How to safely pass value from WP Forms to PHP code?

Question

I'm using Wordpress forms (gravity forms plugin) and I'm trying to pass price value to payment platform. I'm using just a hook with code that after form submission passes value to URL and redirects to payment page:

add_action('gform_after_submission', 'link_to_payment', 10, 2);
function link_to_payment($entry, $form) {

    $price =  $entry['6.2'];
    header("Location: http://www.******.***/test.php?price='.$price");
    exit();

}

Obviously problem with this is just that any person with webtools can change the value of $entry['6.2'] in html code and get a different price to pay. My question is, is there a safe way to pass value from HTML page to PHP code that user couldn't change in HTML code?

Answer 1

As these are the price of products which is set from the backend, you don't need to get the price from the frontend.

Create a new hidden field which has ID of the product. Let's say the name of field is 6.3.

add_action('gform_after_submission', 'bks_link_to_payment', 10, 2);
function bks_link_to_payment($entry, $form) {

    $product_id = $entry['6.3']; // Make sure you change the field to the one you create.
    $product    = wc_get_product( $product_id ); // get product object from the backend.

    // If the product exists.
    if ( $product ) {
        $price = $product->get_price(); // This would give you the price of the product.
        header("Location: http://www.******.***/test.php?price='.$price");
        exit();
    }
}

So, in case someone changes the id of the product using webtools you are making sure that the product exists and the price is fetched from the database so it can't be altered.