Greetings.
I will often lurk about in the older posts for an answer to whatever issue I may be having at the time, but this one has me stumped and I am quite confident it's something simple.
What I am trying to do is take a users input for their address and credit card information for a shopping cart, and have the results passed to the next stage in the application.
This in itself is simple enough, but what I do not want is the users input being visible in the browers address bar. Anyone could potentially use the "Back" button or view the persons history to get their credit card number.
here is a section of the code I have:
// ## Clip
echo "<td colspan=1><input name=\"CardNum\" type=text size=30><img src=\"./page_img/spacer.gif\" width=5 height=1>";
echo "<input name=\"CardExp\" type=text size=4><img src=\"./page_img/spacer.gif\" width=5 height=1>";
echo "<input type=submit value=\"Place My Order\"></td>";
echo "</tr></table>";
// ## Clip
I would like to know if there is a way for me to take "Cardnum" and other fields and make them session variables when the user presses the submit botton, without sending the fields to the browser address bar as such:
// ## Clip
http:\www.[CENSORED].com/clients/ans_shop_online/shop.php?action=P&1stName=Dixie&2ndName=Normous&street=976+Beechcraft+Ln.&city=Hometown&state=Or&zip=90210&ph1=123&ph2=456&ph3=7890&email=daniel@clanbaker.com&CardName=Ample+Example+&CardNum=1234-1234-1234-1234&CardExp=0401
// ## Clip
As you can see, the card information is clearly visible in the browser field, and if I am not mistaken, transmitted plaintext in the http headers.
Can I "Preprocess" the variables and push them into a session variable when the user submits the form instead of sending the info as an extrension of the Url?
And suggestions or ideas would be wonderfully appreciated,
2Hawks.
