shopping cart script

@cmotorOct 23.2004

How do I pass the variables below to the address below
when someone calls the function below?

VARIABLES:

var business=[email protected]
var item_name=Product
var item_number=P100
var amount=50.00
var quantity1=1
var cmd=_cart
var no_note=1
var currency_code=USD

F_P100() {

WHAT GOES HERE??????????????
ADDRESS TO PASS VARIABLES TO: ~~[url]~~https://www.paypal.com/cgi-bin/webscr[/url]
METHOD=post
TARGET=paypal

}

Thanks,
-cmotor

to post a comment

JavaScript

7 Comments(s) _↴

@ExuroOct 23.2004 — #You're supposed to use [FONT=courier new]<input />[/FONT] elements to communicate to PayPal, not JavaScript. Here's an example:

&lt;form action="https://www.paypal.com/cgi-bin/webscr" method="post"&gt;
 &lt;input type="hidden" name="business" value="[email protected]" /&gt;
 &lt;input type="hidden" name="item_name" value="Product" /&gt;
 &lt;input type="hidden" name="item_number" value="P100" /&gt;
 &lt;input type="hidden" name="amount" value="50.00" /&gt;
 &lt;input type="hidden" name="cmd" value="_cart" /&gt;
 &lt;input type="hidden" name="no_note" value="1" /&gt;
 &lt;input type="hidden" name="currency_code" value="USD" /&gt;
 &lt;p&gt;Product Name&lt;/p&gt;
 &lt;p&gt;
 &lt;label for="qauntity"&gt;Quantity:&lt;/label&gt;
 &lt;input type="text" id="quantity" name="quantity" value="1" /&gt;
 &lt;/p&gt;
 &lt;p&gt;&lt;input type="submit" value="Add To Cart" /&gt;
 &lt;/form&gt;

@cmotorauthorOct 23.2004 — #NO.

That is exactly what I am tring to avoid doing. The problem is that hackers can copy and change the prices from the source code and then re-upload the page and order at fraud prices. I want to move the code into a separate file (protected with htaccess) and let javascript pass the variables. All those variables need to be out of hackers reach/site.

Now, if anyone knows how this can be done please let me know. I want to call the script with an event handler which will act as my add to cart button.

Thank you,

cmotor

@cmotorauthorOct 23.2004 — #Okay, how about this way instead:

I want to keep the field name element and it's value hidden from the html code. I have replaced those elements with anonymous characters. I would like a script that switches the anonymous characters with the real name and value when the form is submitted. Does this question make sense?

<form name=F_P100 action="https://www.paypal.com/cgi-bin/webscr" method="post">

<input type="hidden" name="A" value="AA">

<input type="hidden" name="B" value="BB">

<input type="hidden" name="item_number" value="P100">

<input type="hidden" name="amount" value="50.00">

<input type="hidden" name="cmd" value="_cart">

<input type="hidden" name="no_note" value="1">

<input type="hidden" name="currency_code" value="USD">

<input type="hidden" name="add" value="1">

<a href="#" onClick="F_RS1001.submit()">submit</a>

document.F_P100.A=business

document.F_P100.A.value=[email protected]

document.F_P100.B=item_name

document.F_P100.B.value=Product

etc...

thanks,

-cmotor

@ExuroOct 23.2004 — #[i]Originally posted by cmotor [/i]

[B]The problem is that hackers can copy and change the prices from the source code and then re-upload the page and order at fraud prices.[/B][/QUOTE]

That's always going to be a problem with PayPal, so you'll just have to check the price for each order and make sure it's right as you're processing it.

@thedosmannOct 24.2004 — #Are you not comfortable with SSL?

@cmotorauthorOct 24.2004 — #SSL is not the concern here. There are two other problems.

1 Spam robots can pick up my email address from one of the hidden form fields.

2 Hackers/Fraudsters can open the page source, change the prices, re-upload the page, and place orders at cheaper prices.

The obvious way around this is to check my orders to ensure that the prices are correct before sending any orders. But I would prefer not to have to deal with this annoyance in the first place.

Hope this is clear.

-cmotor

@theuedimasterOct 24.2004 — #hmmm....for this problem there really is no solution. The only thing I can think of is when they click a "buy now" button they are sent to an intermediate page for a milisecond which then sends the form information to paypal. Or you could include a php page or html page which declares javascript variables and php variables, these won't be seen when looking at the source of the page. THat might work actually.

Also in #JavaScript _↴

differentiating pop up, pls help!!Need help moving to external .js How To Set A Simple Cookie Based on Content CSS Show/Hide Settings?

Success!

Help @cmotor spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 5.23,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...

shopping cart script

7 Comments(s) _↴

Also in #JavaScript _↴

Success!

Social

Version

shopping cart script

7 Comments(s) ↴

Also in #JavaScript ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

7 Comments(s) _↴

Also in #JavaScript _↴