1

What's the best way to dynamically generate an "Add to Cart" PayPal button in PHP? My idea is to take the basic HTML code and simply echo the required variable but I'm not sure if it's the most secure way...

<form name="_xclick" action="https://www.paypal.com/cgi-bin/webscr" method="post">
    <input type="hidden" name="cmd" value="_xclick">
    <input type="hidden" name="business" value="me@mybusiness.com">
    <input type="hidden" name="currency_code" value="NZD">
    <input type="hidden" name="item_name" value="<?=$name?>">
    <input type="hidden" name="amount" value="<?=$price?>">
    <input type="image" src="http://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif"
        border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>

(Code above from PayPal's Advanced Techniques page)

4

1 回答 1

2

Doing it that way isn't very secure because people can still view source and see the end-result on your page. Then they could take that, make changes to it, load it in their own browser and pay you for an item at a much lower price.

You can utilize IPN to help flag orders that don't look accurate by cross-references your pricing, but this can be a hassle.

You could use the Button Manager API to generate your buttons as hosted buttons on PayPal. This way people can't see the details in the source code and wouldn't be able to make changes.

Alternatively, you could use the Express Checkout API which is what I prefer and recommend if you know how to work with web service API's.

于 2013-01-18T22:43:34.430 回答