Shopping cart - prevent someone from editing product prices

rlalande

Hi,

I built a php shopping cart last year, and things are working quite well. But this morning, someone put in an order where he had edited the prices ridiculously low.

He probably just did a "view source", then edited the price info in the html forms, and saved it to his desktop. Then all he needed to do was to add the product he edited to the shopping cart.

My question is this: How do I prevent this?

I'm thinking there's probably a way to check the URL referrer when someone adds a product to the cart and verify that it's from my domain.

Anyone know of an easy way to do that?

Thanks

Rock

laserlight

This is the classic mistake of relying on the client to provide correct data. Rather, the server should store the prices and only rely on the stored prices.

rlalande

Thanks for the tip... it makes very good sense. I used to have a 3rd party shopping cart, so I kinda built my cart using the same type of form data.

This will require lots of tinkering, but it's a very good solution.

Thanks!