CODEWITHSUNDEEP
phppaypal
Muaaz Khalid
Muaaz Khalid

Reputation: 2249

PayPal Secure way to process order

I'm currently developing a website that uses PayPal for order processing.. This is the html form I'm using so far for testing purpose

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">

<select name="amount">
<option value="3.99">6 Months ($3.99)</option>
<option value="5.99">12 Months ($5.99)</option>

</select>
<br>
<input name="currency_code" type="hidden" value="USD">
<input name="shipping" type="hidden" value="0.00">
<input name="tax" type="hidden" value="0.00">
<input name="return" type="hidden" value="urlOnValidPayment">
<input name="cancel_return" type="hidden" value="UrlOnCancelPayment">
<input name="notify_url" type="hidden" value="URLForValidationPayement">
<input name="cmd" type="hidden" value="_xclick">
<input name="business" type="hidden" value="your e-mail">
<input name="item_name" type="hidden" value="name of the object">
<input name="no_note" type="hidden" value="1">
<input type="hidden" name="no_shipping" value="1">
<input name="lc" type="hidden" value="EN">
<input name="bn" type="hidden" value="PP-BuyNowBF">
<input name="custom" type="hidden" value="custom data">
<input type="image" src="https://www.paypalobjects.com/en_US/CH/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/fr_FR/i/scr/pixel.gif" width="1" height="1">
</form>

But, I've noticed that, this method is not secure for ordering purpose. it can be only used for donation purpose. Because, user may return to the url in "notify_url" field without paying. blah blah.. Am I right? Or is there any way to make it secure?

Upvotes: 0

Views: 98

Answers (1)

Drew Angell
Drew Angell

Reputation: 26056

You can reconcile the item amount within an IPN script, but this can be more trouble than its worth in my opinion. Since you're already working with PHP I'd recommend using the Express Checkout API instead of standard payment buttons. This makes everything much more secure and allows you to fully integrate without any limitations.

You can take a look at my PHP class library for PayPal if you want. It'll make the API calls very simple for you. Specifically, you'd be looking at SetExpressCheckout, GetExpressCheckoutDetails, and DoExpressCheckoutPayment.

Upvotes: 1

Related Questions