• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 688
  • Last Modified:

How can I post variables using PHP without using HTML/Form elements?

I am writing a PayPal payment page and I was wondering if it was possible to insert the paypal fields directly into the header so that I do not have to use HTML/Form elements.

For example a standard paypal hidden form element is:

<input type="hidden" name="amount" value="2.95">

Is it possible to achieve the same in PHP using session variables and by modifiying the http header?
0
lwfuk
Asked:
lwfuk
  • 3
  • 3
  • 2
  • +3
1 Solution
 
Kyle AbrahamsSenior .Net DeveloperCommented:
0
 
JoachimMartinsenCommented:
You could add it as arguments to the PayPal URL:
paypal.com/checkout_or_whatever/?amount=2.95

Open in new window

0
 
twocandlesCommented:
If you're using the http extension to reach PayPal, the take a look at this:
http://es2.php.net/manual/es/function.httprequest-addpostfields.php
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
ChimerazaCommented:
Well POST method's etc.. are HTML methods..So...

You can use SESSION variables to pass information by using $_SESSION['field'] = $value;

However, if you have limited server capacity this is not recommended as it can chow bandwidth if you have lots of users using the page simultaneously.  Otherwise its definitely recommended to use session variables for small values (not lots of text).

You can also pass variables using the header, just remember turn on output buffering at the very first line using <?php ob_start(); ?> with no chars before it and close with <?php ob_end_flush(); ?>

I use this function in conjunction with output buffering for redirect headers...

function redirect_to($location = NULL) {
      if ($location != NULL){
            header("Location: {$location}");
            exit;
      
      }

}

then call it:

redirect_to('page.php?var='.$var1);

Does this answer your question?
0
 
shobinsunCommented:
Hello,

    * Use the hidden field to pass along information for processing the form or for saving "state" in a CGI.
    * Remember that hidden fields can be viewed if your readers look at the source HTML, so don't use it for sensitive information such as passwords.


Better use session variables for more security.

Look at the link:

http://in.php.net/session

http://www.w3schools.com/PHP/php_sessions.asp

Regards
0
 
lwfukAuthor Commented:
Many thanks for your comments but redirects with appended variables are not suitable.

I want to hide information in the http header  (such as the return path) so that only PayPal (and experienced hackers) can see it.

There is nothing particularly sensitive in my data accept for the return path that leads to an upload page and I want to hide the path for security reasons.

I don't want to use encrypted buttons because I am generating the data dynamically and Ill change the path if a hacker detects it. So Im not that bothered if somebody if somebody tries really hard to find it.

Does anybody know how to inject a variable into the http header so that it looks like it was posted by the page?
0
 
twocandlesCommented:
If you want to hide completely the url from the user, then you should consider making the request yourself from a php. The user sends the request to you and you forward the request to PayPal. That's what I suggested the http extension...it allows you to do that.
0
 
lwfukAuthor Commented:
Sorry two candles. I don't understand what you mean. Do you have an example?
0
 
shobinsunCommented:
Hello,

Please go through :

http://in2.php.net/header

Hope this will help you.

Regards
0
 
twocandlesCommented:
This is an example taken (and slightly modified) from the php.net site.

Further info here: http://es.php.net/manual/es/class.httprequest.php

<?php
// This php is the action that receives the post from your user
// Create a new request to the payment page of paypal (use the correct url)
$r = new HttpRequest('http://paypal.com/page_for_payment.php', HttpRequest::METH_POST);
// Add the post fields required for payment in array format.
// Use session variables or post fields, depending on how you want to carry out user information
$r->addPostFields(array('user' => 'your_user', 'quantity' => '100.0'));
 
try {
    $r->send();
    // Now, process the result from paypal.
} catch (HttpException $ex) {
    echo $ex;
}
?>

Open in new window

0
 
lwfukAuthor Commented:
Many Thanks.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now