using paypals html api is safe?

Posted by ajsie on Stack Overflow See other posts from Stack Overflow or by ajsie
Published on 2010-04-01T10:43:18Z Indexed on 2010/04/01 10:53 UTC
Read the original article Hit count: 349

Filed under:
|

im trying out paypals html api where you specify price, item_name, customer information and so on in the html:

    <form action="https://www.paypal.com/cgi-bin/webscr" method="post" id="payPalForm">

        <input type="hidden" name="cmd" value="_cart" />
        <input type="hidden" name="upload" value="1" />

        <input type="hidden" name="no_note" value="1" />
        <input type="hidden" name="business" value="[email protected]" />
        <input type="hidden" name="currency_code" value="SEK" />
        <input type="hidden" name="return" value="http://freelanceswitch.com/payment-complete/" />

        <input type="hidden" name="tax_rate" value="25" />

        <input type="hidden" name="item_name_1" value="Apple Macpro" />
        <input type="hidden" name="item_number_1" value="01 - Product 1" />
        <input type="hidden" name="amount_1" value="25000" />

        <input type="hidden" name="item_name_2" value="Apple Macbook" />
        <input type="hidden" name="item_number_2" value="02 - Product 2" />
        <input type="hidden" name="amount_2" value="12500" />

        <input type="hidden" name="item_name_3" value="Apple Macbook Air" />
        <input type="hidden" name="item_number_3" value="03 - Product 3" />
        <input type="hidden" name="amount_3" value="12500" />

        <input type="submit" name="Submit" value="Submit" />

    </form>

when the user clicks submit it takes him/her to paypals payment page.

but doesn't this mean that a hacker could change the order by manipulating the html code?

i can´t figure out how paypal prevents this security problem.

© Stack Overflow or respective owner

Related posts about paypal

Related posts about api