0

I'm new to PHP, I started about 3 weeks ago.

I have a string, which is used with $_POST to pass it to another page, the second page uses $_GET to get these url and split it as desired.

My problem is that, in my first page I use a String, and I want to encrypt it, so that I can pass it as a plan text. In the second page I must decrypt it and get it as an array.

So is there any encryption method or function I can use which is compatible with $_POST ( so I can send it to another page ) and decrypt it as an array ?

I need this method, because the second page is actually connecting to website and is a payment method. So i don't want users to manually edit the url and lower the amount of $ for the product they get.

tnx for your help.

Improve this question
3
  • $_POST is used to receive parameters sent to the server using a POST request, in which the parameters are passed in the body of the request, usually URL-encoded (e.g. via a form submission or an ajax request). $_GET is actually the same concept, except for the fact that the parameters are located in the request URL (e.g. www.domain.tld?param1=value1&param2=value2&...) Commented May 12, 2012 at 14:57
  • Note that a user always can change the values of the request.. it's just a question of the users knowledge of the HTTP protocol. So you should really never pass such information along with the requests. Commented May 12, 2012 at 14:58
  • use sessions. encrypting can be often subverted by someone more experienced than you. Commented May 12, 2012 at 15:11

3 Answers 3

Reset to default
3

You're thinking about this wrong. You NEVER trust information coming from the user's side.

For example, if your user sends a form that says what item they want, DO NOT include the price in the form. Instead, get the price from the server (database), where it can be trusted.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I forgot to mention this, but of course, you're absolutely right
@user1391170, If you need to use data from one page on another, stick it in $_SESSION. Session data is stored server-side, and a session ID cookie is stored with the client.
0

What you probably want to do is pass the contents of the users cart (i.e. the items he'd like to order) to the payment site. Therefore, you should create a form like:

<form action="URL/to/paymentPage.php" method="post">
<!-- Item 1 -->
<input type="hidden" name="items[0]" value="productID1"/>
<input type="hidden" name="quantity[0]" value="quantity1"/>
<!-- Item 2 -->
<input type="hidden" name="items[1]" value="productID2"/>
<input type="hidden" name="quantity[1]" value="quantity2"/>
<!-- ... -->
<!-- Item n -->
<input type="hidden" name="items[n]" value="productIDn"/>
<input type="hidden" name="quantity[n]" value="quantityn"/>

<input type="submit" value="Order"/>
</form>

On the server in the file "URL/to/paymentPage.php" you can access the items using the following code:

<?php
$items = $_POST['items']; // Array of items ..
$quantities = $_POST['quantity']; // The array of quantities for each item ..

// Calculate the total price ..
$totalPrice = 0;
foreach($items as $idx => $itemID) {
  if($quantities[$idx]>0) {
    totalPrice += getPriceFromDB($itemID) * $quantities[$idx];
  }
}

echo 'Total Price to pay: '.$totalPrice;
?>

where the function getPriceFromDB actually retrieves the price for the item/product with the id $itemID from your database or elsewhere... :)

However, the user items are usually stored in the session, and, therefore, there is no need to submit the again.. ;)

Improve this answer

Comments

0

Despite not fully understanding what you're trying to achieve, you can use base64 encoding:

$encoded_string = base64_encode ($string);

$decoded_string = base64_decode ($encoded_string);
Improve this answer

3 Comments

Base64 is not a crypto. It's easily viewable and editable by almost everyone knowing anything at all about programming.
Yes, Emil, but why would that be a problem? He just wants to pass it as plain text, and that can be done using base64
From the question: "and I want to encrypt it" and "i don't want users to manually edit the url and lower the amount"

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.