question, how would I handle Product->Paypal->Purchase->Mysql_add_credit->update_table
So, a customer buys "Credits/Points" he'd go to the website, login. Click Buy Credits, then hed be directed to a paypal page to pay for the credit ammount he desires . I got that far now I need a method to update his credit count in the database. I can have him redirected to http://www.site.com/purchase/success...edit&ammout=40. But heres the problem... if he refreshes he can add credits with out paying or he can set http://www.site.com/purchase/success...ammount=400000 and give himself as many credit points as he wants! grr im stuck
To make it well and truly secure I'd upon them clicking the amount of credits wanted, store that number temporarily in the database along with their user id ( assuming your system has one for each user ) and send THAT off PayPal and weather you had them redirected to a page with the ID at the end or sent back in the post-back data it'd be secure.
Of course, you need to verify they paid the amount which correlates to their points. They could just edit their post data and pay a dime for 400000 credits.
Following possible scenario:
Person tries to randomly guess ID's, won't work because his user id is not tied to the ID in the table.