I have a form on my site that gets submitted to a third party site which basically adds the form data as a record in the third party database. This is implemented with the form "action" attribute. I have no control over what the third party does after the form is submitted. See below for the implementation.
I'm doing javascript validation, but I also need to be able to do server-side sanitation and validation of the form data with php before it gets sent to the third party. I may also want to implement a CAPTCHA.
What approach can I take to achieve this? I thought about having the form submit to the script that houses the form, and collecting all of my $_POST variables, do the validation, and then maybe redirect to the third party URL, but not quite sure how the third party would receive all the form data if its not longer the form action. Is it possible to just tack all of my form variables on as a query string the third party URL?
<form id="contactform" name="contactform" onsubmit="return validateForm(this)" method="post" encType="multipart/form-data" action="https://thirdpartysite.com/db/?action=AddRecord&apptoken=xxx">
<input class="contactfield required contact_name_first" type="text" id="firstname" name="firstname" placeholder="FIRST NAME" />
<input class="contactfield required contact_name_last" type="text" id="lastname" name="lastname" placeholder="LAST NAME" />
<input class="contactfield required contact_org" type="text" id="organization" name="organization" placeholder="ORGANIZATION" />
<input class="contactfield required contact_email" type="text" id="email" name="email" placeholder="EMAIL" />
<input class="contactfield required contact_phone" type="text" id="phone" name="phone" placeholder="PHONE" />
<textarea class="contactfield required contact_msg" id="message" name="message" cols="40" rows="10" placeholder="HOW CAN WE HELP YOU?"></textarea>
<input type="hidden" name="rdr" value="http://www.mysite.com/thank-you" /><!-- Note: this gets passed to the third party site as the page to redirect back to after third party site receives the form data" -->
</form>
