[ic] checking for valid payment method

Jeff Dafoe interchange-users@icdevgroup.org
Tue Oct 8 09:47:02 2002


Hello,

    What would the proper way to prevent customers from checking out without
an order profile?  Through some erroneous coding of ord/checkout, I
accidentally caused the page to render without any mv_order_profile hidden
field.  A user then was able to check out without entering any payment
information and the transaction table's payment_method is blank for that
transaction.  I would like to prevent this behavior so that someone doesn't
remove the hidden field from my html and then start submitting bogus orders.
I assume this is done through etc/profiles.order, perhaps in the
checkout_profile area, but I would like to have more confidence in my
solution.  I am thinking the solution might be to make the field "required"
in the checkout_profile although I am wondering what the behavior would be
if an invalid profile were submitted.  I could check to make sure the
mv_order_profile is set to one of the allowed values.
    Just a pointer to some information or a brief idea would be great.

Thanks,
Jeff