[ic] Setting order discount using JavaScript
Stefan Hornburg Racke
interchange-users@interchange.redhat.com
Mon May 13 09:30:19 2002
Scott Kennedy <scott@custweb.com> writes:
> On Mon, 13 May 2002 cfm@maine.com wrote:
>
> |On Sun, May 12, 2002 at 10:19:49PM -0500, Scott Kennedy wrote:
> |> I'm trying to set a discount for the entire order using a combination of
> |> JavaScript and Perl. The code is on the checkout page which may be found at,
> |>
> |> http://neatway.com/cgi-bin/altchoice/index.html
> |>
> |
> |Be careful that a visitor cannot alter that javascript and post the
> |page with his own discount. That's a pretty common hack to many
> |carts that carry pricing in the page.
>
> Good point. Anything I can do to help prevent this?
Ignore the price given by the CGI parameters and calculate it on the
server side again.
Ciao
Racke
--
Think of it !
For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: info@cobolt.net; Phone: 0041-1-3884400)