chrishirst — Mon, 09 Jan 2006 11:18:20 +0000

Busy why are saying this is some kind of security risk or SQL injection attempt. Yes using a form could certainly be used as a injection attack but a few simple measures at the receiving end can handle this risk.
It's a perfectly normal everyday operation between a ecommerce site and the payment gateway, Every merchant/gateway I have ever used has a means of passing any details (name, address,delivery address etc) from the cart pages to the gateway page should the person making the transaction wish to do this. Paypal has a field that the member login name can be sent.
Any kind of financial details of course should not be requested or sent unless over https secure connection.
A "GET" is also more at risk from SQL Injection as the data can be edited in the url.

hardline; Before anyone can help or suggest an exact method the server side code that is available at both points needs to be known.

hardline — Sat, 07 Jan 2006 13:46:40 +0000

Hmm, any suggestions on how I can get this to work? If any of you guys can do this, I'd be willing to talk with you.

Busy — Sat, 07 Jan 2006 11:50:10 +0000

If the second site is not yours you can't or rather shouldn't do it

If the coder of the second site had any sense they would block any 3rd party injections, this is considered a sql injection - bad. And would have to be get method, not post

chrishirst — Sat, 07 Jan 2006 00:56:50 +0000

yes it is possible simply by using a form to submit data via a POST. Many payment gateways allow you to prepopulate their forms in this way. It could also be handled as a POST operation from a server side script.

Exactly how and what fields are required would depend on the receiving site and what code is available at each end.

hardline — Fri, 06 Jan 2006 21:07:07 +0000

Hmmm.... There's gotta be a way. What if you can work with the other website to do this? Would it still be possible? If so what would you call this?

Busy — Fri, 06 Jan 2006 09:04:11 +0000

You can't do this for different sites for security reasons

hardline — Thu, 05 Jan 2006 20:40:53 +0000

Hmmm. I wouldn't know. It's on a temp host for now, but will probably get a dedicated soon.

hardline — Thu, 05 Jan 2006 20:39:40 +0000

Do you know how I can set this up? The information from my website will go into a database and store their info my my use.

I am looking to get this done, but can't find any info. Any scripts available?

Renegade — Thu, 05 Jan 2006 20:37:49 +0000

You can also store them as session variables (in PHP).

Which ever way you decide, you're going to have to use server side programming because IMHO, it's the most efficient.

Does your host support any kind of server side language? ASP? PHP?

timjpriebe — Thu, 05 Jan 2006 20:28:56 +0000

It is possible, but you'll have to store their information somewhere in the meantime. You could store it in a cookie.

When they fill out the first form, in addition to doing whatever your website already does with that info, also store it in a cookie. Then, on the second form, check if that cookie's there. If it is, populate the form with that info.