It occurs to me that it would be relatively easy for someone with a decent web
browser to fake the amount string in the form fields to submit to WorldPay and
choose how much they would like to pay for their basket. Whilst the obvious
thing to do is to validate the amount that the WP callback sends back to my
site, it seems that this is a bit of a rearguard action, as the transaction has
already taken place, and someone in the finance dept. will inevitably have to
sort out the mess. Hence I was wondering if it was possible to use an
intermeditate page between the 'purchase this' form, and the WorldPay form,
which would create all the form fields and do a CFHTTP to WorldPay with all the
relevant data. I'm stuck on the fact that a normal form submission will
naturally send the browser to wherever it is submitting to, whereas a CFHTTP
post won't. Is there some way of doing this via the redirect attribute? Any
thoughts appreciated.