Community Forums 

Main Content

Prevent price manipulation

    Oct 10 2008 02:50:42



    Join date : 2008-10-09      Posts : 2

    Maybe I'm missing something, but how do I make sure shoppers don't manipulate prices? With a url like "...add.cfm?userid=bla&product=Test&price=9" it's of course child's play to change it and put a $1 item in the cart. With some simple tools form posts can be changed too. The person fulfilling the order would have to double check all prices paid?

    Oct 10 2008 18:14:38



    Join date : 2008-09-20      Posts : 16

    Hi Mischa,

    You are correct, it is a simple matter for someone with basic HTML skills to adjust a price.

    I use ZoomOrders which can validate an item price against the internal Inventory database price. It will toss up a warning if the price on the order is different from expected.

    ZoomOrders is only for the free cart and it has not been updated in a long time so it has some wrinkles to live around, but it does validate the price perfectly.


    Oct 13 2008 16:46:57



    Join date : 2008-10-09      Posts : 2

    Thanks Dave! I just wanted to make sure I didn't overlook anything. Judging from the posts here not many people seem to have actually had problems with this. It might have made sense for Mal to be a bit more upfront about this gaping security hole though...

    Oct 16 2008 10:41:10



    Join date : 2008-10-16      Posts : 1

    We were sent a mail today by someone detailing a way to submit modified carts using a browser plugin. I assume the same advice applies here, to carefully check all orders.

    Oct 16 2008 10:47:50


    Mal Stewart

    Join date : 2008-09-18      Posts : 139

    You can use Link validation if you want:

    but most merchants check their orders so it isn't a problem.


    Mal's E-commerce Ltd