Store the data in a [man]session[/man] rather than in the HTML. There is no way to hide anything if it's a part of the HTML.

My values are fixed and never change. Will session still work if? Where will the actual file be stored?

Thank You.

perland wrote:

My values are fixed and never change

Then why do you need to store them? If they are fixed and never change, why not just hardcode them into the PHP script?

perland wrote:

Will session still work if?

If... what? The answer is probably yes.

perland wrote:

Where will the actual file be stored?

The files (if files are even used - see session.save_handler) will be stored wherever you tell PHP to store them, e.g. via session.save_path.

It is banking information and I do not want it exposed.

The form is posted to "https://abc.asp?" which is a link the bank has provided me.

My plan is to have the hidden fields inserted into the form just before submission.

Maybe I need to post it to some php page that will prepare the form and then send it to "https://abc.asp?"

Thank You.

I don't know what the process is, but it sounds like you basically have two options:

1. Place the information in the form (e.g. using hidden form elements) so that when the user submits the form to the external URL the information is included in the request.

2. Do the form submission yourself using something like [man]cURL[/man]. If you need to display any information from the page returned and/or redirect the user, you'd have to retrieve and parse the headers/body of the response.