电子商务 - 使用服务器端代码隐藏 html 表单中的值
我正在尝试学习如何使用虚拟商人在网站上实施捐赠表格。 他们的开发人员手册中的 html 代码如下所示:
<form action="https://www.myvirtualmerchant.com/VirtualMerchant/process.do" method="POST">
Your Total: $5.00 <br/>
<input type="hidden" name="ssl_amount" value="5.00"><br/>
<input type="hidden" name="ssl_merchant_id" value="my_virtualmerchant_ID">
<input type="hidden" name="ssl_pin" value="my_PIN">
<input type="hidden" name="ssl_transaction_type" value="ccsale">
<input type="hidden" name="ssl_show_form" value="false">
Credit Card Number: <input type="text" name="ssl_card_number"> <br/>
Expiration Date (MMYY): <input type="text" name="ssl_exp_date" size="4"> <br/>
<br/>
<input type="submit" value="Continue">
</form>
我将其放在 html 文件中并且工作正常,但他们建议商家数据(输入 type="hidden" 值)应该位于服务器端代码中。 我正在研究 cURL,但它对我来说非常陌生,我花了几个小时试图找到一些指南或一些示例代码来了解如何实现这一目标。非常感谢任何建议或帮助。谢谢!
I'm trying to learn how to implement a donation form on a website using virtual merchant.
The html code from their developer manual goes like this:
<form action="https://www.myvirtualmerchant.com/VirtualMerchant/process.do" method="POST">
Your Total: $5.00 <br/>
<input type="hidden" name="ssl_amount" value="5.00"><br/>
<input type="hidden" name="ssl_merchant_id" value="my_virtualmerchant_ID">
<input type="hidden" name="ssl_pin" value="my_PIN">
<input type="hidden" name="ssl_transaction_type" value="ccsale">
<input type="hidden" name="ssl_show_form" value="false">
Credit Card Number: <input type="text" name="ssl_card_number"> <br/>
Expiration Date (MMYY): <input type="text" name="ssl_exp_date" size="4"> <br/>
<br/>
<input type="submit" value="Continue">
</form>
I have that in an html file and it works fine, but they suggest that the merchant data (the input type="hidden" values) should be in a Server Side Code.
I was looking at cURL but it'a all very new to me and I spent a couple of hours trying to find some guide or some sample code on how to accomplish that. Any suggestions or help is greatly appreciated. Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我已经使用过这个网关几次,他们要求您输入将被授予访问权限的 URL,以便发布到他们的系统。即使有人尝试使用您隐藏字段中的信息,他们也不应该向其中发布任何内容,因为他们不会从批准的位置发布内容。如果可以的话,网关就会出现重大问题。表单中包含的用户信息与管理网关选项所需的信息不同,并且访问权限非常有限。
和你一样,我一开始对此感到不舒服。我在他们的文档中遇到了相同的建议,但他们没有提供示例,也没有找到在项目的时间范围/预算内实现这一目标的好方法。在与我的客户交谈后,他们同意这是可以接受的,并且自推出以来我们一直在这样做。
就我而言,我使用了与您非常相似的表单,我从 3 个不同站点的电子商务系统中读取值,其中最旧的站点已经运行了近 2 年,没有任何问题。
使用几次后,我可以说他们的系统按照广告宣传的那样工作,我们的客户对他们的服务感到满意。
I have worked with this gateway a few times and they require you to input the URL that will be granted access to post to thier system. Even if someone tried to use the information that is in your hidden fields, they should not be able to post anything to it since they would not be posting from an approved location. If they could, the gateway would have major problems. The user info contained in the form is not the same information that is required to administer the gateway options and has very limited access to begin with.
Like you, I was uncomfortable with this at first. I ran across the same suggestion in their documentation, but they offered no examples and didn't find a good way to make it happen in the time-frame/budget for the project. After talking with my client, they agreed this was acceptable and we have been doing that way since launch.
In my case, I have used a form much like yours that my reads the values from my ecommerce system for 3 different sites, the oldest of which has been running for almost 2 years without any issues.
After using them a few times, I can say thier system works as advertised and our customers are happy with thier service.
致电虚拟商家并要求他们向您发送服务器端隐藏值的示例代码。我们刚刚遇到了同样的问题,相信我,您不想让您的凭据公开暴露 - 一群人开始使用我们的凭据来验证被盗的信用卡。欺骗引荐来源网址是微不足道的。
Call up Virtual Merchant and ask them to send you sample code for the server-side hidden values. We just had this same problem and TRUST ME, you don't want to leave your credentials publicly exposed - a group of people started using our credentials to validate stolen credit cards. Spoofing referrers is trivial.