not use them.
Good APIs offer “internal” data passing (e.g. POST via cURL, returning a “token”) and redirecting with only the “token” as parameter so there’s no chance to manipulate the order values.

Most of the PG providers will give you some options like hashing a value and send to their website for processing. Also, they support encrypting the content with a secret key. Check whether your PG providers support that.