Page 1 of 1

Just a question about paypal.

Posted: Thu Sep 03, 2009 9:21 am
by synical21
At the end stages of my website i want money to be put onto a user account via paypal. The only way i understand to do this is to create a button, go through the details then have a automatic direction at the end back to your site. Now that could be http://www.mysite.com/processmoney.php

Then run a script to update the table where user = current user with money....

Thats the only way i can think of and it doesnt seem safe or unexploitable. Can anyone advise me on what to do with this kind of thing?

Re: Just a question about paypal.

Posted: Fri Sep 04, 2009 11:26 am
by kaisellgren
The processor must lie somewhere where accessible. Anyone can indeed forge false requests, but PayPal has the ability to tell you whether some requests were valid or not. Simply put, you ask PayPal whether this X payment was processed, if PayPal answered Yes, then you can do your updates. See: https://cms.paypal.com/us/cgi-bin/?cmd= ... de_samples