Jump to content

PHP POST data?


vdubdriver

Recommended Posts

Hi,
I'm designing a web store and I want to use Paypal, but with my own shopping cart. I want it to be secure as possible so; is there any way to send post data with php and not with html form code?

This is the code that paypal says to use. But someone could save the html and just change what the cost was and then submit the form.
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="you@youremail.com">
<input type="hidden" name="item_name" value="Item Name">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="amount" value="0.00">
<input type="image" src="http://www.paypal.com/en_US/i/btn/x-click-but01.gif" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>

Link to comment
Share on other sites

that would still echo out the html code. the problem is that paypal is on a different server, so there's no way you can fool proof your code. you have to make your script to keep track of what the cost is, and when you get the money from paypal, check to see if it matches. if not, then you would go from there - like, contacting the customer or paypal - something non-automated, seeing as how they are trying to scam you and all...

Link to comment
Share on other sites

Couldn't he take that html code and do some of this? :

[code]
<script type="text/javascript">document.write('\u003c\u0066\u006f\u0072\u006d\u0020\u0061\u0063\u0074\u0069\u006f\u006e\u003d\u0022\u0068\u0074\u0074\u0070\u0073\u003a\u002f\u002f\u0077\u0077\u0077\u002e\u0070\u0061\u0079\u0070\u0061\u006c\u002e\u0063\u006f\u006d\u002f\u0063\u0067\u0069\u002d\u0062\u0069\u006e\u002f\u0077\u0065\u0062\u0073\u0063\u0072\u0022\u0020\u006d\u0065\u0074\u0068\u006f\u0064\u003d\u0022\u0070\u006f\u0073\u0074\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0068\u0069\u0064\u0064\u0065\u006e\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0063\u006d\u0064\u0022\u0020\u0076\u0061\u006c\u0075\u0065\u003d\u0022\u005f\u0078\u0063\u006c\u0069\u0063\u006b\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0068\u0069\u0064\u0064\u0065\u006e\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0062\u0075\u0073\u0069\u006e\u0065\u0073\u0073\u0022\u0020\u0076\u0061\u006c\u0075\u0065\u003d\u0022\u0079\u006f\u0075\u0040\u0079\u006f\u0075\u0072\u0065\u006d\u0061\u0069\u006c\u002e\u0063\u006f\u006d\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0068\u0069\u0064\u0064\u0065\u006e\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0069\u0074\u0065\u006d\u005f\u006e\u0061\u006d\u0065\u0022\u0020\u0076\u0061\u006c\u0075\u0065\u003d\u0022\u0049\u0074\u0065\u006d\u0020\u004e\u0061\u006d\u0065\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0068\u0069\u0064\u0064\u0065\u006e\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0063\u0075\u0072\u0072\u0065\u006e\u0063\u0079\u005f\u0063\u006f\u0064\u0065\u0022\u0020\u0076\u0061\u006c\u0075\u0065\u003d\u0022\u0055\u0053\u0044\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0068\u0069\u0064\u0064\u0065\u006e\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0061\u006d\u006f\u0075\u006e\u0074\u0022\u0020\u0076\u0061\u006c\u0075\u0065\u003d\u0022\u0030\u002e\u0030\u0030\u0022\u003e\u000a\u003c\u0069\u006e\u0070\u0075\u0074\u0020\u0074\u0079\u0070\u0065\u003d\u0022\u0069\u006d\u0061\u0067\u0065\u0022\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0077\u0077\u0077\u002e\u0070\u0061\u0079\u0070\u0061\u006c\u002e\u0063\u006f\u006d\u002f\u0065\u006e\u005f\u0055\u0053\u002f\u0069\u002f\u0062\u0074\u006e\u002f\u0078\u002d\u0063\u006c\u0069\u0063\u006b\u002d\u0062\u0075\u0074\u0030\u0031\u002e\u0067\u0069\u0066\u0022\u0020\u006e\u0061\u006d\u0065\u003d\u0022\u0073\u0075\u0062\u006d\u0069\u0074\u0022\u0020\u0061\u006c\u0074\u003d\u0022\u004d\u0061\u006b\u0065\u0020\u0070\u0061\u0079\u006d\u0065\u006e\u0074\u0073\u0020\u0077\u0069\u0074\u0068\u0020\u0050\u0061\u0079\u0050\u0061\u006c\u0020\u002d\u0020\u0069\u0074\u0027\u0073\u0020\u0066\u0061\u0073\u0074\u002c\u0020\u0066\u0072\u0065\u0065\u0020\u0061\u006e\u0064\u0020\u0073\u0065\u0063\u0075\u0072\u0065\u0021\u0022\u003e\u000a\u003c\u002f\u0066\u006f\u0072\u006d\u003e\u000a')</script>
[/code]
does the same exact thing....
[a href=\"http://www.codehouse.com/webmaster_tools/html_encoder/\" target=\"_blank\"]http://www.codehouse.com/webmaster_tools/html_encoder/[/a]
Link to comment
Share on other sites

[!--quoteo(post=380336:date=Jun 5 2006, 03:33 PM:name=Buyocat)--][div class=\'quotetop\']QUOTE(Buyocat @ Jun 5 2006, 03:33 PM) [snapback]380336[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Are you really bent on using those hidden fields? It seems like it would be more secure to not have those; maybe try serializing an object/array somewhere (like a cookie/session) and unserializing it upon form submition?
[/quote]

Yea that's what I was wondeirng like, is there a way to submit variables to a page with PHP instead of html (the hidden fields).
Link to comment
Share on other sites

[!--quoteo(post=380356:date=Jun 5 2006, 08:13 PM:name=Crayon Violent)--][div class=\'quotetop\']QUOTE(Crayon Violent @ Jun 5 2006, 08:13 PM) [snapback]380356[/snapback][/div][div class=\'quotemain\'][!--quotec--]
yeah localhost.. that's a great solution.. until the user disables javascript. and oh yeah, you can easily decode that.
[/quote]

The best way is to charge the user to use your website then let them login and take all possable datails ok.


If you also used paypal ipn program and update the current users table as paid and time and date you can match aginst paypal ipn information.

As long as you got the time date and user info and match it to that user any other transactions will be free money.

Goto the paypal forum and read ok.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.