How do I pass the variables below to the address below
when someone calls the function below?


VARIABLES:

var business=sales@screamingleather.com
var item_name=Product
var item_number=P100
var amount=50.00
var quantity1=1
var cmd=_cart
var no_note=1
var currency_code=USD

F_P100() {

WHAT GOES HERE??????????????
ADDRESS TO PASS VARIABLES TO: https://www.paypal.com/cgi-bin/webscr
METHOD=post
TARGET=paypal



}


Thanks,
-cmotor

You're supposed to use <input /> elements to communicate to PayPal, not JavaScript. Here's an example:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="business" value="sales@screamingleather.com" />
<input type="hidden" name="item_name" value="Product" />
<input type="hidden" name="item_number" value="P100" />
<input type="hidden" name="amount" value="50.00" />
<input type="hidden" name="cmd" value="_cart" />
<input type="hidden" name="no_note" value="1" />
<input type="hidden" name="currency_code" value="USD" />
<p>Product Name</p>
<p>
<label for="qauntity">Quantity:</label>
<input type="text" id="quantity" name="quantity" value="1" />
</p>
<p><input type="submit" value="Add To Cart" />
</form>

NO.

That is exactly what I am tring to avoid doing. The problem is that hackers can copy and change the prices from the source code and then re-upload the page and order at fraud prices. I want to move the code into a separate file (protected with htaccess) and let javascript pass the variables. All those variables need to be out of hackers reach/site.

Now, if anyone knows how this can be done please let me know. I want to call the script with an event handler which will act as my add to cart button.

Thank you,

cmotor

Okay, how about this way instead:

I want to keep the field name element and it's value hidden from the html code. I have replaced those elements with anonymous characters. I would like a script that switches the anonymous characters with the real name and value when the form is submitted. Does this question make sense?

<form name=F_P100 action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="A" value="AA">
<input type="hidden" name="B" value="BB">
<input type="hidden" name="item_number" value="P100">
<input type="hidden" name="amount" value="50.00">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="add" value="1">
<a href="#" onClick="F_RS1001.submit()">submit</a>

document.F_P100.A=business
document.F_P100.A.value=sales@screamingleather.com

document.F_P100.B=item_name
document.F_P100.B.value=Product
etc...


thanks,
-cmotor

Originally posted by cmotor
The problem is that hackers can copy and change the prices from the source code and then re-upload the page and order at fraud prices.

That's always going to be a problem with PayPal, so you'll just have to check the price for each order and make sure it's right as you're processing it.

Are you not comfortable with SSL?

SSL is not the concern here. There are two other problems.

1 Spam robots can pick up my email address from one of the hidden form fields.

2 Hackers/Fraudsters can open the page source, change the prices, re-upload the page, and place orders at cheaper prices.

The obvious way around this is to check my orders to ensure that the prices are correct before sending any orders. But I would prefer not to have to deal with this annoyance in the first place.

Hope this is clear.

-cmotor

hmmm....for this problem there really is no solution. The only thing I can think of is when they click a "buy now" button they are sent to an intermediate page for a milisecond which then sends the form information to paypal. Or you could include a php page or html page which declares javascript variables and php variables, these won't be seen when looking at the source of the page. THat might work actually.