> I use a PHP self-validating form for taking orders off my site. (on submit
> it calls itself and if there are no errors a send variable is set and it
> emails me the information, etc - standard stuff).
Relying on JavaScript as your only validation is a BAD IDEA. The user could
trivially bypass JavaScript and send you all sorts of nasty stuff.
> I'd like to start taking CC orders and would like to encode the
information
> using javascript
> http://javascript.internet.com/passwords/virgenere-encryption.html. I'll
> use a hidden value as a codephrase to encode the CC number, then when I
> receive the order I can go to a secure page on the site to decrypt it.
No. Really BAD IDEA. Use an SSL server.
> The question is - how do I call a javascript function from my PHP code?
You don't. You'd have to code the decoder stricly in PHP, using the
counter-matching value from the (presumed) key-pair of the PGP codephrase.
I haven't actually read the link above, as it's silly to use that when you
should use SSL in the first place, so I dunno what whack thing they are
doing if they aren't doing some sort of PGP thing.
> I
> want to do the encoding just before I email the form variables. ie -
>
> if ($send == "yes"){
> do javascript encoding of cc number
> $mail (information to me)
> echo ("Your Order has been sent")
> }
Do *NOT* email yourself a CC number in clear-text. Email is eminently
hackable. PGP (or gpg http://gnupg.org) encrypt it...
No, cancel that. Just do it the industry-tested standard way with SSL and a
bank backend like everybody else, or use http://ccnow.com or similar service
Don't risk your customer's credit card info on some untested scheme.
--
WARNING [EMAIL PROTECTED] address is an endangered species -- Use
[EMAIL PROTECTED]
Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
