E-commerce transaction - PHP
Question
I have not worked with web technologies, so this may seem like a naive question.
I am trying to fix one of the issues on our webpages, this page is responsible for creating and sending an e-commerce transaction to sagepay. The problem is, all the fields it has are filled via _GET variable; which a user can easily modify on the URL before a transaction is actually made. An option would be to go via _POST, but it is still possible to modify and avert actual charges.
Hence i am looking for a mechanism which can help me pass this variables securely across to another page or perhaps the same page even. I am considering using a database to temporarily store these values, but i would like to hear what is the optimal way of going about such a problem.
1 answers
solution1
1 2011-06-09 10:52:34
You should keep them either in the database or in the SESSION variable.
In e-commerce charges, sub total, grand total etc generally stored in the database with the other required info such as items, quantity in the form of an order.
You could keep them in session variable and when customer say Payment, You can store those values in database as order.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.