php - Exploit on HTTPS, how change https form valueGet the solution ↓↓↓
When the payment confirmation comes back from the gateway you should check that the actual amount paid matches the amount that should have been paid. Only then has the user paid. It's fine to post prices along with your form but it must always be checked upon completion.
If the pricing / discount information is hidden on the DOM (via hidden inputs, for example), manipulating the DOM using Chrome's "Developer's Toolbar" or Firefox's "Firebug" is trivial, allowing for any end user to make changes to those hidden inputs without reprieve.
Never trust the values that come on the form, the value must be always be set\validated on the server side. From what I gathered you are passing the value as a hidden field on the form, and the user is simply altering that.
Share solution ↓
Link To Answer People are also looking for solutions of the problem: sqlstate: integrity constraint violation: 1452 cannot add or update a child row: a foreign key constraint fails
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.