Hi, I have basically seen and used two methods for integrating credit card gateways into PHP code. The first method is one that opens a socket to the gateway server and sends the data from within the code. The second is where FORM data is posted to a https URL with the URL is should send the response back to, with the confirmation code, etc. I traditionally use PG for situations of e-commerce, mainly because of transactions. I like the first method better, because I feel it is more secure, seemless, and less chance for errors to occur (either user induced, or other problems). I like being able to store all of the required data in sessions (rather than adding to the DB at each step) and then making all of the transactional queries at the end of the credit card charging process. The problem I face is that all of the companies I've researched that allow direct socket integration seem to charge quite a bit more in general than those that use the POST/REDIRECT method of charging. **** So, if anyone knows of a reliable and affordable company that allows socket integration, that would solve the problem best. **** However, because of budget issues, I may need to use one of these cheaper companies, who ultimately use the POST/REDIRECT method. My questions are how do you securly, reliably, and seemlessly integrate sessions within that type of gateway. Because once the form data is posted to the credit card gateway, it redirects (posts response data) back to the script of your choice. However, in my experience, the sessions are not restored/recognized until the browser is refreshed on the client side (through the use of JavaScript) to get the server to recognize the request as coming from your user, rather than the as a post from the gateway. I don't want to have to deal with getting sloppy and adding additional refreshes/java script if thats the only way to do it. If I were to merely have the code generate a form based on hidden tags and have javascript auto-form submit, then I would open to security problems, because I could no longer restrict the script the gateway respondes to by an HTTP_REFFER. Because the clients order id that is generated will be stored as a session, I need a way to reference the order ID and confirmation code that is returned by the posted data from the gateway, against the session data to start inserting the data into the DB if it was a successful charge. Any ideas...? Maybe there's a quick solution out there I am just overlooking. The solution would be easy if I wasn't inserting all of my data at the end of the process based on the session data. But this is how the code is has to work, so what do you all think, how should I deal with this? Thanks, FT -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
