Paypal支付安全
[英]Payment Security of Paypal
问题描述
I want to use Paypal services and I am in the testing procedure and using Sandbox, but the confusing issue is that when a user purchases a product from my website and is later redirected to my 'Success' page by Paypal, I receive the data with 'Querystring' and only from there I am able to read the data. 
我想使用Paypal服务,我正在测试程序并使用Sandbox,但令人困惑的问题是,当用户从我的网站购买产品并稍后通过Paypal重定向到我的“成功”页面时,我收到的数据是'Querystring',只有从那里我才能读取数据。 I believe that this is wrong, because 'Querystring' can be changed and modified very easily. 我认为这是错误的,因为'Querystring'可以很容易地改变和修改。 I would like to know how can I be certain that the 'Querystring' which I have received, belongs to a user who has made a payment via the purchasing request. 我想知道我怎么能确定我收到的'Querystring'属于通过购买请求付款的用户。
string redirecturl = "";
redirecturl += "https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_xclick&business=" + ConfigurationManager.AppSettings["paypalemail"].ToString();
redirecturl += "&first_name=erfanpj";
redirecturl += "&city=stockholms";
redirecturl += "&state=stockholms";
redirecturl += "&item_name=" + l1.Text;
redirecturl += "&amount=" + l3.Text;
//redirecturl += "&business=erfanpj@ymail.com";
redirecturl += "&shipping=5";
redirecturl += "&handling=5";
redirecturl += "&tax=5";
redirecturl += "&quantity=1";
redirecturl += "¤cy=USD";
redirecturl += "&return=" + ConfigurationManager.AppSettings["SuccessURL"].ToString();
redirecturl += "&cancel_return=" + ConfigurationManager.AppSettings["FailedURL"].ToString();
Response.Redirect(redirecturl);
}
Moreover, I am very eager to know what exactly does the 'notify_url' and 'paypal-ipn' parameter do. 此外,我非常渴望知道'notify_url'和'paypal-ipn'参数究竟是做什么的。 Any feedback from the respectful readers here would be highly appreciated. 尊敬的读者在此提出的任何反馈都将受到高度赞赏。
Regards, 问候,
1 个解决方案
解决方案1
4 2012-09-06 17:31:51
From your question I'm not sure you have a good understanding of the PayPal purchase process. 根据您的问题,我不确定您是否对PayPal购买流程有很好的了解。
First, you should use PayPal generated buttons (made in your PayPal account) that are encrypted and prevent the user from changing the parameters on the purchase page. 首先,您应该使用加密的PayPal生成按钮(在您的PayPal帐户中创建),并防止用户更改购买页面上的参数。
Second, upon a transaction the PayPal IPN will POST (over SSL) to a page on your webserver that you have designated. 其次,在交易时,PayPal IPN将POST(通过SSL)发送到您指定的网络服务器上的页面。 Here you can extract the details of the purchase. 在这里,您可以提取购买的详细信息。 ( C# example on PayPal IPN handler ) You should make sure the response is VERIFIED , verify the receiver email address is your email address, and the transaction amount is correct in the IPN handler prior to fulfilling the order. ( PayPal IPN处理程序上的C#示例 )您应该确保响应已经过VERIFIED ,验证接收方电子邮件地址是您的电子邮件地址,并且在完成订单之前IPN处理程序中的交易金额是正确的。 (More code samples are at PayPal Code Samples .) (更多代码示例在PayPal代码示例中 。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.