resending $post values after validating

btimms

The gateway/merchant account I want to use for credit card processing requires the name, address etc my form collects as a post array. My problem is I cannot figure a way to do this if I validate before I send it using a PHP script. I know I could probably add an "Is this information correct?" page populated with the data saved from session variables but at this point the user has already completed a couple of forms and would prefer to go direct to the gateway with the validated $_post variables. Is there anyway to do this without a "submit" button?

Any suggestions would be appreciated.

NogDog

For something like that I usually use the [man]cURL[/man] functions to communicate with the payment gateway.

Valdhor

Why not use Javascript (And maybe AJAX) to verify fields on the fly?

btimms

I am using Javascript validation but have to allow for situations where Javascript is disabled. I am resolving my issue by landing on a read-only confirmation screen after any changes and validation have been completed. I looked into the cURL solution posted by NogDog but don't have time for the learning curve - at least for the first pass of this project.

bradgrafelman

Valdhor wrote:
Why not use Javascript (And maybe AJAX) to verify fields on the fly?

Because Javascript-only solutions should never be used for any validation purposes - they can be too easily bypassed/modified.

btimms wrote:
I am resolving my issue by landing on a read-only confirmation screen after any changes and validation have been completed.

Note that users can still modify the information and bypass any validation mechanisms you have in place.

btimms

bradgrafelman wrote:
Because Javascript-only solutions should never be used for any validation purposes - they can be too easily bypassed/modified.
Note that users can still modify the information and bypass any validation mechanisms you have in place.

I'm sure with enough effort/knowledge validation can be bypassed. The best I know to do is using php scripting and drill down as far as possible with regular expressions. Can you recommend other methods? Any suggestions appreciated.

bradgrafelman

I simply meant that you should research using cURL to submit the values yourself - using hidden/readonly input form fields can easily be edited by the user before they are submitted, thus bypassing any validation you may have already done.

"Validating" data doesn't mean a whole lot in the general sense - you really have to define it on a case-by-case means depending on your application and what you consider "invalid" data.

btimms

bradgrafelman wrote:
I simply meant that you should research using cURL to submit the values yourself - using hidden/readonly input form fields can easily be edited by the user before they are submitted, thus bypassing any validation you may have already done.

Thanks - I'm going to start doing some research as to what's needed to get started and how to use it.

meigwil

cURL really isn't that difficult. I've used it a few times with great success, and I'm not an expert.

I suggest you validate using Javascript first, and then on the server. If the server-side validation is correct, send the values using cURL.

Here's a quick tutorial.

btimms

meigwil wrote:
cURL really isn't that difficult. I've used it a few times with great success, and I'm not an expert.

I suggest you validate using Javascript first, and then on the server. If the server-side validation is correct, send the values using cURL.

Thanks. I am doing the validation as you suggest. I rebuilt PHP last night on my production server to include cURL and will try to use it once I get done developing in my local environment. In the meantime I'll try to learn as much as I can.

Thanks for the tutorial link.