How to hide values

<form action="https://www.myvirtualmerchant.com/VirtualMerchant/process.do" method="POST">
<input type="hidden" name="ssl_merchant_id" value="505413">
<input type="hidden" name="ssl_user_id" value="632568">
<input type="hidden" name="ssl_pin" value="XFC4AG">
<input type="hidden" name="ssl_show_form" value="true">
<input type="hidden" name="ssl_test_mode" value="false">
<input type="hidden" name="ssl_invoice_number" value="0001">
<input type="hidden" name="ssl_transaction_type" value="ccsale">
<input type="hidden" name="ssl_description" value="<?php echo $description ?>">
<input type="hidden" name="ssl_amount" value="<?php echo $total ?>">
<input type="hidden" name="ssl_salestax" value="<?php echo $tax ?>">
<input type="submit" value="Click to Order">
</form>

I need this to hide the first 3 values but still post to the shopping cart processor. i have tryed everything i know and just ran out of ideas. any help?

thanks

 

The cart processor has a bad system if those valued require hiding.

 

You can use encryption to encrypt the values during the HTML process, then decrypt it again when you need it.

Here is a hand:

http://awesomephp.com/?Tutorials*3/Encode-Decode-in-PHP.html

Peace,

 

yea but i need to hide the 3 values in the page source without interfering with the process of posting

 

It's impossible to truly hide them. The most you can do is use javascript to tack them onto the postdata being sent, but that doesn't hide them completely. If you want to hide them, pass the values with sessions instead of through the postdata.

 

I don't quite understand, the value are already hidden. type="hidden"

 

He wants them to not appear in "View Source".

 

Have you tried using CURL or building your own HTTP request?

 

the whole <input> including the one with type="hidden" can still be viewed at HTML Source Page. eg: when a user right click and choose View Source

perhaps u can assign them to session variables?

$_SESSION['things_to_hide'] = 'value_to_hide';

PHP:

 

Just a mad thought:
-
Perhaps you could write nifty encrypt/decrypt which is keyed
by the user's SID ? That way, only encrypted confidential info
would appear when the user chose to "view source" (which would
be useless to anyone who didn't know your encrypt algorithm, even
if they could discover the SID), and you can then decrypt using the
static SID when the POST is returned ?
-
I'm fairly new to PHP, but that would seem to be do-able.

-
Chris

 

got an example to go along with the code insert i posted at the top

Thanks

 

eg: <input type="hidden" name="ssl_merchant_id" value="505413"> will be

$_SESSION['ssl_merchant_id'] = 505413;

PHP:

So you have to replace the $_POST['ssl_merchant_id'] with $_SESSION['ssl_merchant_id'] in all the page. Also, make sure you call the session_start() on top of page.

BTW I do not know if this is secure

 

That would be a good idea, you could also post the values later on using CURL post methods.