Hi,

I'm using HTML Form to send information of my visitors (Visitor submit this form directly) to destination.com as follow:

<form name="form1" action="http://destination.com/receiver" method="post">
<input type="hidden" name="Login" value="My-Username">
<input type="hidden" name="Passwd" value="My-password">
<input type="hidden" name="Cust" value="John Doe">
<input type="hidden" name="Total" value="100">
<input type="submit" value="Submit">
</form>

This HTML Form is the only method that destination.com can accept.

But this is very big security issue, since people can use 'View Source' and get my login and username.

How to protect my login and password from being viewable to the world but the form still work ? May be hide it somewhere? Or other method?

Please advice.

Thank you.

If your destination.com accepts GET variables, you can try this code. I hope it could be clear without comments.


<?php
if(isset($sub)){
header("Location: http://destination.com/form_reciever.php?login=blah&passw=blahblah&cust=$cust&total=$total");
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>FORM</title>
</head>

<body>
<form action="<?php print $PHP_SELF ?>" method="post">
<input type="hidden" name="cust" value="John Doe">
<input type="hidden" name="total" value="100">
<input type="submit" name="sub" value="Submit">
</form>
</body>
</html>

Thanks a lot. :) :) :)