just wondering if there is a easy safe way to secure some webpages.

i have a payment facility on my site which is linked through paypal. when the member has paid they are taken back to my site "thanks your payment has been successful page", once its went to this page the item is no longer listed on my site.

now i have found away people can mess with this using the url. this means people can change just a few digits in the url and and mess the listings up on my site.

after payment has been made the member is redirected to:-

mydomain.com/class/thanks_paypal.php?myprod_id=78&MemberID=11

this means i could over ride the id (78) with another id (80) (90) etc etc, this would then mean these items would show as sold and come off my site.

is there away to either hide my url: so it only shows the following mydomain.com/class/

or is there another way to make it more secure,thanks

kvarnerexpress

Change the action of the form from GET to POST and then use $_POST['variable'] rather than $_GET. This will hide the information being sent and it can't be changed by the user.

Post forms would be better, as previously stated. You could also use hidden inputs if you have to take it through several pages:

If you also want secure as in payment and such, then you have to buy a certificate.