> to make sure the user has properly filled out this form. So I have to
> validate it. That's done in the background on the server, naturally. But
> once the validating is done, it's time to send the user off to the
> secure site with a payload of POST variables. At that point, the user
> will enter credit card info and such, and continue the transaction.
You're describing what a 307 redirect is supposed to accomplish:
header("Location: $secure_url", TRUE, 307);
But I've heard that not all browsers comply with the HTTP spec on this
point. Might be worth testing a bit, though -- maybe your typical
audience doesn't tend to use non-compliant browsers.
> So I need to find a way to direct the user's browser to the secure site
> with their payload of POST variables. The more I look at this, the more
> it looks like cURL won't do it, and Javascript has the obvious down
> side.
>
> I'm afraid the only way to do this may be to validate everything, pass
> the values off to a confirmation page, where the user has to hit
> "Proceed", and *that* page goes directly to the secure server with its
> POST payload.
That might actually be the best solution because it's the most
transparent, from the user's point-of-view. A 307 is going to cause
many browsers to pop up a confirmation dialog, which will freak some
users out -- and will break people's flow a lot more than would a
smoothly-executed two-stage submit.
Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
