Figure 9-2. The PayPal shopping cart
?– Caution When receiving a payment, you need to carefully check that the received amount correctly
reflects the sum of the ordered products. Since the entire shopping cart data is passed via either forms or
URLs, it??™s very easy for anyone to add a fake product to the shopping cart or an existing product with a modified
price. This can be done simply by fabricating one of those PayPal Add to Cart links and navigating to it.
You can read a detailed article about this problem at http://www.alphabetware.com/pptamper.asp.
When using shopping cart URLs like PayPal??™s, you need to control the length of the product
names and attributes, although it??™s unlikely that you could end up with URLs that are so
long that they can??™t be handled by web browsers. The page at http://www.boutell.com/newfaq/
misc/urllength.html shows an interesting analysis of maximum URL lengths accepted by the
most popular web browsers.
CHAPTER 9 ?– RECEIVING PAYMENTS USING PAYPAL 254
For TShirtShop, we??™ll be using forms to create the View Cart button and URLs to create the
Add to Cart buttons. You can see these buttons in Figure 9-3.
Figure 9-3. TShirtShop with Add to Cart and View Cart buttons
To overcome PayPal??™s limitation of two attributes per product, we include all product attribute
values into a single PayPal attribute.
Pages:
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371