stackoom
  简体   繁体   中英

How could I protect my paypal form

 原文  2012-09-30 19:04:35       php/ ajax/ api/ paypal

Question

I'm new to the paypal API, I read an article today that says : It's very simple for a bad guy to change the value of inputs in the paypal form (like the amount).

So instead of putting my code in the html markup, I decided to bring it via the ajax as the following : 

<div id="result"></div>


$.post({'action.php', {}, function(data)
{
   $('#result').html(data);

}, , 'html');

in my page action.php, I put this simple code : 

<?php
     echo '<input type="hidden" name="amount" value="99">';
?>

My question is : In this case, could bad folks change the value of this input ?

Thanks

1 answers

solution1
 2 ACCPTED  2012-09-30 19:06:04

Yes, of course they could.

Using the web developer tools that come with the browser, or with firebug, they can change values of hidden fields or of JavaScript values before the AJAX call.

You are adding a very thin layer of obfuscation that anyone with web development experience can easily get through.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to protect form data on my site? How do I protect my AJAX services? How can i protect my laravel authentication How can I protect my PHP code? How to protect user edit paypal button ? How to protect sensitive pages for paypal payment processing? How to protect my PHP API if I want to sell my script? How can I protect a form processor script file? How can I protect password on PHP Symfony form Why is Paypal giving an error when I run my subscription form?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM