-2

I need some help and concept of PayPal payment integration. I have following to send order / payment data to PayPal:

        Dim sString As String

        sString = "https://www.paypal.com/cgi-bin/webscr?"
        sString += "cmd=_xclick"
        sString += "&business=" & BusinessEmail
        sString += "&email=" & UserEmail
        sString += "&address_override=1"
        sString += "&currency_code=" & CurrencyCode
        sString += "&invoice=" & InvoiceNumber

        sString += "&item_name=" & PlanName
        sString += "&item_number=" & ItemNumber
        sString += "&quantity=1"
        sString += "&amount=" & TotalAmount
        sString += "&handling=0"
        sString += "&display=1"

        sString += "&first_name=" & Firstname
        sString += "&last_name=" & LastName
        sString += "&address1=" & AddressLine1
        sString += "&address2=" & AddressLine2
        sString += "&city=" & CityTitle
        sString += "&state=" & State
        sString += "&zip=" & Postcode
        sString += "&lc=" & CountryISO

        sString+= "&notify_url=" & notify_url

        Response.Redirect(sString)

This is working OK but as it is passing as query-string it reveals all parameters, is there anyway I can encrypt this?

Can anyone suggest a better way to integrate PayPal? How can I get payment confirmation?

Many thanks for help

Agnel Amodia
  • 765
  • 8
  • 18
Geo Concepts
  • 177
  • 3
  • 13
  • Possible duplicate of [Is an HTTPS query string secure? Answer: Yes](https://stackoverflow.com/questions/323200/is-an-https-query-string-secure) – Erik Philips Feb 01 '18 at 22:52

1 Answers1

0

is there anyway I can encrypt this?

You should encrypt the query string, but PayPal URL is https so it is protected.

Can anyone suggest a better way to integrate PayPal?

You need default protocol to be TLS 1.2 due to PayPal requirement. I also would like to suggest you to use StringBuilder. 

StringBuilder builder = new StringBuilder();
builder.Append("https://www.paypal.com/cgi-bin/webscr?");
....

// PayPal requires TLS 1.2
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Response.Redirect(builder.ToString());

How can I get payment confirmation?

PayPal will send confirmation email to you after the payment is received.

Win
  • 61,100
  • 13
  • 102
  • 181
  • Thanks for your help. Anyone can see the query string params and modify ! i.e. change the amount ! Do I need to encrypt the string? – Geo Concepts Feb 01 '18 at 23:42
  • No one cannot see the query string, since the connection is HTTPS. – Win Feb 01 '18 at 23:47
  • oh, may be I am making some mistake sending the query to PayPal because I can see the query params in plain English in browsers url bar !! – Geo Concepts Feb 01 '18 at 23:50
  • It is how PayPal Standard work. If you do not like it, you will have to use PayPal Gateways. – Win Feb 01 '18 at 23:54