Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m using the standard php paypal form for payments on my e-commerce app.
I noticed that people with just firebug can change the paypal form data before sending the request for paying by the “PAY NOW” button.
So I’m wondering, is it a “standard” to have a payment’s form that can be “edited” by a newbie :/ ?
What we can do to prevent this?
This isn’t a huge security risk, as you should be checking what was actually paid anyway! Anyone can post data to anything. It has little to do with your form, or even Firebug.
You can store that button information on PayPal’s server, but then it cannot be dynamically generated. There is an option for this when you use their wizard to create the button code for you.