Specifications
Currently, our open form tag looks like this:
<form method = post action = send_private_mail.php>
We could alter it to send data via SSL even if the user connected without SSL like this:
<form method = post action = “https://webserver/send_private_mail.php”>
If we hard code the complete URL like this, we can be assured that visitors’ data will be sent
using SSL, but we will need to modify the code every time we use it on another server or even
in another directory.
Although in this case, and many others, it is not important that the empty form is sent to the
user via SSL, it is usually a good idea to do so. Seeing the little padlock symbol in the status
bar of their browsers reassures people that their information is going to be sent securely. They
should not need to look at your HTML source and see what the action attribute of the form is.
Further Reading
The specification for SSL version 3.0 is available from Netscape:
http://home.netscape.com/eng/ssl3/
If you would like to know more about how networks and networking protocols work, a classic
introductory text is Andrew S. Tanenbaum’s Computer Networks.
Next
That wraps up our discussion of e-commerce and security issues. In the next section, we’ll
look at some more advanced PHP techniques including interacting with other machines on the
Internet, generating images on-the-fly, and using session control.
Implementing Secure Transactions with PHP and MySQL
C
HAPTER 15
15
I
MPLEMENTING
S
ECURE
TRANSACTIONS
347
19 7842 CH15 3/6/01 3:40 PM Page 347