Jump to content


This topic is now archived and is closed to further replies.


Security Advice

Recommended Posts

I'm currently setting up a little shop that uses PayPal as a payment system. I've searched online and on the board and found enough information to get going. The way certain things are done worry me though. Any help with any of these would be appreciated.

1. It seems as though the payment is completed before the user clicks the 'continue' button which leads back to my site. If for some reason the user did not make it back to the site, the database cannot be effectively updated in regards to the order. This seems to go against the concept of a transaction to me.

2. Sending data initially to PayPal through hidden form variables. I've read this is not a good way to do it, and I don't like the idea of anyone being able to view this information. Would it be better to send the vars through a socket (which is the only other post data solution I've come across) in some sort of Order class?

3. I've written a Basket class with a getTotal() function. I could send this to PayPal, but then the entire basket is counted as a single item, and this might confuse users. Is there a way around this?

These are my three main concerns (particularly #1). If anyone is familiar with this stuff, are there any other security considerations I should be making? This is the first time I've done anything involved a payment system, and I want it to be as safe as possible.

Thanks in advance for any help on this.

Share this post

Link to post
Share on other sites
1) After payment, behind the scenes PayPal fires off the transaction to your script. Your script has to handle IPN transactions and update your database. It has nothing to do with the continue button being pressed or not.

2) There's other ways, like using cURL. A good tutorial link is below.

3) Don't understand this point so I can't comment. Maybe somebody else will address it.

PayPal PHP IPN tutorial:
[a href=\"http://www.zend.com/zend/tut/tutorial-paypal.php\" target=\"_blank\"]http://www.zend.com/zend/tut/tutorial-paypal.php[/a]

IPN test sites:
[a href=\"http://www.eliteweaver.co.uk/testing/ipntest.php\" target=\"_blank\"]http://www.eliteweaver.co.uk/testing/ipntest.php[/a]
[a href=\"http://www.optioninsight.com/IPNtestbed.html\" target=\"_blank\"]http://www.optioninsight.com/IPNtestbed.html[/a]

Horror stories of using PayPal:
[a href=\"http://nopaypal.com/forums/\" target=\"_blank\"]http://nopaypal.com/forums/[/a]

Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.