We have a payment successful page where we read the query string ?paid=yes.
If paid=yes then we show the payment sucessfull message etc. Otherwise payment failed.
What's the best way to:
-
Validate ?paid=yes query string is valid? In other words, how can we stop people from manually manipulating query string ?
-
Set query string expiry time or set attempt (max 1)?
Thanks.
Aucun commentaire:
Enregistrer un commentaire