OK, I am basicly trying to build a hybrid subscription service that vb3 does on its own. But making it a bit more flexible for what I want ( being able to apply it to calendars and such on vb2.

I have it working, but theres a security hole.

They way I am getting the form data to the paypal engine is with a form that has some variable defined entries in it, and <body onload ...> running the form. But that causes a lag in the transaction of a few seconds, and for that few seconds a user could see the data being passed to Paypal in clear text.

The data has a return URL with a validation hash thats tag'd onto the end... if a user finds that data they could easily falsely make the vb system think they paid.

I see that vb3 uses CURL and then header as a fallback, to do this transaction wihtout the user being exposed to the raw data at any point. I am unfamiliar with CURL or how to use the header portions for this kind of act.

Right now I have a dedicated phpo script just for this function that does some control statements then runs the form. I tried to addapt the Vb3 code into this, but the CURL stuff didnt seem to do anything and neither did the header stuff. (the header most times threw an error saying "header has already been written").

Any help would rock in this.

vB3 supports subscription services?