have you checked out the pay pal ipn?
a wicked little tool
it posts to you, you add something, you post back you them and get a valid or invalid response. then you do a little checking and handle the order as you want to. that way you know the customer has paid and don't have to worry about people hacking hidden form fields to find out your redirect page as pp stores all this on their backend.
had it tested, working and online on over 3,000 dynamic pages in about 8 hours. since then been buzzing of where the orders are coming from. now got customers in china, spain, america, france, isreal, all over!
just click on the merchant tools buttons and they've got some cut n paste php you can use. only downer is the testing has to be done on live sales, we put soo many tests through our credit card company rang to ask if the card had been stolen. you can refund em for free tho.
apologies if sucking and eggs springs to mind.
hth
