/    Sign up×
Community /Pin to ProfileBookmark

paypal and custom cart

Copy linkTweet thisAlerts:
Sep 14.2010

I’m making a cart which sends the contents to paypal to do the transactions.

It uses hidden inputs to send the contents as paypal docs tell me to.
Something like:

[CODE]<input=”hidden” name=”cost_x” value=”1.2″ />[/CODE]

where x is some number corresponding to some item in another hidden input.

Will people be able to modify the code themselves and send it so that everything is free?

to post a comment
PHP

4 Comments(s)

Copy linkTweet thisAlerts:
@themartySep 15.2010 — Of course. It's actually very easy to do that.

The rule of thumb is to [B][SIZE="7"]NEVER[/SIZE][/B] trust user input.
Copy linkTweet thisAlerts:
@Jarrod1937Sep 15.2010 — If your server will be processing that form, it would be best to have the hidden input contain an id that references the product so that you can use the id to generate the cost server side. And of course, be sure to properly sanitize and escape the product id as well. Never trusting user input stops the majority of attacks.
Copy linkTweet thisAlerts:
@jason87Sep 15.2010 — http://conceptlogic.com/jcart/

This is really good if you want a pre-made one you can edit.

Even if you don't use it its good to look at, integrated to be used with Paypal as well.

hidden inputs can still be edited because they are still sent to the browser, they're just not displayed.

Do it server side instead.
Copy linkTweet thisAlerts:
@antaresauthorSep 15.2010 — Nice, I like that thanks Jason definitely a good read. ?

Okay so even in that example, jcart still has those hidden inputs. How do I do it on the server side?

Not sure if this is possible but it should be: After you "checkout" it posts the items and quantity to a php file on my server that finds the costs of the individual items and posts all that data to the paypal file? Is that possible?
×

Success!

Help @antares spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...