I am building some custom shopping cart software and am interfacing with PayPal. To submit checkout data to PayPal, a bunch of hidden form variables need to be included and submitted to their checkout processor which will then display the items and allow the customer to pay in full. The problem is, the variables are available in plain text and should the customer wish, they can download the page offline, modify the HTML and submit it (it works, I have tried it on other big commercial sites). While it's easy to manually verify the data on my end to ensure the amounts charged and the amounts paid match up, I would feel better if there were some way to submit these form variables internally without anything being shown to the user.
Coming from a C++ background, I assume this can be done with sockets and directly sending a "POST" request to the receiving CGI but I would be interested to know if there is an easier way to do this.