我正在建立一个使用贝宝处理付款的网站。
实现结帐表单的最简单方法是创建一个 HTML 表单,直接提交到 paypal,发送订单详细信息并将用户重定向到 paypal 以完成交易。
但是,此过程存在安全漏洞。客户可以编辑提交给贝宝的信息,例如将结账价格更改为 0.00 美元。
处理这种情况的公认方法是什么?是否将表单提交回我的服务器,然后在 PHP 中进行一些处理,然后将经过验证的数据提交到贝宝并将用户重定向到贝宝?这可能吗?
谢谢!
问问题
281 次
1 回答
1
There are two main ways to handle this issue.
The first is somewhat like what you outline: You send the filled in form to PayPal, and provide a callback-url. When PayPal has processed the payment, they will call your provided url, and you can check whether or not the information given in that call is the same as what you provided. For this to work, you need to store the information in the meantime, like in a database. You will then only give access to the product after the validation has happened.
You can also encrypt the information you send to PayPal, making it practically impossible to alter information in your form.
See https://www.x.com/developers/paypal for details.
于 2011-09-12T18:39:54.350 回答