Posted by Hilarion on 11/22/05 17:43

> I have a question. Sometimes when you submit informationfrom a form, for
> example your credit card number, is send "secure" to the server or to some
> payment site. How is this done. What software do you need to do sent secure
> information it in php. Do you need a certificat or something like this.


If you want to send the data from your <form> to some third party server
(like some payment site), then the only thing is to provide proper "action"
attribute value of the <form> tag. It's the user browser and the third party
server which will do the "secure" thing (the data do not come from your
server and do not get to your server).
If the data from the form has to be submitted securely to your script
(from this <form> or from some external server), or sent by your script
(not by the form, which means by the browser, but by PHP script itself)
to some external server, then it's a bit different. In the first case
you'd have to do what Dave wrote (have a webserver which supports SSL
and a trusted certificate) and in this case all is done by your webserver
(you do not have to do anything in your PHP scripts to make them able
to receive secure data). In the second case you need to enable your
PHP to do secure HTTP requests (and to get the secure responses), which
in most cases means installing support for CURL in PHP and getting the
public part of the external webserver certificate.

Hilarion

[Back to original message]