I have already seen a few questions like this. But I wanted to get an overall opinion on some of these questions, combined!
I understand how IPN works and how you can listen to make sure it comes from paypal.
My main wonder is if I am going to dynamically generate paypal buttons using the code:
<form name="_xclick" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="[email protected]">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="item_name" value="Teddy Bear">
<input type="hidden" name="amount" value="12.99">
<input type="image" src="http://www.paypal.com/en_US/i/btn/btn_buynow_LG.gif" border="0" `enter code here`name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>
From the paypal developer site: https://www.paypal.com/cgi-bin/webscr?cmd=_pdn_xclick_techview_outside
Is it safe to use this? I was reading up on another post saying it is unsafe since the variables can be tampered with. Do I need to encrypt the form?
Cheers,
Nick
I'm just going to answer my OWN question. The solution is to just compare the "item_name" and "amount" variables and make sure they are exactly the same if say I generated using a database. And if someone tampers it and pays me $1.00 instead of $100.00 then thats a free donation and bad luck for them :P
What I will be doing is this:
Simple! I like it! WOO!