> I use a PHP self-validating form for taking orders off my site. (on submit
> it calls itself and if there are no errors a send variable is set and it
> emails me the information, etc - standard stuff).

Relying on JavaScript as your only validation is a BAD IDEA.  The user could
trivially bypass JavaScript and send you all sorts of nasty stuff.

> I'd like to start taking CC orders and would like to encode the
> using javascript
> http://javascript.internet.com/passwords/virgenere-encryption.html.  I'll
> use a hidden value as a codephrase to encode the CC number, then when I
> receive the order I can go to a secure page on the site to decrypt it.

No.  Really BAD IDEA.  Use an SSL server.

> The question is - how do I call a javascript function from my PHP code?

You don't.  You'd have to code the decoder stricly in PHP, using the
counter-matching value from the (presumed) key-pair of the PGP codephrase.

I haven't actually read the link above, as it's silly to use that when you
should use SSL in the first place, so I dunno what whack thing they are
doing if they aren't doing some sort of PGP thing.

>  I
> want to do the encoding just before I email the form variables.  ie -
> if ($send == "yes"){
> do javascript encoding of cc number
> $mail (information to me)
> echo ("Your Order has been sent")
> }

Do *NOT* email yourself a CC number in clear-text.  Email is eminently
hackable.  PGP (or gpg http://gnupg.org) encrypt it...

No, cancel that.  Just do it the industry-tested standard way with SSL and a
bank backend like everybody else, or use http://ccnow.com or similar service

Don't risk your customer's credit card info on some untested scheme.

WARNING [EMAIL PROTECTED] address is an endangered species -- Use
Wanna help me out?  Like Music?  Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to