Server Side Posting

jaco_nel007 · April 1, 2011, 3:41pm

We are currently doing a Mweb Safeshop integration (Payment gateway).

In order for a transaction to be processed, our application needs to redirect to a their application.

Currently, we have implemented a form with the neccessary parameters (hidden) in to submit to their url. The problem I see is that user (some intellegent users) will be able to alter the values in the form (even if they are hidden) and thus corrupt the order.

My solutions was to redirect to the mweb safeshop from the server side, the problem at hand is the fact that I have to GET. Via GET the user can still change the parameter in the url.

Is there a was to redirect from php server side and still sending certain parameters via POST?

G_Schuster · April 2, 2011, 7:23am

Simple answer: no.
If they really just offer this way of integration I’d absolutely not use them.
Good APIs offer “internal” data passing (e.g. POST via cURL, returning a “token”) and redirecting with only the “token” as parameter so there’s no chance to manipulate the order values.

praveenkv1988 · May 6, 2011, 1:23pm

Most of the PG providers will give you some options like hashing a value and send to their website for processing. Also, they support encrypting the content with a secret key. Check whether your PG providers support that.