I need to allow end users to submit their usernames into an html form and pass that data to a 3rd party site, where they then submit their passwords. The form needs to have controls in place for cross-site scripting and other malicious types of attacks. My understanding is that I can have php request the form data, where the input can be sanitized and then use a CURL function to pass the data to the 3rd party. I'm familiar with how to sanitize input with PHP, but not how to then automatically pass the data to the 3rd party. I don't necessary have to use CURL, if there is a better method available.
Thank you in advance!
<form action="https://thirdpartysite.com/Remote/RemoteLoginApi.aspx?" method="POST">
<input name="_userName" type="text" maxlength="26" id="_userName" />
<input name="_buttonContinue" type="submit" value="Continue" id="_buttonContinue"
class="remoteFrame button" />