Cannot pass the PHP variable to the hidden input for Epayment website

Question

This is a E-payment submit form (HTML+PHP). It shows a field that gets the $Amount . This form ($amount) will post to a E-payment website .I tried to pass the $Amount to <input type="hidden" name="amount" value="<?php echo $Amount; ?>" > .(It works when <input type="hidden" name="amount" value="3000.0" > .)

Error:

HTTP Status 404 - /b2cDemo/eng/payment/null

type Status report

message /b2cDemo/eng/payment/null

description The requested resource is not available.

Any problems here?

Secondly , is it okay to show these merchant info in my source code(HTML)? Any security issues?

<input type="hidden" name="merchantId" value="13213123">
<input type="hidden" name="amount" value="<?php echo $Amount; ?>" >
<input type="hidden" name="orderRef" value="12313221">
<input type="hidden" name="currCode" value="3213123" >

......

// Define variables and initialize with empty values
$Amount = "";
$Amount_err ="";

if ($_SERVER["REQUEST_METHOD"] == "POST") {...
     // Validate Amount
        $input_Amount = trim($_POST["Amount"]);
        if (empty($input_Amount)) {
            $Amount_err = "Please enter the amount.";
        } elseif (!ctype_digit($input_Amount)) {
            $Amount_err = 'Please enter a positive integer value.';
        } else {
            $Amount = $input_Amount;
        }

    .....
         <form name="Epayment" method="post" action=" a EPayment sites">

    <input type="hidden" name="merchantId" value="....">//fixed code
    <input type="hidden" name="amount" value="<?php echo $Amount; ?>" >
    <input type="hidden" name="orderRef" value="...">
    <input type="hidden" name="currCode" value="..." >

    ......

         <div class="form-group <?php echo (!empty($Amount_err)) ? 'has-error' : ''; ?>">                             
    <label>Amount</label>                    
    <input list="Amount" name="Amount"  multiple class="form-control"> 
       <datalist id="Amount" >
        <option value="100">
        <option value="300">
        <option value="500">
        <option value="1000">
      </datalist>  
    <span class="help-block"><?php echo $Amount_err; ?></span>
     </div>

you don't need to show anything but the amount, once you make the request, then just add the merchant id and everything else on the request — Kevin, Jun 22 '18 at 01:11
You mean I don't need to write those hidden input ,except the $amount ? But now I can't pass the $amount to the site — evabb, Jun 22 '18 at 01:13
inside your form just take the user input, to request a POST into the epayment gateway, just simply curl it, by showing it inside the form (via hidden input tags) of course the merchant it and stuff can be seen by simply inspecting the element — Kevin, Jun 22 '18 at 01:13
Yes, I m doing this . But after I submit the form , it shows `Error: HTTP Status 404 - /b2cDemo/eng/payment/null type Status report message /b2cDemo/eng/payment/null description The requested resource is not available.` I guess the $amount cannot pass to the epayment gateway. — evabb, Jun 22 '18 at 01:15
your form is just confusing, no need to add a hidden input for the `amount`, the input list amount is just enough, here's the steps, user inputs amount, submits the form, get the amount input, prepare merchant ids orderref and everything else, create a curl request (i prefer this) to the payment gateway including the sensitive stuff plus the amount. profit — Kevin, Jun 22 '18 at 01:18
`$Payment` should be set unless the validation fails. Do you skip creating the form when `$Amount_err` is set? — Barmar, Jun 22 '18 at 01:30
`// Check input errors before inserting in database if (... && empty($Amount_err) &&....) { // Prepare an insert statement $pdo = Database::connect();` If `Amount_err` occurs , it stops creating the form to db . The form does two actions: passing to Epayment gateway & own db — evabb, Jun 22 '18 at 01:39
@Ghost According to the user Manual of the EPayment , we should use the method of hidden input . But in this case , what should I do to tackle the passing problem — evabb, Jun 22 '18 at 01:45

score 1 · Answer 1 · edited Jun 22 '18 at 01:25

1

Capitalization matters. You have

<input type="hidden" name="amount" value="<?php echo $Amount; ?>" >

Yet try to access it via:

$input_Amount = trim($_POST["Amount"]);

You need to change your html name attribute to "Amount" or your $_POST to $_POST["amount"]

edited Jun 22 '18 at 01:25

Devon Bessemer

34,461
9
69
95

answered Jun 22 '18 at 01:22

Mr Glass

1,186
1
6
14

He's accessing `` It has capital `A`. – Barmar Jun 22 '18 at 01:29
The hidden input is for sending to Epayment, not his own script. – Barmar Jun 22 '18 at 01:30
`Kindly note we do not accept symbols in the 'amount' field.` Msg shown on the epayment gateway with your method – evabb Jun 22 '18 at 01:31

Cannot pass the PHP variable to the hidden input for Epayment website

1 Answers1