android6011 Posted July 2, 2009 Share Posted July 2, 2009 I have a website built and a shopping cart, I am signed up for PayPal payment standard and have a form all setup to pass the form to paypal as described on their website, like below <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_cart"> <input type="hidden" name="upload" value="1"> <input type="hidden" name="business" value="kmeemail@yahoo.com"> <input type="hidden" name="item_name_1" value="Stugdgdg3000 "> <input type="hidden" name="amount_1" value="100.00"> <input type="hidden" name="item_name_2" value="LOLn 6000 volt"> <input type="hidden" name="amount_2" value="1400.00"> <input type="submit" value="PayPal"> </form> everything works and is submitted as designed, but my concern is the form is susceptible to be changed by hackers. Is there a way to protect against that? Is there a way to just have php submit the data behind the scenes? Anyone else working on a setup like this? Quote Link to comment Share on other sites More sharing options...
ldougherty Posted July 2, 2009 Share Posted July 2, 2009 Unfortunately there is no sure fire way to protect form data as the results can always be changed regardless of the form type GET or POST. The only real way to protect is to check the data on the receiving side and I'm sure since the form submits to paypal that they have security measures in place to ensure the data doesn't get changed. Quote Link to comment Share on other sites More sharing options...
android6011 Posted July 3, 2009 Author Share Posted July 3, 2009 PayPal doesnt check if its changed because it doesnt know what to check it against unless you pay for their premium service. I would really like to just be able to submit the form with php so i know that its not changed, ive read about socket connections, but I'm not sure how I would go about using one to submit all those values etc Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.