Menu
I am building a PayPal checkout form with KnockoutJS on the frontend and the PayPal-PHP-SDK on the backend.
The checkout sends shopping cart data in json via AJAX. There is no sensitive user data sent, only itemsID, item options and the item amounts. PHP on the server has all the matching prices, sanitizes the received json and sums up the totals, checks in with the PayPal API and returns an approval url. User gets redirected to that URL.
The AJAX call on the checkout:
$.ajax({
url: "process.php",
type: 'POST',
data: jsonData,
success: function(data){
location = data;
},
error:function(){
$("#status").html('There is error while submit');
}
});
Is this secure enough? What are other common best practices when dealing with ajax calls and PHP?
427
If no explicit personal data is being sent then there should be no issue.But keep in mind that it is always best to send a HTTPS/SSL request when working with payments and personal data for security purposes.
But Ajax post calls are basically the same as a form submit, so if you think the normal form submit is not secure enough, then the ajax call will be no different.
124
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
