Can the custom value of paypal payment form be changed by the user before or during the payment?
Question
I'm using the paypal's IPN method in order to check the paypal payments.
But , I'm using a custom value in each payment form ( <input type="hidden" name="custom" value="ForCandies"> ) so I can see the type of the payment in the ipn checking process.
Can the user change the custom value ? because If he can do that then it means the system is compromised.
I'm using some Sql queries in the IPN checking process and everything depends on the custom value.
Thanks in advance,
1 answers
solution1
0 ACCPTED 2013-03-03 21:24:06
With Website Payments Standard: Yes. Buyers can change this.
Because you're sending the data via <form> , the buyer can change this client-initiated behaviour and manipulate the value for the 'custom' input.
With PayPal Express Checkout: No, buyers cannot change this because Express Checkout does not use a <form> ; instead it relies solely on server-to-server API calls over which the buyer does not have any influence.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.