[nycphp-talk] submitting two forms with one button - possible?
sbeam
sbeam at onsetcorps.net
Thu May 22 12:19:26 EDT 2008
On Thursday 22 May 2008 11:27, Kristina Anderson wrote:
> How to do this? Can I call the second form submit programmatically at
> the end of the first form submit in PHP? Or with Javascript on the
> second form submit call the first form to be submitted?
I would recommend the former, because that is the only way it will work if
Javascript is disabled. Even if it is enabled, one should never "trust" the
client browser to do the right thing (or to not be maliciously tampered
with) - so in the JS scenario, could an attacker submit an order to your
server without actually providing payment to Paypal? seems quite possible.
Using PEAR HTTP_Request it is quite easy to submit a form from PHP. So you
could pass along the data from the form to Paypal after you validate the
order, and then make sure Paypal returns an OK before confirming the order.
Paypal even has an API for this.
More information about the talk
mailing list