Send data by POST from php using cURL?

Navigation
0

I'm trying to send data to an external API, the problem is that when I open the console in chrome or inspect any element, the values hidden of the form that are the API keys are shown, so try this with Curl : 

<?php
$ch = curl_init('https://apiurl.com/');
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, "ApiKey=$ak&merchantId=$mi&accountId=$ac");
curl_setopt($ch,CURLOPT_RETURNTRANSFER,false);
$respuesta = curl_exec ($ch);
curl_close ($ch);
?>

Now, I have 3 questions:

  • I understand that this function is done automatically, so how do I do it with a <input type="submit"> or a <button> ?
  • Is it safe to send data in this way?
  • What other way to send this data suggest?
    • asked by ger 14.07.2018 в 16:52
    source

    2 answers

    1

    What you would do is execute the curl in a file that you call when you press the button, either type submit and function as when you submit a form, or execute an ajax in the onclick or onsubmit event. It depends on if you want to keep the user in the current file or take him to the destination file where you execute it, that will be marked by the logic of your project.

    It is a secure method and a good way to send the data to the api.

    Example: you associate a function to the clickable element and you send it by AJAX to the file where you do the curl, so that it is only executed when you click. The apikey is in that file, so it's not visible to the user. 

    <div onclick="enviar();">enviar</div>

<script>
function enviar() {
  $.ajax({
    url: "", //archivo php con el curl
    type: "post",
    data: //si necesitas enviar algún dato desde aquí para la ejecución del curl
  });
}
</script>

    If from the API you receive results that you want to show, you can collect them in success of AJAX .

        
    answered by 14.07.2018 / 17:31
    source
    1
  • The "submit" fields are sent as [name of the field]="Value of the button". By default, if we do not give any value to a submit field, it will depend on what the browser assigns it. Probably "Send inquiry" or something similar. The most practical thing for "submit" buttons is to simply check that they have been set via via, regardless of their "content"
  • This is how you should hide the API from your clients and making requests via https should be safe
  • If you intend to hide the api from your clients, I can not think of much more that you can do than move the requests to the server. Regarding curl, there are other alternatives such as link or link Here are some of them discussed: link
    • answered by 14.07.2018 в 17:25
    Query between 3 tables with MySQL error with setInterval