堆栈内存溢出
  简体   繁体   English

jQuery是在电子商务站点中处理产品差异计算的可接受方法吗?

[英]Is jQuery an acceptable method to process product variation calculations in an E-Commerce site?

 原文  2013-05-23 14:21:36       javascript/ jquery/ paypal/ e-commerce

问题描述

I'm creating a very simple store with literally one product where the user can choose different options and, dependant on the options selected, this will generate the total cost for the item. 我正在使用一种产品创建一个非常简单的商店,用户可以在其中选择不同的选项,并且根据所选的选项,这将产生该商品的总成本。 So for example, if the user selects the red variant, the price will increase by 5%, if the user selects the blue variant then the price will increase by 10%. 因此,例如,如果用户选择红色变体,价格将增加5%,如果用户选择蓝色变体,则价格将增加10%。

Currently I'm making the calculations with jQuery and then passing them to an empty field which is then posted to a payment gateway. 目前,我正在使用jQuery进行计算,然后将其传递到一个空字段,然后将其发布到付款网关。 Is this method safe? 这种方法安全吗? Theoretically, a user could open up Firebug or Chrome Developer Tools and edit the value (to zero) before posting it to the gateway but couldn't this apply to similar methods of product variation calculations? 从理论上讲,用户可以在将其发布到网关之前打开Firebug或Chrome开发者工具并编辑该值(为零),但这不适用于类似的产品差异计算方法吗? I'm trying to figure out whether or not this is an issue, but is there a better way? 我试图弄清楚这是否是一个问题,但是有更好的方法吗?

3 个解决方案

解决方案1
 2 已采纳  2013-05-23 14:31:49

This is definitely an issue, as you said yourself a user can modify the values. 这绝对是一个问题,因为您说自己用户可以修改值。

  • So, you would show a price to the user on the client side, it doesn't matter how the value is generated because it will never be trusted by the server and will never be passed to the payment gateway. 因此,您将向客户端的用户显示价格,该值的生成方式无关紧要,因为它将永远不会被服务器信任,也永远不会传递给支付网关。

  • User presses "buy now", is redirected to the payment gateway, but via your own server first. 用户按下“立即购买”,被重定向到支付网关,但首先通过您自己的服务器。 The server should validate the product and calculate the price. 服务器应验证产品并计算价格。

  • The final price (calculated by your own server) will be shown to the user at point of payment. 最终价格(由您自己的服务器计算)将在付款时显示给用户。

On the client side you could either continue to generate the values with JQuery, or have the server return them via an AJAX request. 在客户端,您可以继续使用JQuery生成值,或者让服务器通过AJAX请求返回它们。 But this would only be for user experience, the values could not be trusted. 但这仅是出于用户体验,不能信任这些值。

解决方案2
 1  2013-05-23 14:28:18

After a PayPal payment been proceed, PayPal sends IPN (Instant Payment Notification) message to the url you specify.You have to resend it to verify if the message is original from paypal. 继续进行贝宝付款后,贝宝会向您指定的网址发送IPN (即时付款通知)消息。您必须重新发送该消息,以验证消息是否来自贝宝。 After that, to be sure the user payed the right amount of money you get the values from IPN (it may come with user Id. transaction ID and so on...) and check them with your DataBase. 之后,为确保用户支付了正确的金额,您可以从IPN获取值(该值可能与用户ID,交易ID等一起提供),并与您的数据库进行检查。

Some useful links: 一些有用的链接:

More about IPN 有关IPN的更多信息

Paypal Developers Guide 贝宝开发人员指南

Pyapal IPN Pyapal IPN

Rule number one in e-commerce website: Never trust Users So, this is the right process: 电子商务网站中的第一条规则:永远不要信任用户因此,这是正确的过程:

After calculations with jQuery and then passing them to an empty field which is then posted to a payment gateway, store the user name/id, transaction, and amount in database. 使用jQuery计算后,将其传递到一个空字段,然后将其发布到付款网关,将用户名/标识,交易和金额存储在数据库中。 Create method that verify, the stored values with the IPN response from paypal. 创建使用Paypal的IPN响应验证存储值的方法。

If values match, payment succeed. 如果值匹配,则付款成功。 Else, mark it for later hand verification(you should store the id so it is easier to find on paypal). 否则,将其标记以供以后手动验证(您应该存储ID,以便在Paypal上更容易找到)。

解决方案3
 1  2013-05-23 14:31:28

If you choose this method, you sholud probably store product configuration (like string represenetaion od JSON or comma delimited field, etc.) in a hidden field, calculate the price (client or server side) and show price only as an information to a customer. 如果选择此方法,则可能会将产品配置(例如JSON中的字符串表示形式或逗号分隔的字段等)存储在隐藏字段中,计算价格(客户端或服务器端),并且仅将价格显示为对客户的信息。

When he submits the configuration, validate it and calcuclate pice again on server. 当他提交配置时,请对其进行验证并再次在服务器上计算pice。

That way customer could change the configuration (trough Firebug or so), but could not change the price since it is calculated based on a configuration. 这样,客户可以更改配置(通过Firebug左右),但是由于基于配置计算价格,因此无法更改价格。

Well, that is how i would do it. 好吧,这就是我会做的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Laravel中的电子商务 - E-commerce in Laravel 如何使用HTML CSS设计响应式电子商务产品卡 - How to design a responsive e-commerce product card with html css 如何防止黑客在电子商务中修改产品价格 - How to prevent hackers from modifying the product price in e-commerce 如何仅使用javascript索引电子商务网站 - How to index e-commerce site using javascript only 电子商务网站上使用 vue.js 的独立组件 - Standalone component on a e-commerce site using vue.js 按商品价格对电子商务网站上的商品排序? - Sort items on e-commerce site by item price? 将 JavaScript 变量传递给 PHP,然后传递给 woo commerce 电子商务网站中的购物车和订单项 - Pass JavaScript variable to PHP and then to cart and order line items in woo commerce powered e-commerce site Google电子商务跟踪 - Google E-Commerce Tracking 我正在为客户开发电子商务网站,他们如何更新商店中的商品? - I'm developing an e-commerce site for a client, how do they update items on the shop? GA-电子商务未跟踪商品 - GA - E-commerce not tracking items
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM