|
Note:
Any information passed through the customer's browser
can potentially be modified by the customer, or even by third parties to
fraudulently alter the transaction data. Therefore all transactional
information should not be passed through the browser in
a way that could potentially be modified (e.g. hidden form fields).
Transaction data should only be accepted once from a browser at the
point of input, and then kept in a way that does not allow others
to modify it (e.g. database, server session, etc.). Any transaction
information displayed to a customer, such as amount, should be passed
only as display information and the actual transactional data should be
retrieved from the secure source last thing at the point of processing
the transaction.
Fields like return links back to the order page (AgainLink),
titles, and any other non-transactional information are only included
here in the example for information purposes. They do not apply to the
transaction and should not be included in production code orders.
|